The American Civil Liberties Union is asking tech companies to help push for surveillance reform in the U.S., warning that there is an added urgency now that newly elected President Donald Trump has demonstrated that he is hostile to the privacy of foreign travelers.
Late last week one of the ACLU’s staff attorneys was cross-examined in the High Court in Ireland as an expert witness in a piece of litigation focused on Facebook’s use of a data transfer mechanism to authorize its processing of Europeans’ data in the U.S. The court hearing started last Tuesday and is expected to last for three weeks.
The complaint against Facebook pivots on whether U.S. government surveillance activity undermines European privacy protections—as the region’s top court, the CJEU, previously ruled to be the case regarding a prior data transfer mechanism (Safe Harbor).
The Irish High Court is considering whether to refer similar concerns about the legal robustness of so-called Standard Contractual Clauses (SCCs)—an alternative mechanism for authorizing E.U.-U.S. personal data transfers—to the CJEU.
The Irish data-protection commissioner reached the conclusion in May 2016 that U.S. law does not adequately protect the data of Europeans and is therefore pushing for the referral to the CJEU.
Although Facebook is the focus of this particular case, the end result is going to have far-reaching consequences because other companies use SCCs as well, and if the mechanism were to fail, those businesses as well as Facebook would need to change how they operate in order to comply with European law.
From the ACLU blog:
The legal issues before the Irish High Court are complex, but what’s at stake is not. The case highlights just how easy it is for U.S. intelligence agencies to access Europeans’ data once it is transferred to the United States. And it highlights also just how few meaningful remedies are available in the United States to those who want to challenge NSA surveillance, whether they are Europeans or Americans. The fact that few individuals receive notice of surveillance, combined with the U.S. government’s repeated use of standing doctrine and the state secrets privilege to block court review, has put redress almost entirely out of reach.
If the European courts ultimately conclude that the U.S. surveillance regime lacks essential protections for E.U. citizens, companies like Facebook may have more difficulty transferring their users’ private data to the United States—at least until the U.S. adopts badly needed reforms to its surveillance laws.
The ACLU has several suggestions for how tech companies can push for stronger protections for their users’ data in the face of U.S. government spying, including:
- Actively lobbying members of Congress to reform our surveillance laws, especially Section 702, which is set to expire this year;
- Oppose efforts to expand U.S. surveillance powers or to weaken encryption, and;
- Push back against unilateral efforts by the Trump administration to strip away privacy protections for immigrants and foreigners.
The ACLU said on its blog, “Now that President Trump has the keys to the U.S. surveillance state, it’s more important than ever that tech companies work with us in the fight for surveillance reform.”