We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

File photo AP/PA Images
Data Protection Commission

Facebook told it can no longer send user data from EU to US

The social media giant said the Data Protection Commission told it the key mechanism it uses to transfer data to the US “cannot in practice be used”.

FACEBOOK HAS BEEN told the way in which it transfers data from the European Union to the United States can no longer be used.

The social media giant said the Irish Data Protection Commission (DPC) told it the key mechanism it uses to transfer data to the US “cannot in practice be used”.

In a statement, Facebook said it believed the mechanism, Standard Contractual Clauses (SCCs), was deemed valid by the Court of Justice of the European Union in July.

The Wall Street Journal has reported that the DPC’s order cites concerns over US government surveillance practices, saying Europeans have no effective way to challenge such surveillance.

In a blog post, Nick Clegg, Facebook’s VP of Global Affairs and Communications, stated that the DPC has “commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers”.

“While this approach is subject to further process, if followed, it could have a far reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on.

“A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from COVID-19. The impact would be felt by businesses large and small, across multiple sectors.”

Clegg said Facebook “will continue to transfer data in compliance with the recent CJEU ruling and until we receive further guidance”.


Clegg added that efforts to establish a framework for data protection “will need to recognise that EU Member States and the US are both democracies that share common values and the rule of law, are deeply culturally, socially and commercially interconnected, and have very similar data surveillance powers and practices”.

The Wall Street Journal yesterday reported that the DPC sent the preliminary order late last month, asking for the company’s response.

To comply with the order, Facebook would likely have to re-engineer its service to silo off most data it collects from European users, or stop serving them entirely, at least temporarily. If it fails to comply with an order, the DPC has the power to fine Facebook up to 4% of its annual revenue, or $2.8 billion (about €2.4 billion), the WSJ reported.

A spokesperson for the DPC told it would not be commenting on the matter.

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Your Voice
Readers Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel