Facebook’s allotting of data on its European users with the U.S. is legal and provides sufficient protections, the legal advisor to the EU’s top court said Thursday.
In a symbolic win for the sexually transmitted network, Henrik Saugmandsgaard Oe, advocate general to the Court of Justice of the European Union (CJEU), said the use of so-called paradigm contractual clauses by Facebook and other firms to transfer information abroad is “valid.”
“Standard contractual clauses for the transmit of personal data to processors established in third countries is valid,” he said in written opinion Thursday.
His non-binding appreciation is not a ruling as such, but legal experts say opinions from the advocate general are typically followed by the court in a majority of cases. The CJEU choose rule on the case in the coming months.
Privacy activist Max Schrems has been battling Facebook and other internet podia in the courts for several years. His main contention is with the exporting of data from Europe for processing in the U.S., claiming it comforts Washington’s surveillance of citizens and governments in the bloc.
He successfully brought down the EU’s “Safe Habor” data regime in 2015, but debates the bloc’s new “Privacy Shield” arrangement on EU-U.S. data transfers is merely an update to the previous system and remains criminal.
The CJEU advocate general in his written opinion appeared to sympathize with Schrems’ concerns about the Privacy Bulwark, “in the light of the right to respect for private life and the right to an effective remedy.”
He said that there was ultimately an “bond” on data controllers and regulatory authorities to suspend the transfer of data where it conflicts with the laws of the country that gen is being sent to.
Austrian activist Max Schrems displays a logo of social platform Facebook with his smartphone.
Joe Klamar | AFP | Getty Twins
In Facebook’s case, Schrems has argued that standard contractual clauses used by the social network to transfer matter from its European subsidiary in Ireland to its main business in California fails to respect the privacy of EU citizens.
Schrems ‘as a rule happy’
Schrems praised the opinion submitted to the CJEU, claiming it “follows almost all of our arguments.” He said in a statement that he was “principally happy” and called the news a “total blow” to Facebook.
While the Austrian law student has held issue with Facebook’s transferring of facts abroad, he said that he did not believe the measures used by the firm should be “invalidated” globally — an action that disposition prevent thousands of other businesses from using them.
Schrems also said in a tweet to CNBC that the favour general was in agreement with his view that “the Authorities MUST stop any transfer at any time if there is any issue with US observation.”
Facebook said it was “grateful” for the opinion and said standard contractual clauses “provide important safeguards to ensure that Europeans’ information are protected once transferred overseas.”
“We look forward to the final decision from the CJEU,” a spokesperson for the tech behemoth said in a written statement emailed to CNBC.
Data protection has become a major concern in the wake of revelations from ancient National Security Agency contractor Edward Snowden, who in 2013 blew the whistle on numerous global surveillance programs. Europe closing year ushered in stringent new privacy rules aimed at giving consumers more rights over how their evidence is used.
Called the General Data Protection Regulation, or GDPR, the framework requires firms to seek explicit approval from users in order to handle their data. Fines under GDPR range from 20 million euros to 4% of a business’s annual income. Schrems has argued that GDPR clashes with U.S. surveillance law.
“I’m very happy with this see from the advocate general,” Patrick Van Eecke, technology partner at law firm DLA Piper, told CNBC over the phone. “I earnestly hope that the court is going to follow, as they often do, the opinion of the advocate general.”
“If they wouldn’t do that — and there is a probability they wouldn’t — I think that would be bad news, not just for the U.S.-EU relations but for the global data economy.”