* New EU-U.S. data transfer pact entered into force in Aug
* Previous pact struck down by EU court on spying concerns
* Irish privacy group seeking annulment of Privacy Shield
By Julia Fioretti and Dustin Volz
BRUSSELS/WASHINGTON, Oct 26 (Reuters) - A widely expected legal challenge has been filed by an Irish privacy advocacy group to an EU-U.S. commercial data transfer pact underpinning billions of dollars of trade in digital services just two months after it came into force, sources said.
The EU-U.S. Privacy Shield was agreed earlier this year after the European Union’s highest court struck down the previous such framework for transferring Europeans’ private data to the United States on concerns about intrusive U.S. surveillance.
The framework gives businesses moving personal data across the Atlantic - from human resources information to people’s browsing histories to hotel bookings - an easy way to do so without falling foul of tough EU data transferral rules.
Digital Rights Ireland has challenged the adoption of the “Privacy Shield” by the EU executive - which negotiated the pact with Washington - in front of the second-highest EU court, arguing it does not contain adequate privacy protections, several people familiar with the matter said on Wednesday.
The case has been published on the website of the Luxembourg-based General Court - the lower court of the Court of Justice of the European Union (ECJ) - but says only it is an “action for annulment”. The case number is T-670/16.
Digital Rights Ireland declined to comment.
It will be a year or more before the court rules on the case and it could still be declared inadmissible if the court finds the Privacy Shield is not of direct concern to Digital Rights Ireland, two of the people said.
Individuals or companies may challenge EU acts before the EU courts if they are directly concerned within two months of the act coming into force.
“We are aware of the application (for annulment),” a spokesman for the European Commission said. “We don’t comment on ongoing court cases. As we have said from the beginning, the Commission is convinced that the Privacy Shield will live up to the requirements set out by the European Court of Justice (ECJ) which has been the basis for the negotiations.”
Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and have cast cross-border data transfers in a pall of uncertainty.
The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.
Companies had to rely on other more cumbersome legal mechanisms in the wake of the ECJ ruling invalidating Safe Harbour, the framework that for 15 years was used by over 4,000 companies for transatlantic data transfers.
More than 500 companies have signed up to the Privacy Shield so far, including Google, Facebook and Microsoft. (Additional reporting by Eric Auchard in London and Conor Humphries in Dublin; Editing by Mark Potter)