The High Court has ruled that issues raised by the Data Protection Commissioner about the way data is transferred between the EU and countries outside the EU, should be referred to the Court of Justice of the European Union.

The case arises from a complaint by an Austrian lawyer, Max Schrems, who said his data privacy rights were breached by the transfer of his personal data by Facebook's European Headquarters in Ireland to its US parent company.

US law allows such data to be accessed and processed by state agencies in the interests of national security.

The data of EU citizens is much more stringently protected by the Charter of Fundamental Rights. 

Ms Justice Caroline Costello said the Data Protection Commissioner had raised well founded concerns that there was an absence of an effective remedy in US law compatible with the Charter, for EU citizens whose data is transferred to the US where it is then at risk of being accessed and processed by US state agencies.

She said her ruling did not reflect value judgments on the way the US dealt with data protection and surveillance by government agencies. 

Ms Justice Costello said it was not the function of the court to criticise the laws of a sovereign state or to pronounce on the relative merits of the laws of the United States and the European Union and she did not do so in her judgment.

The judge said she would now hear submissions from the parties about the questions to be referred to the Court of Justice. 

The matter will be mentioned in the High Court again in a week's time when a date will be set for those submissions.

Outside court, Mr Schrems said he was pleased with the referral to the CJEU.

The Data Protection Commissioner has also said she is very pleased with today's High Court ruling.

Helen Dixon said this was a case that was essentially about the protection of European's personal data when they are interacting with internet services.

She said there are a lot of internet companies with headquarters here in Ireland.

She said it was critically important, given that data protection is a fundamental right that Europeans' rights travel with the data.

Ms Dixon said people need to have utmost confidence that when we are using internet services our data is protected no matter what country or jurisdiction the data flows to.

Equally, she said it is important that data free flows happen - a lot of trade and jobs depend on data free flows.

She said they believe that both the global digital economy and the highest standards of data protection can both be achieved.

She said they hope that the European Court of Justice will now bring clarity to these issues.

Ms Dixon said essentially the outcome would be much greater certainty for users and internet companies alike.

She said that while today's judgment meant nothing has been invalidated – what is at issue here are the legal transfer mechanisms for data out of Europe to other jurisdictions.

She said when the Court of Justice of the European Union struck down the Safe Harbour agreement in 2015, it invalidated it straight away and it could no longer be used as a mechanism.

She said undoubtedly, if legal transfer mechanisms are shut down by the Court of Justice it could potentially have very significant implications.