Facebook's EU-US data transfer mechanism 'cannot be used', Irish regulator says
10 September, 2020
The key mechanism used by Facebook to transfer data from the European Union to america "cannot in practice be utilized" for such transfers, according to Ireland's Data Protection Commission, Facebook said on Wednesday.
The key mechanism employed by Facebook to transfer data from europe to america "cannot in practice be utilized" for such transfers, according to Ireland's Data Protection Commission, Facebook said on Wednesday (Sep 9).
The US social media giant said in a blog post that it believed the mechanism, Standard Contractual Clauses (SCCs), have been deemed valid by the Court of Justice of europe in July, adding:
"We will continue steadily to transfer data in compliance with the recent CJEU ruling and until we receive further guidance."
Facebook said the Irish Data Protection Commission, Facebook's lead regulator in the EU, had "commenced an inquiry into Facebook manipulated EU-US data transfers, and has suggested that SCCs cannot in practice be utilized for EU-US data transfers".
The Wall Street Journal reported that the Commission had sent Facebook a preliminary order to suspend transfers to america of data about users in europe.
A spokesman for the Commission declined to touch upon the report.
The transatlantic argument is due to EU concerns that the surveillance regime in america might not respect the privacy rights of EU citizens when their personal data is delivered to america for commercial use.
Facebook said that, as the Commission's approach was subject to further process, "if followed, it might have a significant influence on businesses that depend on SCCs and on the web services many persons and businesses depend on".
"PRIVACY SHIELD"
Europe's highest court in July ruled that the key transatlantic data transfer deal hammered out between Brussels and Washington - Privacy Shield - was invalid because of concerns about US surveillance.
However the judges upheld the validity of the transfer mechanism referred to as Standard Contractual Clauses (SCCs).
These are used by a large number of companies to transfer Europeans' data around the world for services ranging from cloud infrastructure, data hosting, payroll and finance to marketing.
However, the court stressed that under SCCs, privacy watchdogs must suspend or prohibit transfers beyond your EU if data protection in other countries cannot be assured.
Austrian privacy activist Max Schrems, who brought the legal proceedings, said at that time that meant companies that fall under U.S. surveillance laws, such as for example Facebook, could not use the clauses to shift data to america.
In its post, Facebook said that "the rationale in invalidating Privacy Shield has yet created significant uncertainty - not merely for all of us tech companies".
It said it was setting out its position about how to proceed with international data transfers in a European Data Protection Board taskforce considering how to apply the CJEU ruling.
It said it had been also putting "robust safeguards" in destination to protect user data, such as for example "industry standard encryption and security measures, and comprehensive policies governing how we respond to legal requests for data".
Source: www.channelnewsasia.com
TAG(s):