Jul 16, 2020
Companies hope to avoid 'catastrophic' EU data-transfer ruling
An imminent privacy ruling has the potential to cause chaos for companies which transfer data out of the EU. Legal experts are confident that a "Worst-case" judgement will not be reached, but still warn of far-reaching implications. The case before the European Court of Justice is complex, but hinges in part on the concern that US law requires Facebook to hand over personal data to authorities such as the National Security Agency or FBI. Max Schrems, an Austrian national, lodged a case in 2013 after the Edward Snowden leaks revealed the extent of US surveillance. "The concern has always been: when data leaves Europe, what's happening to it? It may not have equivalent rights, and individuals may not have equivalent protection," explained Jonathan Kewley, co-head of Technology at law firm Clifford Chance. This would affect most countries outside the EU. It could, for example, affect a firm that wants to send human resources or payroll data to a head office outside the EU, or one which wants to store personal records in cloud storage located in the US. It would not affect strictly-necessary data transfers - for example, emailing a hotel abroad to book a room, or visiting a website based in China. European GDPR rules have been adopted into UK law, and it is widely expected - although not certain - that a so-called "Adequacy decision" will be granted, effectively saying that the UK's privacy rules are up to EU standards.
Make a complaint about Facebook by viewing their customer service contacts.