Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now

Facebook told it can no longer send user data from EU to US

The social media giant said the Data Protection Commission told it the key mechanism it uses to transfer data to the US “cannot in practice be used”.

File photo
File photo
Image: AP/PA Images

FACEBOOK HAS BEEN told the way in which it transfers data from the European Union to the United States can no longer be used.

The social media giant said the Irish Data Protection Commission (DPC) told it the key mechanism it uses to transfer data to the US “cannot in practice be used”.

In a statement, Facebook said it believed the mechanism, Standard Contractual Clauses (SCCs), was deemed valid by the Court of Justice of the European Union in July.

The Wall Street Journal has reported that the DPC’s order cites concerns over US government surveillance practices, saying Europeans have no effective way to challenge such surveillance.

In a blog post, Nick Clegg, Facebook’s VP of Global Affairs and Communications, stated that the DPC has “commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers”.

“While this approach is subject to further process, if followed, it could have a far reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on.

“A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from COVID-19. The impact would be felt by businesses large and small, across multiple sectors.”

Clegg said Facebook “will continue to transfer data in compliance with the recent CJEU ruling and until we receive further guidance”.


Clegg added that efforts to establish a framework for data protection “will need to recognise that EU Member States and the US are both democracies that share common values and the rule of law, are deeply culturally, socially and commercially interconnected, and have very similar data surveillance powers and practices”.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

The Wall Street Journal yesterday reported that the DPC sent the preliminary order late last month, asking for the company’s response.

To comply with the order, Facebook would likely have to re-engineer its service to silo off most data it collects from European users, or stop serving them entirely, at least temporarily. If it fails to comply with an order, the DPC has the power to fine Facebook up to 4% of its annual revenue, or $2.8 billion (about €2.4 billion), the WSJ reported.

A spokesperson for the DPC told it would not be commenting on the matter.

About the author:

Órla Ryan

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel