IRISH PRIVACY WATCHDOG DECIDES THAT FACEBOOK CANNOT SEND PERSONAL DATA TO THE US
Authors: Mgr. Michal Nulíček, LL.M., CIPP/E, Mgr. et Mgr. Ing. Jan Tomíšek, CIPP/E, Mgr. Filip Beneš
The Irish privacy watchdog has issued Facebook a preliminary prohibition on transferring data to the United States, two months after the Schrems II decision whereby the Court of Justice of the EU suspended the relatively free transfer of personal data between the EU and the USA.The preliminary prohibition concerns the transfer of data on the basis of standard contractual clauses. In relation to the application of these clauses, the Court of Justice stressed in its decision that it is necessary to first evaluate the level of personal data protection provided by the third country to which the data is sent. Only after the level of security is successfully verified is it possible to transfer the data or, if needed, to adopt additional measures.In our last post we discussed in detail what can be done for the sharing of personal data to continue, and we recommended following the activity of privacy regulators. This remains relevant, for the question is whether the decision that currently concerns only Facebook might ignite activity by the regulators of other member states. Either way, Facebook is likely to show us another creative way of adapting to a new situation, since it now has to transfer data on the basis of consent from data subjects, i.e. on the basis of one of the exceptions listed in Art. 49 of the GDPR.