Debate over data privacy reaches next level as Facebook’s transfers to the US are pushed up the legal ladder
The Irish data protection watchdog has referred Facebook’s data transfer practices to the United States, to the Court of Justice of the European Union (CJEU).
It comes after CJEU last October suspended the Safe Harbour agreement that allowed data-sharing between the EU and the US for the past 15 years. It ruled against the long-standing agreement as it felt it no longer sufficiently protected European information against US surveillance, in light of the Edward Snowden revelations.
Soon after the agreement suspension, the Irish data protection watchdog confirmed it was undertaking an official investigation in the social networking giant’s data transfers.
Ireland is acting as Europe’s lead body to the CJEU decision. This is because Facebook’s EU headquarters is in Dublin, and therefore it is regulated by the Irish Data Protection Commissioner (IDPC).
This fact prompted Austrian lawyer Max Schrems to bring his privacy case against Facebook to the Irish data protection watchdog in late 2012.
The IDPC said it would ask the Court of Justice of the European Union (CJEU) to determine the validity of Facebook’s “model contracts” – common legal arrangements used by thousands of firms to transfer personal data outside the 28-nation EU.
“We yesterday informed Mr Schrems and Facebook of our intention to seek declaratory relief in the Irish High Court and a referral to the CJEU to determine the legal status of data transfers under standard contractual clauses,” the IDPC was quoted by Reuters as saying.
Since the CJEU struck down the Safe Harbour agreement, companies transferring data to the United States have had to rely on individual contracts and other clumsy measures to make sure they are in compliance with strict EU data privacy rules.
Matters have not been helped by the fact that the replacement for the Safe Harbour agreement, known as the Privacy Shield, faces a number of challenges, most notably the fact that it has not been endorsed by European data protection watchdogs.
Despite the problems with the proposed Privacy Shield agreement, the hope is that it will be up and running by the end of June this year.
“Thousands of companies transfer data across borders to serve their customers and users,” a spokeswoman for Facebook told Reuters.
“The question the Irish DPC plans to raise with the court regarding standard contract clauses will be relevant to many companies operating in Europe,” she said.
The Facebook spokeswoman also said that the company has a number of legal ways of moving data to the United States.
What do you know about privacy? Try our quiz!