Facebook data transfers threatened by EU ruling

Irish authorities have warned that a crucial data transfer arrangement relied on by Facebook, Google and Amazon potentially falls foul of European Union rules on privacy — threatening an “Armageddon of global data flows”, according to one lawyer.

So-called “model contract clauses” are now used by thousands of multinational companies to allow them to transfer personal data — whether payslips or pictures — outside the EU, without breaching the bloc’s strict data protection rules. Many of the world’s biggest businesses turned to them in 2015, after the EU’s top court ruled against a similar transatlantic data transfer deal called “Safe Harbour”. For US technology groups in particular, transferring data across the Atlantic is a quicker and cheaper option than building a wholly independent operation within the EU. However, the model contract clauses they have adopted to make their transfers possible now potentially face a similar fate to Safe Harbour. Ireland’s Data Protection Commissioner has said it is passing on its concerns about them to the Irish courts — with a recommendation that the case is settled at the European Court of Justice. Irish regulators suggest that the clauses — in effect, boilerplate legal text approved by the European Commission — do not offer EU citizens suitable redress if they feel their rights have been impinged.