Companies that move personal data from the E.U. to process that data in the U.S. now have a problem. The E.U.’s top court has struck down the agreement, called Privacy Shield, which enabled such bulk transfers to take place. Facebook and all others that move bulk data between the E.U. and the U.S. are likely to find that this complicates operations and raises costs substantially. There is far more detail within this well written article from Tech Crunch:
“It’s worth noting that today’s decision does not concern so called ‘necessary’ data transfers — such as being able to send an email to book a hotel room. Rather this is about the bulk outsourcing of data processing from the EU to the US (typically undertaken for cost/ease reasons). So one knock on effect of today’s ruling might be that more companies switch to regional data processing for European users.
The original case raised specific questions of legality around a European data transfer mechanism used by Facebook (and many other companies) for processing regional users’ data in the US — called Standard Contractual Clauses (SCCs). That mechanism has not been struck down by today’s ruling, though judges have made it clear that third country context around the use of SCCs is king and EU regulators must step in when they suspect data is flowing to unsafe locations outside the bloc.
Schrems challenged Facebook’s use of SCCs at the end of 2015, when he updated an earlier complaint on the same data transfer issue related to US government mass surveillance practices with Ireland’s data watchdog.
He asked the Irish Data Protection Commission (DPC) to suspend Facebook’s use of SCCs. Instead the regulator decided to take him and Facebook to court, saying it had concerns about the legality of the whole mechanism. Irish judges then referred a large number of nuanced legal questions to Europe’s top court, which brings us to today. Facebook, meanwhile, repeatedly tried and failed to block the reference to the Court of Justice. And you can now see exactly why they were so keen to derail this train.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
