HomeInsightsFacebook signs up to Privacy Shield data treaty

It was reported over the weekend that Facebook has signed up to the new EU “Privacy Shield” (that name makes us think of Captain America every time). It’s of interest of course, because it was Austrian lawyer Max Shrems’ privacy case against Facebook which led to the collapse of the previous system under which data was “safely” transferred between the US and the EU: the 15-year old safe harbour agreement was struck down by the ECJ in October 2015 amidst concerns of US surveillance on its people, revealed by Edward Snowden.

The Data Protection Directive says that personal data on EU citizens can only be transferred out of the EU to countries that have “adequate protections” for the rights of data subjects. Given the apparently systemic problems of state surveillance in the US, the ECJ said it wasn’t sure the US did give data subjects “adequate protections”. How do you get around that political bombshell? After much to-ing and fro-ing, during which companies on this side of the Atlantic were tearing their hair out on whether they could or couldn’t, for instance, use servers located in the US to hold data on EU citizens, the US and EU Commission agreed a fix – a “Privacy Shield” in July this year. It’s by all accounts a bit rubbish – the Article 29 Working Party isn’t impressed –  and comes off the back of a nice letter from the US promising “that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms.” It remains to be seen whether the Privacy Shield will satisfy the likes of Shrems. There have been hints of a legal challenge.

Expertise