The Austrian privacy activist Max Schrems has sent complaints to the data protection agencies in three EU countries—Ireland, Germany, and Belgium—asking them to suspend the flow of personal data from Facebook's operations in Ireland to the US. This follows his earlier success at the Court of Justice of the European Union (CJEU), which ruled that the Safe Harbour framework under which personal data was being transferred was no longer valid because of mass surveillance of EU citizens by the NSA. Subsequently, the Irish High Court said that the Irish data protection commissioner (DPC) was obliged to investigate Schrems' earlier complaints.
His letter to the authorities in Ireland, where Facebook has its European headquarters, asks the Irish data protection agency "to suspend all data flows from 'Facebook Ireland Ltd' to 'Facebook Inc'." Schrems makes the same request to the data protection agencies in Germany and Belgium. In a release accompanying his complaints, Schrems explains why he has taken this unusual approach of involving several data protection agencies (DPAs): "My personal experience with the Irish DPC are rather mixed, which is why I felt involving more active DPAs make proper enforcement actions more likely. I hope the DPAs will cooperate in this case."
Schrems' unhappiness with the way the Irish DPC has dealt with his earlier complaints, and his fear that it still might not implement the CJEU ruling, is evident in a section of his new submission that is headed "Misconduct in public office." It contains the following extraordinary passage: