#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 14°C Friday 23 April 2021

Facebook launches High Court challenge to DPC's order to suspend EU-US data transfers

The DPC told Facebook this week to stop transferring data belonging to European Union users to the US.

Image: Shutterstock/Laura Hutton

FACEBOOK HAS LAUNCHED a High Court challenge to an order by the Data Protection Commission (DPC) telling the social media giant to suspend certain data transfers.

Earlier this week, The Wall Street Journal reported that the DPC had sent Facebook the preliminary order to stop transferring data belonging to EU users to the US.

Facebook itself also said that the DPC had told the company that a mechanism it uses to transfer data from the EU to the US “cannot in practice be used”.

A blog post by the company’s head of global affairs Nick Clegg stated that Facebook believed Europe’s highest court had found the mechanism, known as Standard Contractual Clauses (SCCs), to be valid under a ruling made in July.

Papers filed in the High Court yesterday show that Facebook Ireland has now initiated a judicial review of the DPC’s preliminary order.

It is understood that the company believes the order was made prematurely, without regulatory guidance about how to apply the European Court of Justice’s (ECJ) ruling.

“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” a spokeswoman for Facebook said in a statement to TheJournal.ie.

“We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”

A spokesman for the Data Protection Commission declined to comment.

ECJ ruling

The case is the latest episode in a long legal battle that culminated in the ECJ’s finding in July, when it ruled that the arrangement used by Facebook to protect EU citizens’ personal data when it is transferred to the US – known as Privacy Shield – is invalid.

That ruling came on foot of a case by Austrian privacy campaigner Max Schrems, who complained to the DPC – the regulator for Facebook in Europe – about the social media giant’s use of standard contractual clauses (SCC) to transfer personal data to the US.

Under US law, some companies can provide data to the US government for surveillance programmes, including Apple, Microsoft, Facebook, Google and Yahoo.

However under the EU’s Charter of Fundamental Rights, every citizen is entitled to have their personal data protected, which is underpinned by GDPR.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

Schrems has sought to highlight the gulf between these two things.

SCCs are used by companies to transfer data to countries where the General Data Protection Regulation (GDPR) does not apply.

In its ruling, the ECJ said that although SCCs were still valid, the Privacy Shield agreement was not.

A European Data Protection Board taskforce has since been established to consider how to apply the court’s ruling.

Comments have been closed for legal reasons.

Read next: