Earlier this month Court of Justice of the EU (CJEU) ruled that the 'safe harbour' framework for EU-US data transfers currently used by Facebook, along with many other companies, is "invalid".
The CJEU's judgment came in a case referred to it from the High Court in Dublin. The Irish court has been reviewing a complaint raised by Austrian privacy advocate Maximillian Schrems about the way Ireland's DPC handled his privacy concerns over Facebook. It will now continue its review, following the CJEU decision.
"We will request an opportunity to join the proceedings in the Irish High Court where the Irish DPC’s investigation is to be discussed," the Facebook spokesperson told the Irish Independent. "We believe it is critical that we join the proceedings so that we can provide accurate information about our procedures and processes, as well as to correct inaccuracies that already exist."
The Article 29 Working Party, the advisory body comprising representatives from each of the 28 EU data protection authorities, has responded to the CJEU ruling by calling for EU member states and institutions to open discussions with US authorities to find solutions to allow data transfers from the EU to the US by the end of January.
EU regulators "consider that it is absolutely necessary to have a robust, collective and common position on the implementation on the judgment", the working group said.
Until a new agreement is reached, companies can continue to use standard contractual clauses and binding corporate rules, other recognised ways of transferring data to non-EU countries, to provide protection for subjects of data collection and transfer, Article 29 said.