Facebook takes simply movement against Irish privateness watchdog
Facebook’s simply movement against the Files Protection Commission will strive to retain the company’s potential to switch European voters’ data to the US despite its decrease privateness protections
Sebastian Klovig Skelton ,
Published: 11 Sep 2020 17: 15
Facebook is searching for a judicial review against the Irish Files Protection Commission (DPC) after receiving a preliminary expose from the privateness watchdog to suspend its data transfers to the US.
The social media enormous lodged the papers ex parte in the Irish Excessive Court on 10 September, which can now be asked to take a look at the validity and legality of the DPC’s preliminary ruling that Usual Contractual Clauses (SCCs) can’t be archaic as the mechanism for transatlantic data transfers.
The European Court of Justice (ECJ) brought the legality of SCCs into inquire of when it dominated to strike down the Privateness Defend settlement in July, on the premise that it did now not originate sure European voters enough simply of redress when data is calm by US intelligence products and services.
Though the ECJ chanced on SCCs had been calm legally authentic, it dominated that corporations hold a responsibility to originate sure those they shared the tips with granted privateness protections an identical to those contained in EU legislation.
Austrian lawyer Max Schrems, who initiated the simply proceedings that resulted in the ECJ’s landmark dedication (colloquially known as Schrems II), tweeted that Facebook’s dedication to seem at a judicial review “reveals (a) how they’ll exercise every alternative to block a case, even sooner than there is a dedication, and (b) the blueprint in which it is wholly illusionary to derive this kind of case by in just a few weeks or months in the Irish simply scheme”.
Both NOYB and Facebook had been approached for enlighten however did now not acknowledge by the level of publication.
When approached about Facebook’s dedication to seem at a judicial review, the DPC told Computer Weekly it would no longer be commenting at the moment.
Additional simply movement against the DPC
In step with Schrems, his digital rights no longer-for-profit NOYB changed into once no longer suggested of the DPC’s dedication to danger the preliminary expose, which has now effectively paused the map of an ongoing criticism he mentioned the regulator has already did now not behave on for seven years.
For that reason, NOYB has suggested the DPC of its plans to file an interlocutory injunction for its “mismanagement” of the Facebook case.
“This restricted case by the DPC is especially piquant, as Facebook has indicated in a letter from 19 August 2020 that (after the head of Stable Harbor, Privateness Defend and the SCCs) it is now counting on a fourth simply foundation for data transfers: the alleged ‘necessity’ to outsource processing to the US beneath the contract with its customers,” it mentioned.
“This methodology that any ‘preliminary expose’ or ‘2nd investigation’ by the DPC on the SCCs alone will, with out a doubt, no longer end Facebook from arguing that its EU-US data transfers continue to be simply. In prepare Article 49 (1b), GDPR can also very properly be an acceptable simply foundation for terribly restricted data transfers (for instance, when an EU client is sending a message to a US client), however can’t be archaic to outsource all data processing to the US,” mentioned Schrems.
“We can as a result of this truth elevate the actual simply movement in Ireland to originate sure that the rights of customers are fully upheld – regardless of which simply foundation Facebook claims. After seven years, all playing cards will hold to be set on the table.”
In step with an FAQ on the Schrems II judgment released by the European Files Protection Board (EDPB) on 23 July 2020, whether or no longer or no longer a company can switch per SCCs will count on the outcomes of their assessments, which hold to salvage in mind the conditions of the switch and any supplementary measures that frosty be set in space.
“The supplementary measures along with SCCs, following a case-by-case evaluation of the conditions surrounding the switch, would hold to originate sure that US legislation doesn’t impinge on the enough stage of safety they guarantee,” it mentioned.
“Ought to you when it comes to the conclusion that, taking into chronicle the conditions of the switch and imaginable supplementary measures, acceptable safeguards would no longer be ensured, you’re required to suspend or pause the switch of non-public data. Alternatively, while you happen to’re desiring to retain transferring data despite this conclusion, it be fundamental to enlighten your competent supervisory authority.”
It added that, with regard to the need of transfers for the efficiency of a contract, corporations will hold to undergo in mind that non-public data can easiest be transferred when it’s finished so ‘on occasion’.
It would will hold to be established on a case-by-case foundation whether or no longer data transfers would possibly perchance well perchance make sure as “occasional” or “non-occasional”, it mentioned.
“After all, this derogation [of GDPR’s Article 49] can easiest be relied upon when the switch is objectively mandatory for the efficiency of the contract.”
Deliver material Continues Below
Read extra on Social media skills
Irish privateness watchdog orders Facebook to end sending client data to the US
By: Sebastian Klovig Skelton
Why data exports from the EU shall be no longer easy with out Privateness Defend
By: Andrew Hartshorn
Schrems steps up stress on Irish data safety commissioner on Facebook’s data sharing with US
By: Bill Goodwin
Privateness Defend: Firms face original hurdles to legally switch data to the US
By: Bill Goodwin