Ireland vs Facebook

Following the annulment of the U.S. Privacy Shield by the Court of Justice of the European Union last July, Ireland vetoes Facebook.

It should be recalled that the Court of Justice of the European Union has held that the requirements of U.S. domestic law, and in particular certain programs that allow U.S. public authorities to access personal data transferred from the EU for national security purposes, establish limitations to the protection of personal data, such that they do not provide guarantees substantially equivalent to those required by EU law and that this legislation does not provide any judicial remedy against the U.S. authorities to data subjects, placing them in a situation of defenselessness, to the detriment of the right to effective judicial protection.

It should be remembered that from the interpretation of this European judgment, it is established that transfers may be made based on the exception of Article 49 of the European Data Protection Regulation 2016/679 (hereinafter, GDPR), provided that very specific requirements are met, such as:

-If there is prior consent from the data subject, it must be explicit, specific to the data transfer and informed about the risks of transferring the data to the USA.

-If the transfer is necessary for the performance of a contract between the data subject and the controller, it will only be possible if the transfer is considered occasional and not systematic or persistent.

-If the transfer is necessary in the public interest, this must be duly accredited.

Well, in view of the situation, the consequences of this historic ruling have not been long in coming.

Ireland, through its Data Protection Commission, sent a preliminary injunction to Facebook (Facebook has its European headquarters located in Ireland) to cease transfers of personal data of its European users to its servers in the United States.

In this preliminary injunction it forces Facebook to design new strategies regarding the processing of personal data of European users, ranging from isolation to suspension, since the GDPR establishes heavy penalties coated with fines, which can reach up to 4% of annual turnover (art. 83.5 GDPR), which in the case of Facebook could amount to $2.8 billion, about €2.35 billion.

It is important to note that this court order from Ireland sets a precedent for all European countries, and it has been made public in the media that Ireland plans to send its Commission’s order to all European countries on September 26.

Facebook has already expressed itself and has asked the European Union for time to comply with the provisions of the order, as it could mean the migration of all personal data to servers located outside the United States, with the economic consequences that they would entail, in times of recovery by the Covid-19.

Faced with this situation, giants such as Amazon, Google, Apple and Microsoft are on alert as they may be the next ones to find themselves in a similar situation to Facebook, as they too process millions of personal data, with transfers to the US, and with an extraordinary volume of profits in economic terms.

The annulment of the Privacy Shield has raised countless questions about the legality of personal data transfers between Europe and the US.

If your company makes transfers to the U.S. and you have doubts about how to act in front of the European decision, do not hesitate to contact us because we are Data protection consultancy in Valencia / LOPD Valencia.

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]WE HELP YOU[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!