EU Court of Justice strikes down data transfer tool used by Facebook and others due to lack of privacy protection under US surveillance laws
Author: Naomi O’Leary, The Irish Times, Published on: 17 July 2020
« EU court rejects data transfer tool in Max Schrems case », 16 July 2020.
Europe's top court has declared an arrangement under which companies transfer personal data from the European Union to the US invalid due to concerns about US surveillance powers. The ruling in the long-running battle between Facebook, Ireland’s Data Protection Commissioner and the Austrian privacy activist Max Schrems...The ruling is a blow to the thousands of companies, including Facebook that rely on the Privacy Shield to transfer data across the Atlantic...The judgment by the Luxembourg-based Court of Justice of the European Union also upheld another tool, standard contractual clauses, used by hundreds of thousands of companies to transfer data around the world...standard contractual clauses are only valid if they contain “effective mechanisms” to ensure compliance with the protections offered by EU law, and it is the “obligation” of technology firms to verify this before transferring data outside the EU, the court found..
The ECJ found that the Privacy Shield arrangement does not provide people with recourse to an authority that "offers guarantees substantially equivalent to those required by EU law"...Mr Schrems said the court had confirmed that US surveillance powers, under which foreign citizens have fewer privacy protections than US citizens, are in conflict with EU data protection rights...Mr Schrems said in a statement. “It is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a major role on the EU market.”...
Related companies: Facebook