November 21, 2023
Debt and Asset Recovery Legal Secretary
We are looking for an experienced Legal Secretary to join our busy and friendly Debt and Asset Recovery Team, based in Dublin 2. Responsibilities will include but are not limited...
In the wake of the decision made by the European Court of Justice (ECJ) on the validity of the mechanisms to transfer personal data outside of the EU, the Data Protection Commissioner (DPC) has launched an investigation into how Facebook transfers the personal data of its European users to the United States.
The DPC revealed late last month that it had arrived at a draft preliminary decision that data transfers outside of the EU by Facebook should be suspended as the methods used to transfer the data fail to guarantee a level of protection to data subjects equivalent to those provided for in EU law.
Under the General Data Protection Regulation 2016/679 (the GDPR), the transfer of personal data outside of the EU is prohibited unless certain limited circumstances apply; such as if the consent from the data subject was received or if the transfer of data was necessary for the performance of a contract with the individual.
The prohibition on transferring data was implemented as European citizens have a right to have their personal data protected, and it was found that outside of the EU, generally, a lower standard of protection on personal data was accepted. For example, in the US, a citizen’s constitutional right to privacy is limited by national security interests.
Previously, there were three main methods relied upon by corporations for the transfer of data outside of the EU:
The DPC’s investigation into Facebook concerned their use of SCCs and the standard of protection this afforded Facebook’s EU users. While deemed valid by the ECJ in Schrems II, it was determined that organisers must take a proactive role in evaluating whether there is adequate protection when relying on SCCs. The data controller must also verify the existence of appropriate safeguards.
Since the announcement of the DPC’s preliminary decision, Facebook has launched High Court proceedings to judicially review the DPC’s decision making process. Counsel for Facebook stated that it has not be afforded fair procedures nor provided sufficient time to respond to the DPC’s investigation. Facebook has 400 million European users and 25 million businesses in Europe use apps under Facebook’s control. The matter will next be before the court in November.
About the author: Katie Oakes
For more informationFacebook or advice on this impact of this case, or any other commercial law queries, please contact Katie Oakes, solicitor on the Corporate and Commercial Team, at email@example.com; Grìana O’Kelly, Head of Corporate and Commercial at firstname.lastname@example.org or call 01 644 5800.
Contact our office
Make an enquiry