A bid to prevent it from sending data about its 410 million European users to the United States was unsuccessfully blocked by the social media giant.
The High Court ruled on Friday that Ireland’s data regulator can resume a probe that could lead to a ban on Facebook’s transatlantic data transfers. The company warns that such a stoppage would have a devastating effect on its business.
The case originates from European Association worries that US government reconnaissance may not regard the security privileges of EU residents when their own information is shipped off the US for business use.
In August, the Data Protection Commission (DPC) of the Republic of Ireland, Facebook’s lead EU regulator, launched an investigation and issued a provisional order stating that the primary method by which Facebook transfers EU user data to the United States “cannot in practice be used.”
Facebook had tested both the request and the starter draft choice (PDD), saying they undermined “destroying” and “irreversible” ramifications for its business, which depends on handling client information to serve designated web-based promotions.
The challenge was denied by the High Court on Friday.
In a nearly 200-page judgment, Justice David Barniville stated, “I refuse all of the reliefs sought by FBI [Facebook Ireland] and dismiss the claims made by it in the proceedings.”
The judgment stated that the FBI “has not established any basis for impugning the DPC decision, the PDD, or the procedures for the inquiry adopted by the DPC.”
Max Schrems, an Austrian privacy activist who compelled the Irish data regulator to act in a series of legal actions over the past eight years, stated that he believed the decision made it inevitable. Although the decision does not immediately halt data flows, Schrems believes it did.
He stated, “The DPC is now required, after eight years, to stop Facebook’s EU-US data transfers, likely before summer.”
As the Irish regulator’s provisional order “could be damaging not only to Facebook but also to users and other businesses,” a Facebook spokesperson stated that the company was looking forward to defending its compliance with EU data regulations.
The provisional order would effectively end companies in the United States privileged access to personal data from Europe and place them on an equal footing with businesses in other non-EU nations if enforced by the Irish data regulator.
The European Court of Justice ruled in July that the standard contractual clause (SCC), the mechanism questioned by the Irish regulator, was legal.
However, the Court of Justice also decided that if data protection in other countries cannot be guaranteed, privacy watchdogs must suspend or prohibit transfers outside the EU under SCCs.
A legal counselor for Facebook in December let the High Court know that the Irish controller’s draft choice, whenever executed, “would have wrecking results” for Facebook’s business, affecting Facebook’s 410 million dynamic clients in Europe, hitting political gatherings and subverting the right to speak freely of discourse.
In February, Irish Data Protection Commissioner Helen Dixon said that the decision by the European Court of Justice could significantly disrupt the flow of data across the Atlantic for businesses in general.
Friday, Dixon’s office expressed satisfaction with the decision but declined further comment.