Facebook’s EU-US data transfers face their final countdown – TechCrunch

Ireland’s Data Protection Commission (DPC) has agreed to swiftly finalize Facebook’s long-standing complaint against international data transfers, which suspend data flows from the European Union to the US in just a few months Technology may force giants for.

The complaint, filed in 2013 by privacy campaigner Max Schrems, concerns access to Facebook users’ data under surveillance programs between the EU’s privacy rights and US government-wise agencies by NSA whistleblower Edward Snowden High resolution was revealed in detail.

The DPC has committed to a speedy resolution of Shreyas’ complaint to settle judicial review of its procedures, which its privacy campaign group had lodged Last year In response to her decision to suspend her complaint and the option to open a new case process.

Schrems will also be heard in the DPC’s “own will” process under the terms of the settlement, as well as gaining access to all representations made by Facebook – allowing Irish courts to allow the investigation to proceed, Noyb Said today

And while Noyb acknowledged that (yet) there might be another break, such as / if the DPC waits for the High Court’s decision of Facebook’s own judicial review, its procedures before reconsidering the original complaint Reviews, Schrems suggests that his prolonged complaint of 7.5 years led to a final decision within a few months …

“Ireland’s courts would be reluctant to give a deadline and the DPC played that card and said they could not provide a timeline … so we got the maximum possible under Irish law. Which is ‘unch swift’,” He called TechCrunch “disappointing but maximum possible”.

Asked to anticipate when the final decision would be made at the final time of the complaint, he suggested it could happen as soon as possible this summer – but said the more “real” it would fall.

Schrems has been an outspoken critic of how the DPC has handled his complaint – and more broadly with tech giants at a slower pace of enforcing the block’s data protection regulations – Ireland’s regulator Has chosen to raise broader concerns about the legitimacy of the mechanism. Instead of ordering Facebook to suspend the data, transfer the data from the European Union to the US, as Schrems asked in the complaint.

The saga already had major influences – leading to one Landmark verdict by europe’s top court Last summer when CJEU demolished a major EU-US data transfer regime, it was found that the US does not provide the same high standards for personal data as the EU does.

The CJEU also clarified that it is the duty of the EU’s data security regulators to postpone transfers to third countries if the data is at risk – putting the ball back to square in Ireland’s court.

For comment on the latest development, the DPC told us that it would be answered later today. So when we have this report we will update it.

The DPC, which is Facebook’s lead data regulator in the EU under the General Data Protection Regulation (GDPR) of the block, sent a preliminary order to the tech giant to reverse the data transfer. September – Following Historical Rules by CJEU.

However, Facebook immediately launched a Legal challenge – Completion of DPC order prematurely, despite being over seven years old, despite complaints.

Noeb said today that it is hopeful that efforts will continue to use Irish courts to delay implementing EU law. And technology giant Admitted last year It is using the courts to ‘send a signal’ to lawmakers with a political proposal for an issue that affects scores of businesses that transfer data between the EU and the US, as well He also buys time for a new American administration. Being in a position to deal with the problem.

But now the clock is ticking on how long Zuckerberg regulators can play this game of whale-a-mole. And a final calculation for Facebook’s EU data flow could come within half a year.

This largely sets a tight deadline for any negotiations between the European Union and US lawmakers EU-US Privacy Privacy Shield.

European Commissioner Last said No replacement would be possible without reforming US surveillance law. And whether the radical heat of such American law may come as soon as, or even fall, seems doubtful – unless necessary to lobby its own lawmakers among American companies Not a big effort to make a change.

In court documents Facebook linked to its challenge to the DPC’s preliminary order last year, the tech giant suggested that it might have to cease service in Europe if EU law is applied against its data transfers .

However its PR chief, Nick Clegg, increasingly Facebook will never pull service refused – Instead, urge EU lawmakers to adapt favorably on their data-dependent business model, claiming that “personal advertising” is critical to the EU’s subsequent COVID-19 economic recovery.

However, there is a general consensus among the block’s digital lawmakers that the tech giants are Requires more regulation, not less.

Today separately, A opinion An influential CJEU advisor may have implications for how fast GDPR is implemented in Europe in the future, if the court aligns with the opinion of Advocate Bobek – as it appears to be objective. The one-stop-shop mechanism of the GDPR to handle cross-border cases has resulted in bottlenecks in major courts such as Ireland.

So while Bobek confirms the general ability of a major regulator to investigate cross-border cases, he also writes that “lead data protection authority cannot be understood as the sole promoter of GDPR in cross-border situations Is and should be complied with. The relevant regulations and deadlines provided by GDPR closely collaborate with other data protection authorities concerned, the input of which is important in this area ”.

It also sets out the specific circumstances where national DPAs may bring their proceedings, in their view, for the purpose of adopting “immediate measures” or to intervene “to handle a case by following the Chief Data Protection Authority Has not been decided “. Delayed reason.

Reacting to the AG’s opinion, DPC Deputy Commissioner, Graham Doyle, told us: “We, along with our colleague EU DPA, take note of the Advocate General’s opinion and await the final decision of the Court regarding the interpretation of any relevant . One Stop Shop Rules. “

When asked about the AG’s comment, Jeff Oslo, a postdoc researcher in data privacy at the University of Amsterdam, said the opinion suggests a clear recognition that ACTUAL protection and enforcement could be crippling. [one-stop-shop] Tantra “.

However he suggested for DPA to lead a new regulator, which could bypass a major regulator that is unlikely to shake things up in the short term. “I think the door is open for some changes / bypass in DPC. But, only in the long run, “he said.