On June 25, 2013, Europe v. Facebook filed a formal complaint with the DPC against Apple Distribution International, Hollyhill Industrial Estate, Cork, Ireland (“Apple Ireland”) alleging that the revelations about the NSA’s Prism program showed that Apple Ireland was violating the Irish Data Protection Act and the European Data Protection Directive by transferring users’ data to Apple Inc. in the United States for processing. By letter dated July 27, 2013, the DPC dismissed the complaint on the ground that “[in the case of Apple Distribution International (“ADI”), we note that Apple Inc, USA acts as a data processor for ADI. We note also that Apple Inc, USA has a current ‘Safe Harbor’ self-certification entry.” The letter went on to state that, “We consider that an Irish-based data controller has met their data protection obligations in relation to the transfer of personal data to the U.S. if the U.S. based entity is “Safe Harbor’ registered. We further consider that the agreed ‘Safe Harbor” Programme envisages and addresses the access to personal data for law enforcement purposes held by a U.S. based data processor.”
Europe v. Facebook did not ask the Irish High Court to review the DPC’s decision.