July 8 2022

There is a month left for the European DPAs to decide the fate of the transfers of the tracts from Europe and the US of Facebook

Europe risks Facebook blackout, European DPAs will base decision on Facebook data transfer from Irish DPC

Europe USA Privacy Shield flags

As the DPC informed reporters yesterday, it issued a draft decision under Article 60 GDPR, relating to Facebook (Meta) EU-US data transfers in light of FISA 702 and Snowden disclosures. The draft decision is part of the “own will” procedure initiated by the DPC in parallel with the original complaint by Max Schrems.

Europeans are at risk of seeing social media services Facebook and Instagram shut down this summer, as the Irish privacy regulator doubled the order to stop the company's data flows to the United States.

The Irish Data Protection Commission informed its counterparts in Europe on Thursday that it will prevent Facebook owner Meta from sending user data from Europe to the US Irish regulator's draft decision cracking down on last resort of Meta to transfer large amounts of data to the United States, after years of bitter judicial battles between the US tech giant and European privacy activists.

The European Court of Justice in 2020 overturned an EU-US data flow pact called the Privacy Shield due to concerns about US surveillance practices. In its ruling, it also made it more difficult to use another legal tool that Meta and many other US companies use to transfer personal data to the US, called standard contractual clauses (SCC). The decision to leave Ireland this week means Facebook is forced to stop relying on SCCs as well.

Europe USA Privacy Shield Logo

Meta has repeatedly warned that such a decision would shut down many of its services in Europe, including Facebook and Instagram.

"If a new framework for transatlantic data transfer is not adopted and we are unable to continue to rely on SCCs or other alternative means of data transfer from Europe to the United States, we will probably not be able to offer some of our most significant products and services, including Facebook and Instagram, in Europe "

Meta said in a filing with the US Securities and Exchange Commission in March of this year.

It is likely that the Irish blockade order, if confirmed by the group of European national data protection regulators , will send a thrill to even the broader business community, which has been scratching its head about how to continue send data from Europe to the United States following the EU's supreme court ruling in 2020.

The EU and the US are negotiating a new data transfer text that would allow companies like Meta to continue shipping data across the Atlantic regardless of the Irish order. Brussels and Washington agreed on a preliminary agreement at the political level in March, but negotiations in the legal press have stalled and a final agreement is unlikely to be reached before the end of the year.

A spokesperson for the Irish DPC confirmed that the draft decision has been sent to other European privacy regulators, who now have one month to contribute, but will not discuss the details of the decision.

"This draft decision, which is subject to review by European data protection authorities, refers to a conflict between EU and US law that is in the process of being resolved," a spokesperson for Half. "We welcome the EU-US agreement for a new legal framework that will allow for the continuous transfer of data across borders and we expect this framework to enable us to keep families, communities and economies connected."

Europe USA Privacy Shield flags

No immanent stop. The draft decision of the DPC will not lead to an imminent halt of data transfers. In effect, the draft decision will trigger the process under Article 60 of the GDPR, giving other data protection authorities (“DPA”) a month to comment on the decision. Usually other European DPAs have opposed important decisions coming from the DPC. This then initiates a procedure under Article 65 GDPR, with a vote on the final decision.

Max Schrems: " We expect other DPAs to raise objections, as some important issues are not covered in the draft DPC. This will lead to another draft and then to a vote. In other cases this took another year altogether, as the DPC did not voluntarily implement the comments of other DPAs and it took more than six months to submit the case for a vote. ".

Two years from the decision of the CJEU, 9 years from the procedure. The original case promoted by Max Schrems in 2013 pledged to be conducted in “parallel” with a recently opened “own-will” case. The draft decision only concerns "self-determination". The complaints procedure was not transmitted to the EDPB.

It is unclear what happened to the original case at this stage, as the DPC typically hides the details of these cases.

Max Schrems: " Our original complaints procedure was split into two procedures: a complaints procedure and a second ex-officio procedure. We asked the DPC for comments on what happened to the complaints procedure. Overall, the complaints procedure has been pending for 9 years, with not even a draft decision so far ".

No fines - despite 9 years of illegal data transfers? An important question of the procedure will be whether only data transfers in the future should be banned, which Facebook / Meta will fight for years in Irish courts, or whether a final decision will also include a fine for illegal data transfers in recent years.

Max Schrems: " Facebook will use the Irish legal system to delay any actual data transfer bans. Ireland will have to send the police to physically cut the cables before these transfers actually stop. What would still be easy to do, however, is a fine for the past few years, in which the CJEU has clearly stated that the transfers were illegal. It is strange that the DPC seems to "forget" the only effective sanction in this case. One might get the impression that the DPC just wants to have this case go round and round again and again . "

Could it be just the tip of the Iceberg?

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top