* Irish regulator to probe EU-U.S. data transfers
* Follows EU court striking down data agreement
* Case brought after revelations about U.S. surveillance (Adds Schrems warning of difficulty in new EU data deal, Facebook decision not to be named in case)
By Conor Humphries
DUBLIN, Oct 20 (Reuters) - Ireland’s High Court on Tuesday ordered an investigation into Facebook’s transfer of European Union users’ data to the United States to make sure personal privacy was properly protected from U.S. government surveillance.
The court told the Irish Data Protection Commissioner to launch a probe following a landmark ruling by the European Court of Justice (ECJ) two weeks ago which struck down the Safe Harbour agreement that had allowed the free transfer of data between the European Union and the United States.
Both the ECJ decision and Tuesday’s ruling were the result of a challenge by Austrian law student Max Schrems, lodged after revelations in 2013 of the U.S. government’s Prism programme, which allowed authorities to harvest private information directly from big tech firms such as Facebook and Google.
The initial challenge was made in Ireland because Facebook has its European headquarters in Dublin and is regulated by the Irish Data Protection Commissioner. Tuesday’s ruling overturns the commissioner’s initial refusal to investigate on the grounds that it did not have jurisdiction over Safe Harbour.
The data commissioner’s office said in a statement it would now “proceed to investigate the substance of the complaint with all due diligence.”
Facebook said in a statement it had never been part of a programme to give the U.S. government direct access to its servers and said it would respond to enquiries by the Irish Data Protection Commissioner.
The ECJ ruling has thousands of U.S. and European companies mired in legal uncertainty over the transfer of personal data from Europe to the United States. That includes payroll and human resources information as well as data used for online advertising, which is of particular importance to tech firms.
Under EU data protection law, companies cannot transfer EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards.
A lawyer for Facebook had asked to voice the company’s opinion in the Irish case, but withdrew that request when the judge said any ruling would not go into detail as to how the regulator should conduct its investigation.
Schrems, who live-tweeted the ruling from the Irish court room, told journalists he expected the EU would have difficulty reaching consensus on a new framework due to disagreements between countries who want different levels of safeguards.
“In the end you will have to have a solution because it’s not possible that within a European market you have different approaches,” he said. (Editing by Padraic Halpin, Pravin Char and Mark Potter)