European data should not be sent to the United States. For the time being, this fact is ignored by many companies. This decision could change that.
The Irish Supreme Court has ruled that the data regulator should go ahead to stop the transfer of Facebook user data from the European Union to the United States.
The Irish Data Protection Committee, responsible for Facebook, ordered action against Facebook last August in order to implement a ruling by the European Court of Justice (ECJ): In the so-called “Schrems II” ruling, the European Court of Justice ruled that the Privacy Shield Agreement between the United States The European Union is invalid because private data protection in the United States does not meet the standards in force in the European Union.
Facebook requested judicial review of this ruling and argued, among other things, that it threatens “devastating” and “irreversible” consequences for its business, which relies on processing user data in order to place targeted ads online. The judge rejected all requests made by Facebook.
Another step in Schrems vs. Facebook dispute
Under the current Supreme Court ruling, the data protection authority in Ireland is being summoned to implement the European Court of Justice decision: privileged access to personal data from Europe for companies in the United States will be terminated and the same rules apply to companies in other countries outside the European Union.
Today’s decision ends the seventh lawsuit in a long-running dispute between Austrian data protection activist Max Schrimms, the Irish Data Protection Authority and Facebook: in 2013, after the revelation of Snowden, Max Schrimms filed a complaint against Facebook in which he said Facebook said it was not permitted to transfer its personal information To the United States because US surveillance laws require that personal information be disclosed to the US government.
Separate storage for Facebook data for Europe?
The case was referred twice to the European Court of Justice, which resulted in the so-called “Sherims I” and “Sherims II” rulings. The European Court of Justice ruled that the data protection authority should investigate Facebook and is obligated to stop the data transmission.
Max Schrimes commented In a press releaseEight years later, the DPC is now obligated to stop Facebook data transfers between the European Union and the United States, possibly before the summer.
This means that Facebook will either have to store European user data locally in Europe so that the US parent company, and through it the US authorities, cannot access it. Or, the surveillance laws in the United States must be changed to conform to the standards in force in Europe.