Facebook is appealing an order from the Irish privacy watchdog to end the standard clauses to allow data transfers between the EU and the US. This move by the watchdog follows the July ruling of the EU Court blocking data transfers to the US.
Among other Max Schrems shows that Facebook has started a business in Ireland. This is directed against the Data Protection Commission, the Irish privacy watchdog. This body has a major role in the data exchange issue between the EU and US, as Facebook has its European headquarters in Ireland. This is a preliminary decision by this privacy supervisor.
There had already been reports that the Irish DPC had taken this step. Nick Clegg, the former politician for the British Liberal Democrats party and now employed by Facebook as a public relations man and lobbyist, recently confirmed that the DPC had begun an investigation into data transfers from Facebook, indicating that the so-called standard contractual in practice clauses may no longer be used for data transfers from the EU to the US.
According to Clegg, this is not a good development, because in his view it can have far-reaching consequences for companies that depend on the standard clauses. He argues that a lack of secure and legal international data transfers will harm the economy in Europe. “In the worst case, this could mean that a small tech start-up in Germany can no longer use an American cloud provider,” says Clegg by way of example.
This is all the result of a July ruling by the European Court of Justice, which cut through Privacy Shield, the data exchange treaty between the EU and the US. According to the judges, that treaty is contrary to the privacy rules. The court did not prohibit the standard contractual clauses, but that means of making the transfers possible is also a problem in practice due to surveillance in the US.
The EU court considers the US surveillance programs present to be disproportionate, because they go beyond what is strictly necessary. European citizens would also have no rights that can be enforced in a lawsuit against the American authorities. These standard clauses were an EU-approved tool that allowed US companies to transfer data from EU citizens to the US for storage. The legality of this instrument depends on the circumstances and, in particular, whether there are effective mechanisms to ensure that the level of data protection desired by the EU is met. Because of the American surveillance programs, this will not soon be the case.
Max Schrems is an Austrian man who, with his noyb foundation, is responsible for the criticism of the privacy risks of the data transfers. His efforts sparked a lawsuit, which eventually resulted in the above-mentioned ruling of the Court of Justice. Schrems was previously also responsible for the lawsuit in which Safe Harbor was declared null and void. The Privacy Shield agreement replaced Safe Harbor, after the court previously banned this framework.