The Irish Personal Data Commission has initiated proceedings with Facebook to invalidate the transfer of personal data from users in Europe to the US. The social networking giant takes refuge behind the standard contractual clauses in order to continue its activities normally.
With the death penalty for the Privacy Shield Agreement this summer, the Court of Justice of the European Union won the favor of data protection advocates in Europe. At the same time it has destabilized the large American service provider GAFAM at the top. A few weeks after this announcement, we learn that the Irish Personal Data Commission (IDPC) has taken action (preliminary injunction) against Facebook to suspend the transfer of users’ personal data between Europe and the United States. At the moment, only the Irish body responsible for the application of the GDPR has pulled against Facebook, but others like the CNIL could very well follow suit.
“The Irish Data Protection Commission has launched an investigation into Facebook-controlled data transfers between the EU and the US and has proposed that standard contractual clauses cannot in practice be used for data transfers between the EU and the US. While there is an additional process to this approach, it could have a significant impact on businesses that depend on these clauses and the online services that many people and businesses rely on, ”said Facebook. in one ticket. “We recognize that creating a sustainable framework that supports the smooth flow of data to other countries and legal systems while ensuring that the fundamental rights of EU users are respected, no task is easy and will take time. As policy makers work towards a sustainable, long-term solution, we urge regulators to take an appropriate and pragmatic approach in order to minimize disruption for thousands of companies that, like Facebook, rely on these mechanisms in good faith. Transferring data in a secure manner. “”
Standard contractual clauses need to be inserted into contracts as soon as possible
After the takeover of Safe Harbor, the Privacy Shield should regulate the exchange of European user data between the old continent and the USA, in which it is processed. Without this agreement, this data transfer between Europe and the United States is simply impossible in theory. Before another agreement is renegotiated, the legal uncertainty sets in and puts the old standard contractual clauses back on the scene.
“The resistance of this mechanism is actually astonishing according to the criteria of the ECJ”, Etienne Papin had indicated in our columns in response to the end of the data protection shield. And Christiane Féral-Schuhl, President of the National Council of Lawyers, added: “The lifting of the Privacy Shield means that data transfers to the United States no longer meet the conditions required by the GDPR on the basis of this one intergovernmental agreement there is no problem if the contract between the European company and an American supplier or subcontractor contains standard contractual clauses. The response is to immediately include standard clauses in contracts. “