The social network, which belongs to the Meta Group, runs on servers in the USA.
–
(Image: REUTERS)
–
–
–
–
Brussels The Irish data protection authority wants to prohibit the Meta Group from continuing to store user data on its servers in the USA. Should it prevail, it would mean, at least temporarily, that the Instagram and Facebook offers could no longer be used from Europe. According to the Reuters news agency, WhatsApp would not be affected.
The background is that the data protection regulations in the USA do not meet European requirements. In particular, they are only inadequately protected against access by secret services.
The EU and the USA had tried several times to solve the problem with bilateral agreements, but had failed in court. The Facebook parent Meta and other companies are currently sending data to the USA on the basis of so-called standard contractual clauses. The users therefore agree to the transfer. According to the European Court of Justice, this is generally permissible, but only under certain conditions, which must be checked in each individual case.
The Irish data protection officers sent the draft of the decision to their colleagues in the other EU countries, who can still influence the decision. This process usually takes a few months. However, Meta could defend itself against the implementation in Irish courts.
Tagus Top-Jobs
Find the best jobs now and
be notified by email.
–
–
–
The authority itself confirmed that it had submitted a proposal, but declined to comment on the content.
In the EU, Ireland is regarded as a brake on data protection issues. The previously lax approach of the local authorities is said to have contributed to the fact that Meta and other companies have settled there. “Finally the privacy advocates are doing something,” says FDP MEP Moritz Körner. “The Irish authorities have long spared Facebook.”
The step therefore comes as a surprise, especially since a solution to the data transfer problem is currently in sight. During his visit to Brussels in March, US President Joe Biden announced concessions to the Europeans.
Facebook parent company Meta reacted with criticism
Accordingly, the statement by the Meta group sounds like a lack of understanding: “This draft decision, which still has to be examined by the European data protection authorities, relates to a conflict between EU and US law that is currently being resolved,” said Meta.
As part of a new agreement, the United States wants to ensure that the surveillance of European data must be necessary and proportionate, i.e. end mass surveillance by the National Security Agency (NSA). In addition, there should be opportunities for legal action and multi-layered supervision of the surveillance.
After the political agreement, however, no concrete progress has been announced so far. The next step would be for Biden to implement the promised protection mechanisms via decrees.
The discussion initiated by Ireland could now build up pressure to that effect: “Now the pressure on the USA to protect the rights of European citizens is increasing,” says Körner. “This also increases the chances that there will be a good data protection agreement between the EU and the USA.”
That would be good news for German companies. “Legal uncertainties regarding international data transfers are hampering trade, data exchange and economic cooperation, which are of the utmost importance for maintaining and rebuilding the economy, which is currently under particular strain,” said Rebekka Weiß from the Bitkom industry association. Small and medium-sized companies that store data in the cloud, are present on social networks or use web conference systems also feel the restrictions.
Data protection officer Schrems doubts the actions of the Irish authorities
However, data protection activist Max Schrems is skeptical as to whether the Irish action will really have any consequences. “Facebook will use the Irish legal system to delay an actual data transfer ban,” he said.
In addition, he is far from satisfied with the actions of the Irish. “What would be easy to do is a fine for the past few years, in which the ECJ has clearly said that the data transfers were illegal,” Schrems was quoted as saying on the website of his organization Noyb.
Schrems was the plaintiff at the time and brought down two transatlantic data traffic agreements before the ECJ.
“It is strange that the DPA seems to ‘forget’ the only effective penalty in this case,” he said now. “One could get the impression that the Irish authorities just want to let this case run in circles over and over again.”
More: Liberation for the digital economy: EU and USA agree on rules for data flow
–
–
