Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Laura Hutton
Data Protection

Facebook launches High Court challenge to DPC's order to suspend EU-US data transfers

The DPC told Facebook this week to stop transferring data belonging to European Union users to the US.

FACEBOOK HAS LAUNCHED a High Court challenge to an order by the Data Protection Commission (DPC) telling the social media giant to suspend certain data transfers.

Earlier this week, The Wall Street Journal reported that the DPC had sent Facebook the preliminary order to stop transferring data belonging to EU users to the US.

Facebook itself also said that the DPC had told the company that a mechanism it uses to transfer data from the EU to the US “cannot in practice be used”.

A blog post by the company’s head of global affairs Nick Clegg stated that Facebook believed Europe’s highest court had found the mechanism, known as Standard Contractual Clauses (SCCs), to be valid under a ruling made in July.

Papers filed in the High Court yesterday show that Facebook Ireland has now initiated a judicial review of the DPC’s preliminary order.

It is understood that the company believes the order was made prematurely, without regulatory guidance about how to apply the European Court of Justice’s (ECJ) ruling.

“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” a spokeswoman for Facebook said in a statement to TheJournal.ie.

“We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”

A spokesman for the Data Protection Commission declined to comment.

ECJ ruling

The case is the latest episode in a long legal battle that culminated in the ECJ’s finding in July, when it ruled that the arrangement used by Facebook to protect EU citizens’ personal data when it is transferred to the US – known as Privacy Shield – is invalid.

That ruling came on foot of a case by Austrian privacy campaigner Max Schrems, who complained to the DPC – the regulator for Facebook in Europe – about the social media giant’s use of standard contractual clauses (SCC) to transfer personal data to the US.

Under US law, some companies can provide data to the US government for surveillance programmes, including Apple, Microsoft, Facebook, Google and Yahoo.

However under the EU’s Charter of Fundamental Rights, every citizen is entitled to have their personal data protected, which is underpinned by GDPR.

Schrems has sought to highlight the gulf between these two things.

SCCs are used by companies to transfer data to countries where the General Data Protection Regulation (GDPR) does not apply.

In its ruling, the ECJ said that although SCCs were still valid, the Privacy Shield agreement was not.

A European Data Protection Board taskforce has since been established to consider how to apply the court’s ruling.

Comments have been closed for legal reasons.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.