‘Significant uncertainty’ over Facebook’s transfer of data on EU users to US

Facebook’s transfer of data on European users to its US base could grind to a halt in the aftermath of a court ruling centred on American national security law concerns.

The tech giant’s communications chief Sir Nick Clegg said its lead regulator in the EU suggested the company cannot use a key legal mechanism that makes EU-US data transfers possible.

According to Sir Nick, the Irish Data Protection Commission (IDPC) has commenced an inquiry into the matter and warned it could have “a far-reaching effect on businesses” that also use it.

The move may result in the social network having to make costly changes to its operations or face a fine of up to 4% of its annual revenue if it fails to comply.

It comes after the EU’s top court invalidated an agreement known as Privacy Shield in July but said an alternative legal mechanism called Standard Contractual Clauses (SCCs) could continue, but the data regulator’s inquiry now casts doubt on that measure too.

The former deputy prime minister and Liberal Democrat leader said the issue had created “significant uncertainty” for many companies.

“A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from Covid-19,” he said.

“The impact would be felt by businesses large and small, across multiple sectors.”

He added: “Businesses need clear, global rules, underpinned by the strong rule of law, to protect transatlantic data flows over the long-term.”

Last month, the US Department of Commerce and the European Commission kick-started discussions into the possibility of an “enhanced” EU-US Privacy Shield framework to comply with ruling.

The case initially arose after Austrian lawyer Max Schrems claimed that the transfer of his personal data by Facebook to the US breached his data privacy rights as an EU citizen.