` Irish Data Protection Commission Seeks to Suspend Personal Data Transfers from the European Union to the United States Based on the Standard Contractual Clauses - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

Irish Data Protection Commission Seeks to Suspend Personal Data Transfers from the European Union to the United States Based on the Standard Contractual Clauses

privacy and social networks

According to reports published on September 9, 2020, Ireland’s Data Protection Commission (IDPC) issued a preliminary order requiring Facebook to suspend its data transfers from the European Union to the United States.   The order follows the Court of Justice of the European Union’s (CJEU) July 16, 2020 decision in Schrems II which invalidated the EU-US Data Protection Shield but upheld the validity of the Standard Contractual Clauses (SCC), while raising questions about their application to the personal data transfers between the EU and the United States.

In that case, Schrems argued that the SCCs could not justify the transfer to the United States given the potential for the U.S. government’s surveillance and access to personal data of the EU residents.  Although the CJEU upheld the SSCs, it concluded that data subjects whose personal data are transferred to a third country pursuant to the SCCs must still be afforded a level of protection essentially equivalent to that guaranteed within the EU by the GDPR.  “[T]he assessment of that level of protection must take into consideration . . .  the relevant aspects of the legal system of th[e] third country, as regards any access by the public authorities of that third country to the data transferred.”

Immediately following the CJEU’s July 16 decision, the IDPC stated that “it is clear that, in practice, the application of the SCCs transfer mechanism to transfers of personal data to the United States is now questionable.” According to Facebook, following its investigation into the Facebook data transfers, the IDPC “has suggested that SCCs cannot in practice be used for EU-US data transfers.” At this point, the exact scope of the IDPC’s preliminary ruling is unclear. As the IDPC is the lead regulator for a large number of U.S. tech firms, its conclusions might have implications beyond data transfers by Facebook.

The IDPC reportedly has given Facebook until mid-September to respond to the preliminary order.  Upon receiving the company’s response, the regulator plans to send a new version of the order to other EU’s data protection authorities for the joint approval under the GDPR cooperation provisions.  Facebook, in turn, has already responded on September 11, 2020, by seeking a judicial review of the IDPC’s preliminary order.

Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653

Contact

  • 1521, Concord Pike, Suite #301,
    Wilmington, DE 19803 USA
  • 20 Montchanin Road, Suite 20,
    Greenville, DE 19807 USA
  • Contact Online

888-252-5653

About

Consumers

Businesses

The pixel
Show Buttons
Hide Buttons