The countdown is on.
Facebook will be forced to stop moving data from its European users to the United States as early as next month after Irelands data protection watchdog told the social networking giant that its current means of transferring digital information across the Atlantic is illegal.
The company still has a few weeks to appeal the preliminary ruling. But the decision deals a blow to billions of euros in digital trade annually between two of the worlds largest trading blocs. The moratorium on Facebooks data transfers to the U.S. will also likely apply to other companies that regularly move such digital information from Europe to outside the bloc.
For Facebook users in Europe, the pending decision could allow them greater security that their data is not collected by U.S. intelligence agencies, and their use of the worlds largest social network is not likely to be affected — at least in the short term. Yet questions remained about how their data will be handled when they interact with other users outside the 27-country bloc, say, sending a friend request or Instagram comment to a friend or family member in the U.S.
Irelands move also represents a victory for a yearslong campaign by privacy activists who claim that U.S. national security agencies play fast and loose with data from non-American citizens when its moved to the U.S. by companies like Facebook and Google. Washington denies those allegations.
Expect Dublin to rule that Facebook must stop using these legal mechanisms and for the social networking giant to appeal that decision in an Irish court.
Dublins decision against Facebook — it still must be approved by the European Unions other national privacy agencies — stems directly from a ruling by the Court of Justice of the European Union (CJEU), the blocs highest court, in July that decreed Washington did not provide sufficient protections for EU citizens when their data is transferred to the U.S.
But as with everything to do with Europes privacy regime, things are a little complicated. Heres what you need to know:
Data transfers will continue, but for how long?
Facebook is adamant that its data transfers are legal. In a statement, Nick Clegg, the companys chief lobbyist, said: “We will continue to transfer data in compliance with the recent CJEU ruling and until we receive further guidance.”
The company currently uses so-called standard contractual clauses, or complex legal mechanisms, to move data across the Atlantic. After Ireland raised concerns about these clauses in the wake of the July judgment from Europes highest court, the company said it had added additional safeguards like data encryption to comply with the regions privacy standards. Facebook says such changes mean it can still use these data-transfer mechanisms to send information to the U.S.
But Irelands privacy regulator has told the company the use of such clauses is still illegal because of the lack of privacy protections in the U.S. as outlined by Europes highest court. Facebook disagrees, saying Europes data protection agencies must offer guidance on how these clauses can be tweaked to comply with EU privacy law.
What does that mean? Expect Dublin to rule that Facebook must stop using these legal mechanisms and for the social networking giant to appeal that decision in an Irish court. The legal wrangling could drag on well into 2021 and beyond.
Privacy campaigner not happy
Strangely, Max Schrems, the Austrian privacy lawyer who brought the initial complaint in Ireland against Facebook, is not a happy man.
After Facebook publicly confirmed Dublins preliminary decision to outlaw its transatlantic data transfers, he published a series of documents alleging the company was trying to find alternatives to keep moving digital information to the U.S. Schrems also claimed that Irelands Data Protection Commissioner was not investigating Facebooks new data-transfer arrangements, but did not provide concrete evidence to prove that assertion.
A spokesman for Irelands privacy agency declined to comment.
The Austrian added he would be taking further legal action in Ireland to ensure the agency complies with EU privacy rules.
First Facebook, second everyone else
Other companies are keeping a close eye on what happens with the social networks data transfers because many are also reliant on standard contractual clauses to move digital information from Europe to the U.S. and elsewhere.
If Dublins preliminary decision against Facebook is approved, it will set a precedent and force tech giants like Google and smaller firms across the region to reconsider how they move digital information to the U.S.
Previously, companies could have used the so-called EU-U.S. Privacy Shield regime, a transatlantic agreement that Europes highest court has now struck down. If standard contractual clauses are also taken off the table (each companys legal mechanism would have to be reviewed independently before a final decision), that means there will be few, if any, legal means to move data from Europe to the U.S.
That would have an immediate knock-on effect on hundreds of billions of euros of annual trade and would hearten privacy groups that have long believed the U.S. national security regime was too data-hungry.
Keeping data in Europe looks more and more alluring
Though data transfers out of Europe havent themselRead More – Source