As a partner in Morrison & Foerster’s privacy and data security group, Serwin is chairman of the board of the National Cyber Forensic Training Alliance, which deals with threat mitigation. He is an advisor to the Naval Postgraduate School’s Center for Asymmetric Warfare. It’s a busy practice.
“I don’t usually sit down and wonder what am I going to do today,” he said, laughing.
Among his clients is the Republic of Ireland’s data protection commissioner, who retained him to serve as an independent foreign law expert in a case that has now reached the European Union’s Court of Justice.
The issue was European concerns about allegedly inadequate U.S. data privacy protections and whether contract clauses issued by authorities in Europe allowing for the transfer of personal data from the EU to the U.S. are valid. The complainant is an Austrian privacy activist, Max Schrems, the founder of the European Center for Digital Rights. Schrems previously successfully challenged the validity of another cross-border transfer mechanism, the safe harbor framework, resulting in its invalidation.
Schrems sued over the contract clause issue in Ireland, the EU headquarters of Facebook, his ultimate target, seeking suspension of data flows from Facebook Ireland to Facebook in the U.S. due to surveillance by intelligence agencies of Facebook-held data. The case remains in litigation and is headed both to the Irish Supreme Court and the EU’s Court of Justice. Preliminary rulings questioned Facebook’s privacy protections. Data Protection Commissioner v. Facebook Ireland, IEHC 414 (High Court of Ireland, filed June 25, 2013).
A court finding that trans-Atlantic data transfer protocols are flawed could seriously impact multinational business activity. Even now, legal clashes demonstrate the precarious nature of the transfer system. Serwin noted that Special Counsel Robert Mueller has gotten an OK by the U.S. Supreme Court to fine an unnamed European company $50,000 per day while it resists a subpoena for information the company says it cannot provide under the laws of its home country.
“These cases potentially gum up the smooth flow of commerce,” Serwin said.
“In Europe, data protection is considered a fundamental human right,” he added. “In the U.S., data is primarily a commercial property issue. The systems are radically different. You’re meshing different sets of values, and that’s where things start to go off the rails.”
Serwin’s 17-page report to the Irish court concluded that remedies for EU citizens in U.S. courts are available, but are subject to standing and other complex requirements.
“My evidence was a key part of the trial court’s opinion,” he said. “Now we’ll see what the higher courts say.”
– John Roemer
For reprint rights or to order a copy of your photo:
Email
jeremy@reprintpros.com
for prices.
Direct dial: 949-702-5390
Send a letter to the editor:
Email: letters@dailyjournal.com