Facebook takes lawful motion towards Irish privateness watchdog
Facebook’s lawful motion towards the Data Security Commission will strive to withhold the company’s means to switch European residents’ recordsdata to the US despite its decrease privateness protections
Sebastian Klovig Skelton ,
Printed: 11 Sep 2020 17: 15
Facebook is hunting for a judicial evaluate towards the Irish Data Security Commission (DPC) after receiving a preliminary uncover from the privateness watchdog to droop its recordsdata transfers to the US.
The social media giant lodged the papers ex parte in the Irish High Court on 10 September, that might perhaps perhaps perhaps now be asked to examine the validity and legality of the DPC’s preliminary ruling that Customary Contractual Clauses (SCCs) can’t be venerable because the mechanism for transatlantic recordsdata transfers.
The European Court of Justice (ECJ) introduced the legality of SCCs into interrogate when it ruled to strike down the Privacy Defend agreement in July, on the postulate that it did no longer narrate European residents sufficient just correct of redress when recordsdata is serene by US intelligence products and providers.
Though the ECJ found SCCs were serene legally right, it ruled that corporations own a responsibility to narrate these they shared the recordsdata with granted privateness protections same to those contained in EU regulation.
Austrian attorney Max Schrems, who initiated the lawful complaints that led to the ECJ’s landmark dedication (colloquially identified as Schrems II), tweeted that Facebook’s dedication to search a judicial evaluate “reveals (a) how they’re going to use every quite various to dam a case, even forward of there is a dedication, and (b) how it’s miles wholly illusionary to acquire this kind of case by in just a few weeks or months in the Irish lawful design”.
Each and each NOYB and Facebook were approached for comment but did no longer respond by the time of e-newsletter.
When approached about Facebook’s dedication to search a judicial evaluate, the DPC instructed Computer Weekly it wouldn’t be commenting at the present.
Further lawful motion towards the DPC
In step with Schrems, his digital rights no longer-for-earnings NOYB changed into as soon as no longer instructed of the DPC’s dedication to enviornment the preliminary uncover, which has now effectively paused the plot of an ongoing grievance he acknowledged the regulator has already did no longer act on for seven years.
For this cause, NOYB has instructed the DPC of its plans to file an interlocutory injunction for its “mismanagement” of the Facebook case.
“This restricted case by the DPC is essentially attention-grabbing, as Facebook has indicated in a letter from 19 August 2020 that (after the finish of Safe Harbor, Privacy Defend and the SCCs) it’s miles now relying on a fourth lawful basis for recordsdata transfers: the alleged ‘necessity’ to outsource processing to the US below the contract with its users,” it acknowledged.
“This implies that any ‘preliminary uncover’ or ‘second investigation’ by the DPC on the SCCs on my own will, truly, no longer stop Facebook from arguing that its EU-US recordsdata transfers continue to be lawful. In discover Article 49 (1b), GDPR might perhaps perhaps be an acceptable lawful basis for terribly restricted recordsdata transfers (let’s scream, when an EU user is sending a message to a US user), but can’t be venerable to outsource all recordsdata processing to the US,” acknowledged Schrems.
“We will obtain a plot to attributable to this fact spend the correct lawful motion in Ireland to make obvious the rights of users are fully upheld – regardless of which lawful basis Facebook claims. After seven years, all cards need to be positioned on the table.”
In step with an FAQ on the Schrems II judgment released by the European Data Security Board (EDPB) on 23 July 2020, whether or no longer a company can switch essentially essentially based on SCCs will depend on the outcomes of their assessments, which own to keep in mind the circumstances of the switch and any supplementary measures that wintry be put in space.
“The supplementary measures alongside with SCCs, following a case-by-case diagnosis of the circumstances surrounding the switch, would need to make obvious US regulation does no longer impinge on the sufficient level of security they guarantee,” it acknowledged.
“If you happen to advance to the conclusion that, pondering the circumstances of the switch and that you might perhaps perhaps perhaps tell about supplementary measures, appropriate safeguards wouldn’t be ensured, you are required to droop or finish the switch of non-public recordsdata. Alternatively, while you are intending to retain transferring recordsdata despite this conclusion, you will need to notify your competent supervisory authority.”
It added that, with regard to the necessity of transfers for the performance of a contract, corporations might perhaps perhaps perhaps serene understand that non-public recordsdata can most effective be transferred when it’s finished so ‘infrequently’.
It will need to be established on a case-by-case basis whether recordsdata transfers might perhaps perhaps perhaps be definite as “occasional” or “non-occasional”, it acknowledged.
“After all, this derogation [of GDPR’s Article 49] can most effective be relied upon when the switch is objectively crucial for the performance of the contract.”
Advise material Continues Below
Read extra on Social media abilities
Irish privateness watchdog orders Facebook to forestall sending user recordsdata to the US
By: Sebastian Klovig Skelton
Why recordsdata exports from the EU will seemingly be no longer easy without Privacy Defend
By: Andrew Hartshorn
Schrems steps up stress on Irish recordsdata security commissioner on Facebook’s recordsdata sharing with US
By: Bill Goodwin
Privacy Defend: Companies face new hurdles to legally switch recordsdata to the US
By: Bill Goodwin