International Technology

Facebook can rely on data transfer rules

Facebook – The European Court of Justice (ECJ) Advocate General Henrik Saugmandsgaard Oe on Thursday said Facebook’s current practices provide sufficient measures to legally transfer EU citizens’ data to the US through recognized means.

Austrian privacy advocate Max Schrems had brought the case against Facebook Ireland, arguing that EU-approved “standard contractual clauses” (SCCs) gave European authorities the ability to block data transfers to destinations outside the EU.

Schrems’ case was founded on the premise that an EU citizen’s data is vulnerable when transferred to the US, where security agencies and American intelligence services can access private data for foreign intelligence purposes. He had cited documents leaked by former NSA contractor Edward Snowden.

“In that respect, the standard contractual clauses adopted by the Commission provide a general mechanism applicable to transfers irrespective of the third country of destination and the level of protection guaranteed there,” said the advocate general’s written opinion.

“We are grateful for the Advocate General’s opinion on these complex questions,” Facebook lawyer Jack Gilbert said. “Standard contractual clauses provide important safeguards to ensure that Europeans’ data are protected once transferred overseas.”

Oe also noted that if the data exporters fail to act if and when these conditions change, then the responsibility falls on regulators, such as an EU country’s data commissioner, “to suspend or prohibit a transfer when … those clauses cannot be complied with.”

Schrems said he was “generally happy” with the advocate general’s legal opinion. The Austrian activist noted that European concerns were similar to those put forward by the US in relation to Chinese technology companies such as Huawei or TikTok.

“In the long term, I hope that the US legislator will come to realize that no foreign customer will trust US industry if there are no solid privacy protections in the US,” Schrems said. “You can’t say ‘trust us with all your data but actually you have no rights.'”