Advertisement

Facebook to be ordered to halt data transfers from Europe to America

In this April 11, 2018, file photo, Facebook CEO Mark Zuckerberg pauses while testifying before a House Energy and Commerce hearing on Capitol Hill in Washington about the use of Facebook data to target American voters in the 2016 election and data privacy - Andrew Harnik/AP
In this April 11, 2018, file photo, Facebook CEO Mark Zuckerberg pauses while testifying before a House Energy and Commerce hearing on Capitol Hill in Washington about the use of Facebook data to target American voters in the 2016 election and data privacy - Andrew Harnik/AP

Ireland's privacy watchdog has warned Facebook that it plans to block the social network from sending data about its users in the European Union back to the United States.

The Irish Data Protection Commission (DPC) has reportedly given the company until the end of September to contest a provisional ruling that the transfers are illegal under EU data laws.

Sir Nick Clegg, Facebook's global head of communications, confirmed the DPC's preliminary order, which he described as a "suggestion".

If enforced, however, it could badly disrupt Facebook's multi-billion dollar business and send a chill through other American tech giants, many of whom have their European headquarters in Ireland.

The DPC's decision could herald a wave of similar crackdowns across the EU as national regulators mull how to enforce an explosive court ruling in July that struck down the bloc's "Privacy Shield" data transfer treaty.

A spokesman for the DPC declined to comment.

Sir Nick said: "A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from Covid-19.

"In the worst case scenario, this could mean that a small tech start up in Germany would no longer be able to use a US-based cloud provider. A Spanish product development company could no longer be able to run an operation across multiple time zones."

He also warned that the decision could also compromise universities, hospitals and other institutions who rely on US cloud providers, as well as Ireland's own Covid-19 tracking app, which he said relies on one of sthe same legal mechanisms used by Facebook.

The European Court of Justice ruled that the Privacy Shield agreement broke EU law because it exposes European citizens to United States government surveillance, which is "not limited to what is strictly necessary" and lacks adequate safeguards.

The decision set off a diplomatic row, as well as intense negotiations, between the EU and the United States, which said it was "deeply disappointed".

The court did leave companies an escape hatch by declining to invalidate another international transfer mechanism known as "Standard Contractual Clauses". But Sir Nick said that the DPC had ruled they could not be used.

According to a report by the European Institute at University College London, about 5,300 companies use the Privacy Shield system, about 65pc of which are start-ups and small to medium size businesses.