Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Facebook May Have to Stop Moving EU User Data to US

Facebook may be forced to stop sending data about its European users to the U.S., in the first major fallout from a recent court ruling that found some trans-Atlantic data transfers don’t protect users from American government snooping.

Facebook may be forced to stop sending data about its European users to the U.S., in the first major fallout from a recent court ruling that found some trans-Atlantic data transfers don’t protect users from American government snooping.

The social network said Wednesday that Ireland’s Data Protection Commission has started an inquiry into how Facebook shifts data from the European Union to the United States.

The news was first reported by the Wall Street Journal, which said Ireland’s data commission gave Facebook until mid-September to respond to a preliminary order to suspend the transfers.

The result could be that the U.S. tech giant, which has data centers around the world, is forced to undertake a costly and complex revamp of its operations to ensure that European user data is kept out of the U.S.

“A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from COVID-19,” Facebook’s vice-president of global affairs and communications, Nick Clegg, wrote in a blog post.

The Irish data commission suggested that a type of legal mechanism governing the data transfers, known as standard contractual clauses, “cannot in practice be used for EU-U.S. data transfers,” Clegg said.

The commission, which did not reply to a request for comment, is Facebook’s lead privacy regulator in Europe and can fine companies up to 4% of annual revenue for data breaches.

Advertisement. Scroll to continue reading.

It’s the first major move by a European regulator after the EU’s top court issued a ruling in July on the two types of legal mechanisms used to govern data transfers.

The European Court of Justice invalidated an agreement known as Privacy Shield and decided that the standard legal clauses were still OK. But in cases where there are concerns about data privacy, EU regulators should vet, and if needed block, the transfer of data.

It’s the latest development in a case that originated more than seven years ago, when Max Schrems, an Austrian privacy activist, filed a complaint about the handling of his Facebook data after former U.S. National Security Agency contractor Edward Snowden revealed the American government was eavesdropping on people’s online data and communications. The revelations included detail on how Facebook gave U.S. security agencies access to the personal data of Europeans.

Though the case specifically targets Facebook, it could have far-reaching implications for other tech giants’ operations in Europe. In Facebook’s case, for example, messages between Europeans would have to stay in Europe, which can be complicated and require the platform to be split up, Schrems has said.

Related: Swiss Official Airs Concerns About Data Privacy in US

Related: Irish Regulator Investigates Facebook Over Exposed Passwords

Related: Privacy Fears Raised Over Facebook Messaging Apps Integration

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.