Fb takes upright action against Irish privacy watchdog
Fb’s upright action against the Data Security Price will strive and protect the company’s skill to switch European electorate’ recordsdata to the US no topic its decrease privacy protections
Sebastian Klovig Skelton ,
Published: 11 Sep 2020 17: 15
Fb is inquiring for a judicial overview against the Irish Data Security Price (DPC) after receiving a preliminary expose from the privacy watchdog to slump its recordsdata transfers to the US.
The social media giant lodged the papers ex parte in the Irish High Court on 10 September, that will now be asked to test the validity and legality of the DPC’s preliminary ruling that Usual Contractual Clauses (SCCs) can not be passe as the mechanism for transatlantic recordsdata transfers.
The European Court of Justice (ECJ) brought the legality of SCCs into build a question to when it ruled to strike down the Privacy Protect agreement in July, on the theorem that it failed to make certain European electorate enough honest of redress when recordsdata is serene by US intelligence services.
Despite the proven reality that the ECJ realized SCCs were quiet legally dependable, it ruled that companies bask in a duty to make certain those they shared the records with granted privacy protections a lot like those contained in EU legislation.
Austrian attorney Max Schrems, who initiated the upright court docket cases that ended in the ECJ’s landmark decision (colloquially is known as Schrems II), tweeted that Fb’s decision to observe a judicial overview “reveals (a) how they’ll use every opportunity to dam a case, even sooner than there would possibly be a name, and (b) how it is wholly illusionary to earn this kind of case thru in a pair of weeks or months in the Irish upright system”.
Both NOYB and Fb were approached for recount but failed to answer by the time of newsletter.
When approached about Fb’s decision to observe a judicial overview, the DPC told Computer Weekly it will no longer be commenting at the present.
Additional upright action against the DPC
In step with Schrems, his digital rights no longer-for-earnings NOYB used to be no longer told of the DPC’s decision to scenario the preliminary expose, which has now successfully paused the plan of an ongoing complaint he acknowledged the regulator has already failed to act on for seven years.
For this arrangement, NOYB has told the DPC of its plans to file an interlocutory injunction for its “mismanagement” of the Fb case.
“This dinky case by the DPC is extremely piquant, as Fb has indicated in a letter from 19 August 2020 that (after the discontinue of Protected Harbor, Privacy Protect and the SCCs) it is now relying on a fourth upright basis for recordsdata transfers: the alleged ‘necessity’ to outsource processing to the US below the contract with its customers,” it acknowledged.
“This implies that any ‘preliminary expose’ or ‘second investigation’ by the DPC on the SCCs on my own will, if reality be told, no longer conclude Fb from arguing that its EU-US recordsdata transfers continue to be upright. In observe Article 49 (1b), GDPR is at likelihood of be a suitable upright basis for extremely dinky recordsdata transfers (as an illustration, when an EU user is sending a message to a US user), but can not be passe to outsource all recordsdata processing to the US,” acknowledged Schrems.
“We can this potential that reality use the honest upright action in Eire to make sure that the rights of customers are fully upheld – no topic which upright basis Fb claims. After seven years, all playing cards should be positioned on the table.”
In step with an FAQ on the Schrems II judgment released by the European Data Security Board (EDPB) on 23 July 2020, whether or no longer a company can switch essentially essentially based on SCCs will depend on the outcomes of their assessments, which desire to lift in mind the conditions of the switch and any supplementary measures that frigid be build in position.
“The supplementary measures along with SCCs, following a case-by-case prognosis of the conditions surrounding the switch, would desire to make sure that US legislation does no longer impinge on the enough level of security they whine,” it acknowledged.
“Whenever you formula to the conclusion that, taking into yarn the conditions of the switch and attainable supplementary measures, appropriate safeguards would no longer be ensured, you is at likelihood of be required to slump or discontinue the switch of private recordsdata. Then again, even as you happen to is at likelihood of be intending to lift transferring recordsdata no topic this conclusion, or no longer it is wanted to negate your competent supervisory authority.”
It added that, regarding the need of transfers for the performance of a contract, companies must quiet endure in mind that private recordsdata can handiest be transferred when it’s accomplished so ‘every now and then’.
It would should be established on a case-by-case basis whether recordsdata transfers would possibly maybe be obvious as “occasional” or “non-occasional”, it acknowledged.
“Finally, this derogation [of GDPR’s Article 49] can handiest be relied upon when the switch is objectively critical for the performance of the contract.”
Exclaim Continues Under
Read more on Social media technology
Irish privacy watchdog orders Fb to conclude sending user recordsdata to the US
By: Sebastian Klovig Skelton
Why recordsdata exports from the EU will doubtless be well-known without Privacy Protect
By: Andrew Hartshorn
Schrems steps up force on Irish recordsdata security commissioner on Fb’s recordsdata sharing with US
By: Invoice Goodwin
Privacy Protect: Firms face original hurdles to legally switch recordsdata to the US
By: Invoice Goodwin