Questo è un tema di estrema importanza.
Schrems continua (giustamente) a vincere.

Quanti (organizzazioni, persone, enti, aziende, …) oggi stanno imponendo di fatto l’utilizzo di strumenti illeciti in Europa ?
Il principio è generale, non riguarda solo Facebook.

Source : Politico

Facebook’s US data transfers suffered a setback in Ireland. Here’s what you need to know.
Dublin court rejects Facebook appeal against Irish privacy regulator.

Facebook’s legal troubles are going from bad to worse.

On Friday, Ireland’s High Court ruled against the social networking giant in a dispute over the company’s efforts to keep moving European data to the United States.

The decision does not mark the end of Facebook’s ability to send people’s data across the Atlantic.

But it does mark a serious blow to its efforts to keep the data taps flowing amid ongoing discussions between the European Union and the U.S. on a new data-transfer pact that would allow all firms — and not just Facebook — to move data between two of the world’s largest economic blocs.

The Irish Data Protection Commission said it “welcomed” Friday’s judgment. A Facebook spokesperson said the company looked forward to defending its compliance to the DPC.

“Their preliminary decision could be damaging not only to Facebook, but also to users and other businesses,” the spokesperson said.

Here’s what you need to know:

What was decided Friday?

The Dublin court largely rebuffed Facebook’s attempts to find fault with the Irish DPC’s regulatory process.

Though Facebook’s right to challenge the regulatory process was granted, the judge gave short shrift to pretty much all the social media giant’s other claims.

To Facebook’s gripes that the DPC had diverged from standard protocol, for instance, the judge said that the regulator had every right to approach the inquiry differently from how it had done before — especially since it had said that it might do so.

“In my view, the DPC does have a wide discretion as to how to proceed with its inquiry … provided that it complies with fair procedures and with its obligations under the GDPR,” the judgment reads.

“I do not accept that it could be said to be unfair, unjust or inconsistent with good administration for the DPC to be permitted to depart from the illustrative procedures should the circumstances of a particular inquiry require it when that is precisely what the DPC said in the published material that it could do.”

Perhaps most worrying for the social media company, the Dublin court backed the regulator’s preliminary view that standard contractual clauses, or SCCs — widely used legal instruments — can’t be used to transfer data to the U.S. in light of a July Court of Justice of the European Union ruling that raised the bar for international data transfers.

SCCs could not compensate for the lack of protections in U.S. law for Europeans, the judge wrote, noting that Facebook did not appear to have put in place any extra safeguards.

What happens next?

Barring an appeal, Facebook will now have to respond to the DPC’s draft decision. It seems the rationale for its use of SCCs to shuttle European’s data to the U.S is on increasingly shaky ground.

Once the inquiry resumes, the social media company will have 21 days to respond — unless the DPC grants an extension. After that, it’s off to Europe’s network of data regulators, the EDPB, for sign-off.

The ruling will also trigger a parallel investigation of Austrian campaigner Max Schrems’ complaint against Facebook’s use of SCCs to send his data to the U.S.

Either way, it seems the social media company may have to start rethinking its global data flows.

What does this mean for EU-U.S. data talks?

The Irish court’s ruling puts even more pressure on European and U.S. officials to agree to a new data transfer pact, known as Privacy Shield, after the bloc’s top court nixed the arrangement because of fears over U.S. snooping.

Negotiations have been ongoing for almost a year, but major sticking points — particularly around access to EU data by American national security agencies — still must be overcome before a new deal can be reached. That’s unlikely before the second half of the year.

By kicking out Facebook’s judicial review, the judge has opened a gateway for more companies’ SCCs to be challenged. In its ruling Friday, the court said four such appeals had already been filed with Ireland’s Data Protection Commissioner.

With such data-transfer mechanisms on increasingly shaky ground, it is now left to EU and U.S. officials to hammer out a new transatlantic pact to ensure that companies can continue transferring data — and people’s fundamental privacy rights are upheld.

Continua qui Facebook’s US data transfers suffered a setback in Ireland. Here’s what you need to know. – POLITICO.