X

Irish Case Tests Facebook’s Use of Privacy Shield

Photo courtesy of Vice News.

Summary: A case in Ireland may challenge Facebook’s ability to transfer data overseas.

The EU-US Privacy Shield mechanism is now being evaluated in regards to Facebook, according to Tech Crunch. The Privacy Shield allows companies to quickly receive data from overseas to the United States, but this week, the Irish High Court is examining a legal case for a second time that may challenge this.

“The sustainability of the EU-US Privacy Shield mechanism — which thousands of companies rely on to expedite transfers of personal data across the Atlantic — looks to be at stake,” Tech Crunch said.

The case stems from a 2013 complaint filed in Ireland by Max Schrems against Facebook. Using information from famed NSA whistleblower, Edward Snowden, Schrems successfully argued that transcontinental data transfers should not be done so easily. As a result of the case, in 2015, a European high court overturned a longstanding data mechanism called Safe Harbor, according to Tech Crunch.

Following the abolishment of Safe Harbor, Schrems updated his complaint to focus on Facebook and Standard Contractual Contracts (SCCs), which are used by Facebook to transfer data from the US to Europe. Schrems is seeking a suspension of SCC use for Facebook, but his complaint is causing the courts to consider ending SCCs for other companies as well.

Schrem’s case shows that there is a large difference between American and European privacy law, Tech Crunch said. The US focuses on security while the EU prioritizes the protection of privacy.

In August 2016, the EU-US Privacy Shield was enacted to address the two jurisdictions’ various concerns, but the Trump administration has not provided the enhanced privacy protections that the EU wants and in actuality has signed into law a surveillance bill that seems to go against what the EU is asking for. Because of this, the sustainability of the Privacy Shield is being called into question.

“Privacy reforms that consider the rights of foreigners don’t even appear to register as a debate-worthy concept on the floor of the US Senate and House — which spells big trouble for the sustainability of EU-US transatlantic data flows. And means this issue will inexorably continue to be brought before EU judges — as has happened again here,” Tech Crunch stated.

Schrems said that a “reasonable solution” to his complaint is to change surveillance laws.

“In the long run, the only reasonable solution is to cut back on mass surveillance laws. If there is no such political solution between the EU and the US, Facebook would have to split global and US services in two systems and keep European data outside of reach for US authorities, or face billions in penalties under the upcoming EU data protection regulation. Previously such a technical solution was done for financial data in the SWIFT case, where European data is now solely stored in Europe,” Schrems told Tech Crunch.

“Given the case law, the question, in this case, does not seem to be if Facebook can win it, but to what extent the Court of Justice will prohibit Facebook’s EU-US data transfers and which approach they will take to remedy the conflict of EU privacy protections and US surveillance.”

What do you think about the Privacy Shield? Let us know in the comments below.

Teresa Lo: