Facebook EU-user-data transfer contracts are legal, but the risks are: EU court adviser

LUXEMBOURG (Reuters) – Contracts that allow Facebook and other companies are sending Eu citizens ‘ data to the United States of america and in other countries as to be valid, an EU court adviser said on Thursday, although it left room for these transfers to be blocked, as well as the European data protection standards will not be met in the countries that receive the information.

FILE PHOTO: Facebook logo can be seen on a screen, this image on 2 December 2019 at the latest. (REUTERS photo/Johanna Geron/Image/File Photo

The case is based on a challenge by Austrian privacy activist Max Schrems, who have argued that Facebook’s contracts do not protect the data at the European level, in particular because of concerns about activity by the U.S. spy agencies.

Schrems had been on the republic of Ireland, where Facebook has its European headquarters and to take action against the company because it will be subject to u.s. monitoring laws that he considers would be likely to threaten Europeans’ rights.

Schrems, successfully fought against the EU’s previous ‘Safe harbor’ privacy rules at the end of 2015.

Henry Saugmandsgaard Øe, the attorney-general (AG) of the Court of Justice of the European Union (CJEU), has said the agreements-which are used by many companies, including Facebook, to support activities, such as manufacturing, services, cloud, infrastructure, data, hosting, finance and the legal department.

The court will follow these recommendations, and in four out of the five cases, this will occur in the next few months.

But, he added, data protection authorities need to prohibit the transfer of data as well as the laws of the host country, the data, such as that of the United States, in violation of the requirements of the data protection legislation of the convention, which is also known as the standard contractual clauses.

Schrems also said that he was “generally pleased” with the legal advice.

“Everyone will still be able to have all of the necessary information flows with the united states, including the transmission of e-mail or the booking of a hotel in the US,” he said.

“Some EU companies will not be able to make use of specific U.S. suppliers for outsourcing, since OUR control law requires these companies to provide information on the National Security Agency (NSA).”

It really is in the United States, in order to ensure baseline privacy protections to foreign citizens. Otherwise, no one will trust AMERICAN companies with their data.”

The opinion calls into question the adequacy of U.S. data protection, said Caitlin Fennessy, a research director at the International Association of Privacy Professionals.

“All of this suggests a short-term basis, the diplomatic solution will be of critical importance,” she said.

Facebook said in a statement: “We are grateful to the Solicitor-General for advice on these complex issues. By default, the Contractual Provisions provide important safeguards to ensure that the bulk of the data will be protected once transferred to a foreign country. SCCs have been designed and approved by the European Commission and the involvement of thousands of Europeans around the world to do business.”

The court has to follow the advisor’s opinion on the terms, ” says Patrick Van Eecke, the worldwide chairman of the law firm of DLA Piper, and the protection of personal data in the field.

FILE PHOTO: Austrian lawyer and privacy activist Max Schrems smiles during a Reuters interview in Vienna, Austria, on May 22, 2018. REUTERS/Heinz-Peter Bader/File Photo

“In an open, global economy is highly dependent on the data that flows across the national borders of the countries or regions, and the creation of obstacles to the prohibition on the international transfer of personal data, it is not good for business and good for the people,” he said.

The irish Data Protection Commission, Facebook’s lead regulator in the EU, has been taken up with the same conclusion as the advocate general noted that it “illustrates one of the complexities associated with the issues that can arise when the EU’s data protection laws interact with the laws of other countries, to the laws of the United States of america.

In the case of the C-311/18 Facebook Ireland and Schrems.

Reporting by Foo Yun Chee, additional reporting by Kirsti Knolle in Vienna, Graham Fahy in Dublin, ireland, Peter Henderson in San Francisco, and the Munsif Vengattil in Bengaluru; editing by Kirsten Donovan, Jason Neely and Alexandra Hudson

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular