EU Court strikes down EU-US data transfer tool in Facebook case
Luxembourg: Europe's top court on Thursday rejected the validity of a mechanism used by thousands of companies to send data to the United States, backing concerns about U.S. surveillance raised by privacy activist Max Schrems in his clash with Facebook.
The EU-U.S. Privacy Shield was set up in 2016 to protect the personal data of Europeans when it is transferred across the Atlantic for commercial use. The same court also rejected its predecessor, known as Safe Harbour, in 2015.
However, judges upheld the validity of another data transfer mechanism known as standard contractual clauses but stressed that privacy watchdogs must suspend or prohibit transfers outside the EU if the protection of the data cannot be ensured.
Hundreds of thousands of companies including Facebook, industrial giants and carmakers use these clauses to transfer Europeans' data around the world for services ranging from cloud infrastructure, data hosting, payroll and finance to marketing.
The case - C-311/18 Facebook Ireland and Schrems - went to the Court of Justice of the European Union (CJEU) in Luxembourg after Schrems challenged Facebook's use of the standard clauses, saying they lacked sufficient data protection safeguards.
Schrems shot to fame for winning a legal battle in 2015 to overturn Safe Harbour. EU concerns about data transfers mounted after former U.S. intelligence contractor Edward Snowden's revelations in 2013 of mass U.S. surveillance.
In the EU, the General Data Protection Regulation (GDPR), introduced in 2018, seeks to increase individuals' control over their personal information. Companies that fail to comply are liable to fines of up to 4% of global annual turnover.
No comments:
Post a Comment