Facebook takes upright action against Irish privacy watchdog
Facebook’s upright action against the Data Safety Commission will attempt to relief the corporate’s skill to switch European residents’ knowledge to the US despite its decrease privacy protections
Sebastian Klovig Skelton ,
Published: 11 Sep 2020 17: 15
Facebook is looking out for a judicial evaluate against the Irish Data Safety Commission (DPC) after receiving a preliminary expose from the privacy watchdog to suspend its knowledge transfers to the US.
The social media huge lodged the papers ex parte within the Irish High Court docket on 10 September, which is able to now be asked to ascertain the validity and legality of the DPC’s preliminary ruling that Customary Contractual Clauses (SCCs) can’t be archaic as the mechanism for transatlantic knowledge transfers.
The European Court docket of Justice (ECJ) brought the legality of SCCs into demand when it ruled to strike down the Privateness Protect agreement in July, on the premise that it failed to make certain European residents satisfactory simply of redress when knowledge is unruffled by US intelligence products and companies.
Despite the proven truth that the ECJ found SCCs had been peaceable legally skilled, it ruled that companies possess a accountability to make certain those they shared the knowledge with granted privacy protections the same to those contained in EU law.
Austrian attorney Max Schrems, who initiated the upright proceedings that resulted in the ECJ’s landmark resolution (colloquially is named Schrems II), tweeted that Facebook’s resolution to gaze a judicial evaluate “reveals (a) how they’ll utilize every opportunity to block a case, even sooner than there would possibly perchance be a resolution, and (b) the arrangement it is wholly illusionary to rep this form of case via in about a weeks or months within the Irish upright arrangement”.
Both NOYB and Facebook had been approached for comment nonetheless failed to reply by the time of newsletter.
When approached about Facebook’s resolution to gaze a judicial evaluate, the DPC suggested Pc Weekly it can now not be commenting at the moment.
Extra upright action against the DPC
In accordance with Schrems, his digital rights now not-for-income NOYB used to be now not suggested of the DPC’s resolution to yelp the preliminary expose, which has now successfully paused the diagram of an ongoing grievance he stated the regulator has already failed to act on for seven years.
For that reason, NOYB has suggested the DPC of its plans to file an interlocutory injunction for its “mismanagement” of the Facebook case.
“This restricted case by the DPC is extremely bright, as Facebook has indicated in a letter from 19 August 2020 that (after the live of Accurate Harbor, Privateness Protect and the SCCs) it is now counting on a fourth upright basis for knowledge transfers: the alleged ‘necessity’ to outsource processing to the US beneath the contract with its customers,” it stated.
“This methodology that any ‘preliminary expose’ or ‘2nd investigation’ by the DPC on the SCCs alone will, genuinely, now not quit Facebook from arguing that its EU-US knowledge transfers continue to be upright. In phrase Article 49 (1b), GDPR would possibly perchance perchance furthermore be an acceptable upright basis for extraordinarily restricted knowledge transfers (as an instance, when an EU user is sending a message to a US user), nonetheless can’t be archaic to outsource all knowledge processing to the US,” stated Schrems.
“We can because of this truth spend the right kind upright action in Eire to make certain that the rights of customers are fully upheld – no topic which upright basis Facebook claims. After seven years, all cards possess to be positioned on the desk.”
In accordance with an FAQ on the Schrems II judgment launched by the European Data Safety Board (EDPB) on 23 July 2020, whether or now not an organization can switch in step with SCCs will count upon the outcomes of their assessments, which possess to spend into yarn the conditions of the switch and any supplementary measures that frigid be set aside in role.
“The supplementary measures alongside with SCCs, following a case-by-case diagnosis of the conditions surrounding the switch, would possess to make certain that US law does now not impinge on the satisfactory stage of security they drawl,” it stated.
“If you attain to the conclusion that, taking into yarn the conditions of the switch and that that you simply would possibly perchance perchance possibly furthermore judge supplementary measures, acceptable safeguards would now not be ensured, you are required to suspend or live the switch of non-public knowledge. Alternatively, whenever you occur to are intending to relief transferring knowledge despite this conclusion, you in deciding to enlighten your competent supervisory authority.”
It added that, concerning the need of transfers for the performance of a contract, companies must undergo in mind that private knowledge can most efficient be transferred when it’s performed so ‘every so over and over’.
It can possess to be established on a case-by-case basis whether knowledge transfers would possibly perchance perchance be decided as “occasional” or “non-occasional”, it stated.
“In the end, this derogation [of GDPR’s Article 49] can most efficient be relied upon when the switch is objectively predominant for the performance of the contract.”
Issue Continues Below
Read extra on Social media expertise
Irish privacy watchdog orders Facebook to quit sending user knowledge to the US
By: Sebastian Klovig Skelton
Why knowledge exports from the EU will be tough with out Privateness Protect
By: Andrew Hartshorn
Schrems steps up stress on Irish knowledge security commissioner on Facebook’s knowledge sharing with US
By: Invoice Goodwin
Privateness Protect: Companies face new hurdles to legally switch knowledge to the US
By: Invoice Goodwin