Facebook has purchased itself slightly extra time over a significant felony problem in Europe after the Irish High Court determined no longer to strike down a b2b mechanism it makes use of to transfer consumer data to the U.S. for processing. Rather the court mentioned as of late that it will refer felony questions over so-called Standard Contractual Contracts (SCCs) to Europe’s top court, the ECJ, for a initial ruling.
This way it will take round 1.five years earlier than there’s a judgement, and Facebook can proceed to use SCCs in the intervening time as an alternative of being pressured to droop those data transfers.
The problem to Facebook’s use of SCCs was once introduced by European privateness campaigner and attorney Max Schrems. He had at the start complained to the Irish data coverage commissioner (DPC), asking it to droop data flows in Facebook’s case. But whilst the DPC agreed there are felony questions over the mechanism it determined to refer the problem to the High Court to believe the legality of SCCs as an entire.
The five-week court listening to in what’s a posh case delving into element on US surveillance operations came about in February. The court issued its ruling as of late.
The 153-page ruling begins by noting “this is an unusual case”, earlier than going into an in depth dialogue of the arguments and concluding that the DPC’s considerations in regards to the validity of SCCs must be referred to the European Court of Justice for a initial ruling.
Schrems could also be the person liable for bringing, in 2013, a felony problem that in the end struck down Safe Harbor — the felony mechanism that had oiled the pipe for EU-US private data flows for fifteen years earlier than the ECJ dominated it to be invalid in October 2015.
Schrems’ argument had focused on U.S. executive mass surveillance methods, as disclosed by the use of the Snowden leaks, being incompatible with elementary European privateness rights. After the ECJ struck down Safe Harbor he then sought to follow the similar arguments towards Facebook’s use of SCCs — returning to Ireland to make the grievance as that’s the place the corporate has its European HQ.
It’s price noting that the European Commission has since changed Safe Harbor with a brand new (and it claims extra powerful) data transfer mechanism, known as the EU-US Privacy Shield — which is now, as Safe Harbor was once, used by 1000’s of companies. Although that too is going through felony demanding situations as critics proceed to argue there’s a core downside of incompatibility between two distinct felony regimes the place EU privateness rights collide with US mass surveillance.
Schrems’ Safe Harbor problem additionally began within the Irish Court earlier than being in the end referred to the ECJ. So there’s greater than slightly felony deja vu right here, particularly given the newest building within the case.
In its ruling at the SCC factor, the Irish Court famous US ombudsperson place created beneath Privacy Shield to deal with EU electorate lawsuits about corporations’ dealing with in their data isn’t sufficient to conquer what it described as “well founded concerns” raised by the DPC in regards to the adequacy of the protections for EU electorate data.
(Although, in an extra irony, an enduring ombudsperson has but to be appointed by the Trump management.)
The actual questions that will to be referred by the court to the CJEU will be determined at a later date this month.
Making a video commentary out of doors court in Dublin as of late, Schrems mentioned the Irish court had brushed aside Facebook’s argument that america executive does no longer adopt any surveillance.
In a written commentary at the ruling Schrems added: “I welcome the judgement by the Irish High Court. It is vital impartial Court out of doors of america has summarized the details on US surveillance in a judgement, after diving thru greater than 45,000 pages of paperwork in a 5 week listening to.
“I am of the view the Standard Contractual Clauses are perfectly valid, as they would allow the DPC to do its job and suspend individual problematic data flows, such as Facebook’s. It is still unclear to me why the DPC is taking the extreme position that the SCCs should be invalidated Facebook across the board, when a targeted solution is available. The only explanation that I have is that that they want to shift the responsibility back to Luxembourg instead of deciding themselves.”
On Facebook, he additionally mentioned: “In simple terms, US law requires Facebook to help the NSA with mass surveillance and EU law prohibits just that. As Facebook is subject to both jurisdictions, they got themselves in a legal dilemma that they cannot possibly solve in the long run.”
We’ve reached out to Facebook for remark and will come with the corporate’s reaction when now we have it.
Europe’s influential Article 29 Working Party, which is made up of representatives from all of the data coverage government of the Member States, has up to now voiced considerations about SCCs — and has ongoing considerations about Privacy Shield.
The latter mechanism underwent its first annual overview by EU officers in america ultimate month — and a record is due this month. Although the EC, which drove the method to substitute the defunct Safe Harbor, was once fast to profess itself publicly glad with what it has observed.
Featured Image: Twin Design/Shutterstock