Facebook Launches Legal Action Against Irish Regulator Over Data Order

Facebook has launched a legal action against Ireland’s data protection regulator, seeking to halt a preliminary order that would block it from transferring EU citizens’ user data to the United States.

The social media company applied on Friday to seek judicial review of the Irish Data Protection Commission decision on the grounds that the agency’s ruling was premature.

“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” Facebook said in a statement.

“We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”

Privacy Shield

The IDPC order follows a shock decision in July by the European Union’s top court, the European Court of Justice, to scrap the so-called Privacy Shield system widely used as the legal basis for mass data transfers from the EU to the US.

The court said that system gave EU citizens no effective recourse against US surveillance.

A previous system, known as Safe Harbour, was also invalidated in 2015 following the disclosures of mass NSA surveillance within the US by Edward Snowden.

However, the ECJ stopped short of also invalidating a legal tool known as standard contractual clauses, which are used by Facebook and others to legalise data transfers.

The ECJ said it was up to companies to evaluate whether transfers using standard contractual clauses follow the EU’s strict privacy rules.

Data transfer

The court also tasked regulators with evaluating the risks of data transfers on a case-by-case basis.

In July the IDPC said that “in practice, the application of the SCCs transfer mechanism to transfers of personal data to the United States is now questionable”.

The Irish regulator told Facebook that SCCs “cannot in practice be used for EU-US data transfers”, Facebook said in a blog post last week.

The IDPC declined to comment on the lawsuit.

While the order isn’t final and requires the backing of other European data regulators, invalidating SCCs as a legal structure for mass data transfers could have a broad impact on how US tech firms operate in Europe.

The EU’s Justice Commissioner, Didier Reynders, said last week that it was “important” to work with standard contractual clauses.

The European Commission also said it is working with the US on a “new, improved arrangement” to replace the scrapped Privacy Shield system.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago