Facebook’s EU-US data transfer mechanism ‘cannot be used’, Irish regulator says
The key mechanism used by Facebook to transfer data from the European Union to the United States “cannot in practice be used” for such transfers, according to Ireland’s Data Protection Commission, Facebook said.
The U.S. social media giant said in a blog post that it believed the mechanism, Standard Contractual Clauses (SCCs), had been deemed valid by the Court of Justice of the European Union in July, adding:
“We will continue to transfer data in compliance with the recent CJEU ruling and until we receive further guidance.”
Facebook said the Irish Data Protection Commission, Facebook’s lead regulator in the EU, had “commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers”.
The Wall Street Journal reported that the Commission had sent Facebook a preliminary order to suspend transfers to the United States of data about users in the European Union.
The transatlantic argument stems from EU concerns that the surveillance regime in the United States may not respect the privacy rights of EU citizens when their personal data is sent to the United States for commercial use.
Facebook said that, while the Commission’s approach was subject to further process, “if followed, it could have a far reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on”.
Europe’s highest court in July ruled that the main transatlantic data transfer deal hammered out between Brussels and Washington – Privacy Shield – was invalid because of concerns about U.S. surveillance.