Faced with the possibility of not being able to transfer Facebook user data between Europe and the US, the company is fighting hard to keep the channels open.
Facebook on Thursday lodged an appeal with the High Court in Ireland in the company’s latest bid to ensure that it can keep data flowing smoothly across the Atlantic. The move was in response to a decision by the country’s Data Protection Commission earlier this week.
It’s currently unclear what the knock-on effect of halting data transfers would be for Facebook users in Europe. But for Facebook it’d likely pose a huge and costly technical challenge behind the scenes to ensure any data belonging to European users wasn’t transferred to the US.
The origin of this fight can be traced back to July, when Europe’s top court ruled that the Privacy Shield agreement used by companies of all kinds, Facebook included, to transfer data between the US and Europe was invalid due to US surveillance laws. The ruling also called into doubt the legality of Standard Contractual Clauses — an alternative mechanism the company also relies on to transfer data out of Europe. With Facebook’s European headquarters based in Ireland, it fell to the Irish DPC to determine how this should affect the company’s data transfers.
Earlier this week, The Wall Street Journal reported that the Irish DPC had made a preliminary decision and sent Facebook an order that it would have to suspend data transfers. But for Facebook, this decision seems to have been made too quickly and the company wants to question the Irish DPC’s approach in a legal setting. The DPC declined to comment on the matter.
“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” said a spokeswoman for Facebook in a statement. “We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”
In a blog post Thursday, Facebook’s vice president of global affairs and communications, Nick Clegg, laid out publicly the company’s stance on international data transfers. He called forthat would protect consumers and allow all companies that rely on cross-border data flows to continue operating.
The case against Privacy Shield was originally brought by Austrian privacy campaigner Max Schrems, who previously brought a similar case that invalidated Privacy Shield’s predecessor, a mechanism known as Safe Harbor. On Friday he tweeted that Facebook’s decision to bring a legal challenge against the Irish DPC’s early guidance showed the company “will use every opportunity to block a case, even before there is a decision.”