Facebook takes apt movement against Irish privacy watchdog
Facebook’s apt movement against the Data Protection Commission will strive and retain the company’s skill to transfer European electorate’ recordsdata to the US despite its decrease privacy protections
Sebastian Klovig Skelton ,
Published: 11 Sep 2020 17: 15
Facebook is calling for a judicial overview against the Irish Data Protection Commission (DPC) after receiving a preliminary whisper from the privacy watchdog to suspend its recordsdata transfers to the US.
The social media giant lodged the papers ex parte within the Irish High Courtroom on 10 September, which is in a situation to now be asked to take a look at the validity and legality of the DPC’s preliminary ruling that Long-established Contractual Clauses (SCCs) can’t be weak because the mechanism for transatlantic recordsdata transfers.
The European Courtroom of Justice (ECJ) introduced the legality of SCCs into seek recordsdata from when it dominated to strike down the Privateness Defend settlement in July, on the conception that it failed to be sure European electorate ample factual of redress when recordsdata is accrued by US intelligence providers and products.
Though the ECJ stumbled on SCCs were soundless legally legit, it dominated that companies occupy a accountability to be sure these they shared the records with granted privacy protections unprejudiced like these contained in EU legislation.
Austrian lawyer Max Schrems, who initiated the apt lawsuits that led to the ECJ’s landmark decision (colloquially identified as Schrems II), tweeted that Facebook’s decision to impress a judicial overview “reveals (a) how they’ll spend every opportunity to block a case, even before there is a call, and (b) how it is wholly illusionary to assemble this kind of case through in about a weeks or months within the Irish apt map”.
Every NOYB and Facebook were approached for insist but failed to answer by the time of publication.
When approached about Facebook’s decision to impress a judicial overview, the DPC instructed Computer Weekly it may maybe perhaps perhaps not be commenting as we reveal.
Extra apt movement against the DPC
In accordance to Schrems, his digital rights not-for-income NOYB became not instructed of the DPC’s decision to recount the preliminary whisper, which has now successfully paused the direction of of an ongoing criticism he acknowledged the regulator has already failed to behave on for seven years.
For this motive, NOYB has instructed the DPC of its plans to file an interlocutory injunction for its “mismanagement” of the Facebook case.
“This miniature case by the DPC is awfully attention-grabbing, as Facebook has indicated in a letter from 19 August 2020 that (after the stop of Safe Harbor, Privateness Defend and the SCCs) it is now relying on a fourth apt foundation for recordsdata transfers: the alleged ‘necessity’ to outsource processing to the US below the contract with its users,” it acknowledged.
“This methodology that any ‘preliminary whisper’ or ‘second investigation’ by the DPC on the SCCs alone will, basically, not terminate Facebook from arguing that its EU-US recordsdata transfers continue to be apt. In practice Article 49 (1b), GDPR may maybe perhaps perhaps be a suitable apt foundation for terribly miniature recordsdata transfers (as an instance, when an EU user is sending a message to a US user), but can’t be weak to outsource all recordsdata processing to the US,” acknowledged Schrems.
“We’re going to as a result of this truth elevate the greatest apt movement in Eire to be sure that the rights of users are fully upheld – regardless of which apt foundation Facebook claims. After seven years, all playing cards must soundless be set aside on the table.”
In accordance to an FAQ on the Schrems II judgment launched by the European Data Protection Board (EDPB) on 23 July 2020, whether or not an organization can transfer in line with SCCs will depend on the outcomes of their assessments, which want to elevate into consideration the situations of the transfer and any supplementary measures that cool be set aside in field.
“The supplementary measures along with SCCs, following a case-by-case diagnosis of the situations surrounding the transfer, would want to be sure that US legislation would not impinge on the ample level of protection they deliver,” it acknowledged.
“In case you device to the conclusion that, taking into consideration the situations of the transfer and that that you may perhaps be in a situation to think supplementary measures, appropriate safeguards would not be ensured, you are required to suspend or stop the transfer of personal recordsdata. Nevertheless, if you are intending to inspire transferring recordsdata despite this conclusion, it is advisable to yell your competent supervisory authority.”
It added that, close to the need of transfers for the performance of a contract, companies must soundless endure in mind that personal recordsdata can greatest be transferred when it’s completed so ‘from time to time’.
It may most likely perhaps perhaps must soundless be established on a case-by-case foundation whether recordsdata transfers may maybe perhaps perhaps be sure as “occasional” or “non-occasional”, it acknowledged.
“After all, this derogation [of GDPR’s Article 49] can greatest be relied upon when the transfer is objectively major for the performance of the contract.”
Drawl material Continues Below
Learn more on Social media know-how
Irish privacy watchdog orders Facebook to terminate sending user recordsdata to the US
By: Sebastian Klovig Skelton
Why recordsdata exports from the EU will most doubtless be not easy with out Privateness Defend
By: Andrew Hartshorn
Schrems steps up stress on Irish recordsdata protection commissioner on Facebook’s recordsdata sharing with US
By: Bill Goodwin
Privateness Defend: Companies face unique hurdles to legally transfer recordsdata to the US
By: Bill Goodwin