March 6, 2021

Ireland’s privacy watchdog on data transfer dispute with Facebook


LONDON — The Irish data watchdog is hoping to conclude a legal dispute with Facebook over the transatlantic transfer of data by early 2021, its chief told CNBC Wednesday.

The Irish Data Protection Commission sent Facebook a preliminary order to suspend data transfers to the U.S. about its EU users in September. This came after the EU’s top court issued a landmark ruling on two key mechanisms for data transfers.

The European Court of Justice (ECJ) invalidated the so-called Privacy Shield framework, which was the successor to a previous system known as Safe Harbor. Both of those frameworks were scrapped on the back of legal action led by Austrian privacy activist Max Schrems.

But the ECJ stopped short of suggesting that standard contractual clauses (SCCs) used to move personal data from the EU to the U.S. was illegal.

Facebook fired back at the Irish Data Commission, claiming it had opened an investigation into the company and “suggested that SCCs cannot in practice be used for EU-US data transfers.” The company suggested it could be forced to withdraw from Europe if such clauses were banned.

Irish Data Protection Commissioner Helen Dixon said her office was unable to continue with its probe into Facebook while the Irish commercial high court hears a judicial review from the company later this month.

“We would hope early in 2021 that we’ll have a judgment from the court that will bring clarity in terms of how we can proceed on that important issue,” Dixon told CNBC’s “Street Signs Europe.”

Ireland’s regulator has been criticized by some privacy advocates and regulators for being slow to complete investigations into Facebook and other big tech companies under the EU’s new General Data Protection Regulation, or GDPR, privacy rules.

The new law came into force in 2018, and gives authorities the power to fine companies up to 4% of their annual global revenues or 20 million euros, whichever is the bigger amount.

“I would point out that there’s no difference in pace between the Data Protection Commission and other EU data protection authorities,” Dixon said.

“While we do talk about the fact that the majority of big tech platforms are headquartered in Ireland, they’re not the only ones. The likes of Amazon, Spotify, Netflix, PayPal; they are elsewhere.”

Ireland, which is the primary EU privacy regulator for Facebook and Google hasn’t yet issued a single fine against a U.S. tech giant over GDPR.



Source link