It follows his victory last October when the EU’s highest court declared the “Safe Habour” deal used by companies to transfer data from the EU to the US breached European data protection rights.
Following the ruling, companies such as Facebook, Google and Amazon turned to alternative methods of governing data transfers – called “model contract clauses”.
But these clauses could soon face the same fate as Safe Habour after data protection investigators in Ireland – where Facebook is based – recommended that the Irish courts also refer the case to the same Court of Justice of the European Union (CJEU).
In a draft decision sent to Schrems Tuesday night, the Irish Data Protection Commissioner outlined concerns that the “clauses” did not offer EU citizens the opportunity to challenge US companies if they feel their rights have been violated.
If the CJEU make the same judgement on the model contract clauses as they did on Safe Habour, it will have repercussions for some of the world’s biggest companies.
It will also raise questions about the new data transfer deal – called Privacy Shield – being worked out between the EU and US to replace Safe Habour, which will likely run into the same legal problems recognised by the Irish investigators.
“This is a very serious issue for the US tech industry and EU-US data flows,” 28-year-old Schrems said in a statement, adding that he doubts the court that 'killed Safe Habour' would validate the new contracts.”
“All data protection lawyers knew that model contracts were a shaky thing, but it was so far the easiest and quickest solution they came up with,” he added. “As long as the US does not substantially change its laws I don’t see how there could be a solution.”