The technology giant complains that it simply cannot function unless it is allowed to send European user data to the US for “processing.”
US-based tech giant Facebook is once more appearing for the European court in order to protect its right to be exempt from EU rules. This time the battle is being waged in the Irish High Court. This is where Facebook has filed an affidavit as part of the Judicial Review it was granted to stop Ireland’s Data Protection Commission. The DPC had been investigating Facebook’s EU-US data flows.
The move is the latest attempt by Facebook to flout the EU’s GDPR law regarding privacy and data protection.
Between an EU’s rock and a US hard place
The problem this time is not entirely due to Facebook’s suspected misuse of data. Indeed, the real reason behind this latest skirmish appears to be concern over the spying powers of the US Government. Companies like Facebook are required to provide US authorities with user data upon request.
Under US law, Facebook must provide the government with access to all its user data. This also includes non-US user data, which the US security agencies could obtain from Facebook under a FISA warrant.
Facebook had previously operated under what was known as the “Privacy Shield” agreement. This was an EU-US agreement which stipulated that US privacy laws were sufficient for EU citizens. However, data access laws in the US are at odds the spirit and letter of the EU’s recently ratified GDPR.
Consequently, in July of 2020 In the European Court of Justice found the EU-US Data Protection Shield invalid. The CJEU declared that once Europeans’ user data was transferred to the US it could no longer be protected as required by the GDPR.
Facebook is arguing along several tracks, both administrative and legalistic. Their ace in the hole in this poker game is the apocalyptic scenario of a Facebook exit from the EU. It remains to be seen, however, whether this threat will have any impact on the Irish High Court.