Ireland reportedly ordered Facebook to stop transfers of EU users’ data back to the U.S., which was carried out under the Standard Contractual Clauses (SCC) provision rendered by the ECJ in its July 2016 ruling. In response to the preliminary order sent to Facebook by Ireland’s Data Protection Commission (IDPC), the social media giant is seeking a judicial review stating it is a “premature” thought process on the part of the IDPC to reach a preliminary conclusion at this stage.
- Facebook applied for a judicial review towards the approach adopted by Ireland’s Data Protection Commission (IDPC) to reach its decision.
- The IDPC reportedly sent Facebook a preliminary order to stop transferring user data from the European Union to the U.S.
- Facebook argued that it is “premature” for the IDPC to have reached a preliminary conclusion at this stage.
Facebook’s Long Fight Continues
Facebook has been fighting the data transfer battle in Europe ever since Maximillian Schrems, an Austrian activist, filed a complaint with Ireland’s Data Protection Commission (IDPC) against the social media giant in 2011. During the long dispute, Facebook took a hit as the European Court of Justice (ECJ) found Facebook falling short on several counts. However, the final nail in the coffin was struck when the ECJ invalidated the “EU-U.S. Privacy Shield,” which acted as a transatlantic data transfer framework for many tech giants including Facebook and Google.
Facebook took the blow on the chin and reverted to the SCC as per the ECJs recommendation. But it seems that the Irish data protection watchdog is still not confident about the data transfer framework adopted by Facebook and has thus sent a preliminary order against it. Facebook also pleaded for a judicial review on the grounds that the agency’s ruling was premature. In a statement, Facebook said, “A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy. We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”
Annulment of the EU-U.S. Privacy Shield
With a view of creating a safe passage for personal data transfer between the European and the U.S. companies, the U.S. Department of Commerce and the European Commission had established the EU-U.S. Privacy Shield framework in 2016. However, in a landmark judgment, the ECJ annulled the “EU-U.S. Privacy Shield” on the grounds that the said framework did not abide by the data security rights of EU citizens as defined under the General Data Protection Regulation (GDPR). It stated that the U.S. Surveillance Law does not have strong data privacy measures to protect its citizens’ data and instead asked them to make use of the already implemented legal mechanism, the standard contractual clauses (SCCs), for the time being.