Ireland’s supreme court on Friday dismissed a bid by Facebook to block a landmark data security case from progressing to the European Court of Justice.
The top European court in Luxembourg is now set to hear the case in July, answering questions on whether the personal information of EU citizens is afforded adequate protection from American government surveillance during EU-US data transfers.
“We are grateful for the consideration of the Irish Court and look ahead to the Court of Justice of the European Union to now decide on these complex questions,” Facebook said in a statement.
The case stems from a 2013 complaint from Austrian privacy lawyer Max Schrems, following the revelations by US whistleblower Edward Snowden.
Schrems raised concerns that the data of European Facebook users was being accessed by US surveillance programmes such as the PRISM system described in Snowden’s disclosures.
In 2017, Ireland’s high court ruled that the US government engaged in “mass indiscriminate processing of data” and deferred concerns to the European Court of Justice.
Facebook then lodged an appeal with the supreme court of Ireland — where the social media giant’s international headquarters is located — which was dismissed on Friday.
“Facebook likely again invested millions to stop this case from progressing,” Schrems said in a statement.
“It is good to see that the Supreme Court has not followed Facebook’s arguments that were in total denial of all existing findings so far.”
“We are now looking forward to the hearing at the Court of Justice in Luxembourg.”
Facebook is already under the spotlight following its role in the Cambridge Analytica data scandal.
After revelations from a whistleblower, it was shown that tens of millions of users had their personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.
The California-based firm is also being probed by Ireland’s Data Protection Commission over numerous potential breaches of stringent European privacy laws outlined in the new General Data Protection Regulation (GDPR).