Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Facebook applies to join safe harbour proceedings

Facebook has applied to join judicial review proceedings at the High Court in Dublin over the way Ireland's data protection commissioner (DPC) handled concerns about Facebook's data transfer arrangements, a spokesman for the company told the Irish Independent.  21 Oct 2015

Earlier this month Court of Justice of the EU (CJEU) ruled that the 'safe harbour' framework for EU-US data transfers currently used by Facebook, along with many other companies, is "invalid".

The CJEU's judgment came in a case referred to it from the High Court in Dublin. The Irish court has been reviewing a complaint raised by Austrian privacy advocate Maximillian Schrems about the way Ireland's DPC handled his privacy concerns over Facebook. It will now continue its review, following the CJEU decision.

"We will request an opportunity to join the proceedings in the Irish High Court where the Irish DPC’s investigation is to be discussed," the Facebook spokesperson told the Irish Independent. "We believe it is critical that we join the proceedings so that we can provide accurate information about our procedures and processes, as well as to correct inaccuracies that already exist."

The Article 29 Working Party, the advisory body comprising representatives from each of the 28 EU data protection authorities, has responded to the CJEU ruling by calling for EU member states and institutions to open discussions with US authorities to find solutions to allow data transfers from the EU to the US by the end of January.

EU regulators "consider that it is absolutely necessary to have a robust, collective and common position on the implementation on the judgment", the working group said.

Until a new agreement is reached, companies can continue to use standard contractual clauses and binding corporate rules, other recognised ways of transferring data to non-EU countries, to provide protection for subjects of data collection and transfer, Article 29 said.