EU top court to rule in landmark Facebook case

Platform News: Facebook usage

The top court in Europe will on Thursday rule on the legality of tools companies use to transfer Europeans’ data around the world, in the latest clash between Facebook and Austrian privacy activist Max Schrems.

KEY POINTS:

  • Thursday will see a landmark ruling by Europe’s top court on the legality of the tools companies use to transfer Europeans’ data around the world
  • The case is the latest clash between privacy activist Max Schrems and Facebook
  • If the court finds the mechanisms illegal, companies such as Facebook could have to suspend data transfer

If the court finds the mechanisms are illegal, companies, ranging from small businesses to industrial giants, such as Facebook, could have to suspend the data transfers that underpin standard contractual clauses or face hefty fines for breach of EU privacy laws.

“The Court could upend one, two or all global data transfer mechanisms, sending tens of thousands of companies scrambling, or could validate the existing legal order, providing companies around the world the legal certainty they’ve been seeking for decades,” Caitlin Fennessy, research director at the International Association of Privacy Professionals (IAPP), said.

Related Article:
In US-China tech rivalry, investors bet on China's localisation push

The industry body’s members include Amazon, AT&T, Cisco, Citi, Facebook, Google, GlaxoSmithKline, HSBC, Huawei, Microsoft, Lockheed Martin and KPMG.

Schrems shot to fame for winning a legal battle in 2015 to overturn previous privacy rules known as Safe Harbour.

It took the European Commission, the EU executive, and the US more than a year to agree an alternative.

PRIVACY SHIELD

Known as the Privacy Shield, it is designed to protect Europeans’ personal data that is transferred outside the European Union when companies sign contracts with non-EU companies on outsourcing services, including payroll and cloud infrastructure.

The latest case – C-311/18 Facebook Ireland and Schrems – came before the Luxembourg-based Court of Justice of the European Union (CJEU) after Schrems challenged Facebook’s use of standard clauses as lacking sufficient data protection safeguards.

Former American intelligence contractor Edward Snowden’s revelations in 2013 of mass US surveillance increased EU concerns about data transfers.

Related Article:
Twitter imposes restrictions and more warning labels ahead of US election

The Irish Data Protection agency, which is Facebook’s lead regulator, took the case to the Irish High Court, which then sought guidance from the CJEU.

Last December a CJEU adviser said such data transfer mechanisms were legal with the caveat that they could be blocked if countries receiving such information fail to meet European data protection standards.

In the EU, the General Data Protection Regulation (GDPR), introduced in 2018, seeks to increase individuals’ control over their personal information. Companies that fail to comply are liable to fines of up to 4% of global annual turnover.

Via our content partners at Reuters. Reporting by Foo Yun Chee. Editing by Barbara Lewis.

Share this article