Facebook transfer of data from EU to US shores argued in European high court

The EU’s highest court will debate whether the practice leaves EU citizen open to US surveillance.

Facebook. Defensive much? ZDNet's Chris Matyszczyk and TechRepublic's Karen Roby talk about how Mark Zuckerberg's company seems desperate to be seen in a slightly better light. Its methods, though, are questionable. Read more: https://zd.net/2JBjtDU

A long legal battle which centers around Facebook's transfer of data belonging to European citizens to the United States has ended up in the European Court of Justice. 

The Luxembourg-based court, which is the highest in the bloc, is hearing arguments on Tuesday concerning Facebook's data practices and whether or not they are placing EU citizens at risk of surveillance. 

Security 101

How to protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read More

As reported by the BBC, the transfer of data from EU to US shores for business purposes has long been challenged by privacy campaigner Max Schrems following the disclosure of the US National Security Agency (NSA)'s mass surveillance activities by whistleblower Edward Snowden. 

Schrems previously challenged Facebook over its Safe Harbor data transfers

See also: The dead will take over Facebook in the next 50 years

The issue in question is whether or not Facebook's Ireland-based subsidiary is able to protect EU data from US interference and collection and comply with EU data protection standards -- or whether the transfer of information could be considered illegal. 

Facebook says that privacy safeguards are in place when this information is sent to US servers, which can include everything from account data to online activity. 

CNET: The best DIY home security systems of 2019

However, Schrems' legal challenge centers around whether Facebook's legal framework for transferring data, known as "standard contractual clauses" (SCCs), is enough. 

SCCs require that data sent outside the EU to non-EU countries still adhere to GDPR, and additional safeguards are put in place to protect EU rights to privacy, However, given the widespread surveillance activities of countries including the US, the Irish data protection commissioner has argued that standard SCCs are no longer enough. 

TechRepublic: Why Apple should follow Microsoft's move to get rid of passwords

If the legal challenge is successful, this could force other businesses to reexamine their data transfer protocols. If SCCs are not adequate when foreign state surveillance is a possibility, this could have serious ramifications for which data exchanges, and between which countries, the EU may allow to exist in the future.  

A Facebook spokesperson told the BBC:

"Standard contractual clauses provide important safeguards to ensure that Europeans' data are protected once transferred overseas. SCCs have been designed and endorsed by the European Commission and enable thousands of Europeans to do business worldwide." 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0