A recent ruling in Ireland’s High Court could mean that Facebook could be barred from transferring EU data to its U.S. operations, as privacy watchdogs are cleared to continue their investigation.
As it stands, the most recent ruling from the Irish High Court means that the country’s data regulator can continue its investigation into how Facebook handles data collected from EU citizens.
Ireland’s Data Protection Commissioner is particularly concerned that U.S. surveillance of the data collected may not be conducted in a respectful or legal manner, in accordance with the GDPR legislation of the European Union.
Get ISO 27001 – Information Security – Certification With Best Practice
The Commissioner launched first an inquiry into the practice in August, which Facebook has since contested, on the basis that a change in policy could have “devastating” and “irreversible” impacts on its bottom line, which is underpinned by the highly-lucrative targeted advertising industry.
Facebook challenged the basis of the inquiry, which has now been rejected by Ireland’s High Court.
In a 200-page judgement, Justice David Barniville said “I refuse all of the reliefs sought by FBI (Facebook Ireland) and dismiss the claims made by it in the proceedings. FBI has not established any basis for impugning the DPC decision or the PDD or the procedures for the inquiry adopted by the DPC.”
A Facebook spokesperson has said that it will defend its data collection policies while ensuring they remain in accordance with the EU’s GDPR requirements. The company says that the provision order “could be damaging not only to Facebook, but also to users and other businesses.”
Facebook Could Be Barred From Transferring EU Data to U.S.
The case has huge ramifications not only for Facebook, but any entity operating outside their home market that collects and transfers data that originates from the European Union zone and is transmitted to the U.S. or elsewhere.
A worst-case scenario for Facebook would see a ban on transfers from the European Union to the United States, and bring an end to the ‘privileged access’ that a number of foreign companies operating in the EU have to data on European citizens.
According to a report from Reuters, “Irish Data Protection Commissioner Helen Dixon in February said companies more broadly may face massive disruption to transatlantic data flows as a result of the European Court of Justice decision.”
Privacy activist and major proponent of restrictions being placed on Facebook’s ability to transfer data across the Atlantic, Max Schrems has said that “after eight years, the DPC is now required to stop Facebook’s EU-U.S. data transfers, likely before summer.”
The social media giant looks set to use all the tools at its disposal to fight the implementation of data protection laws that inhibit its ability to transfer data collected from European residents to its headquarters in the U.S..