Facebook sues Irish privacy watchdog over data-transfer spat
In an investigation into Facebook’s data transfers, the Irish authority told the company in a preliminary decision that so-called standard-contractual clauses “cannot in practice be used for EU-US data transfers.”
Facebook Inc. sued the Irish data protection watchdog in a bid to stop a proposed order it warns could curb transfers of vast amounts of commercial data from the European Union to the U.S. by thousands of companies.
The social network giant said it sought a judicial review of the Irish Data Protection Commission’s preliminary view that it may have to halt trans-Atlantic data transfers using the most commonly used EU tool still available to firms.
“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” Facebook said in a statement Friday. “We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”
In an investigation into Facebook’s data transfers, the Irish authority told the company in a preliminary decision that so-called standard-contractual clauses “cannot in practice be used for EU-US data transfers,” according to a blog post by Facebook this week. While the order isn’t final and will still need the backing of other EU data watchdogs, it could also put in doubt data transfers with the same tool by other tech firms under the Irish authority’s purview.
The Irish regulator declined to comment on the lawsuit.
The legal clash follows a shock decision in July by the European Union’s top court to topple the so-called Privacy Shield over fears EU citizens’ data isn’t safe once shipped to the U.S.
EU regulators are still grappling with the ramifications of the EU Court of Justice ruling, because while it didn’t issue an outright ban on the more widely used contract-based system, doubts about American data protection have made this a shaky alternative too.
The Irish authority already in July said that “in practice, the application of the SCCs transfer mechanism to transfers of personal data to the United States is now questionable.”