In July 2020, the Court of Justice of the European Union (CJEU) annulled the Privacy Shield protocol for the transfer of personal data between the US and the EU. The reason is that this bilateral pact allowed US security agencies to access all the data collected by their companies in Europe, violating the privacy laws of the old continent. The fall of the framework that regulated the great highway of personal information under the Atlantic supposed a small earthquake in the sector, especially for the digital giants of the United States that used it massively.
Fine for leaving a camera in the car to catch those who scratch it
Despite the fact that the complaint that led to the veto of the CJEU against the Privacy Shield was originally formulated against the practices Facebook Ireland, Mark Zuckerberg’s company considers that the sentence is not applicable to him. According to its internal documentation, the corporation does not agree with the high court’s assessment and has continued to export the data of European citizens as if the framework that made it possible was still active.
The new leak has come through Noyb, the Austrian privacy organization whose complaint led to the blocking of the Privacy Shield by the CJEU. Is about various legal documents in which Facebook concludes that the sentence should have no effect on its practices. “It should not be invoked” when evaluating whether the data from Europeans can go to the US, says one of them.
In another, which assesses the potential risks of data transfer, Facebook tries to downplay the fact that US authorities access that information. It points out that the 234,998 requests it received from US security agencies in 2020 “represent a tiny fraction” of the total number of users, which Facebook estimates at about 3.3 billion.
“In summary, the relevant US law and practice provide a protection of personal data that is essentially equivalent to the level of protection required by EU law,” the multinational’s lawyers explain in the document, the content of which agreed scoop Politician.
The privacy laws of the US and the EU are not equivalent, according to the CJEU
From Noyb they point out that this conclusion is just the opposite of what can be drawn not from one, but from two decisions of the CJEU. The court has stated in two cases, the Schrems I Y the Schrems II (named after Noyb chairman and whistleblower Max Schrems) that US privacy laws do not offer the same level of protection as those in the EU. Especially because of the ability they give their security agencies to carry out massive surveillance. In the Schrems I case, of 2015, the CJEU invalidated another agreement for the transfer of data between both blocks. The Schrems II was the one that knocked down the Privacy Shield.
“Facebook completely ignores the Court of Justice, despite two explicit rulings. Facebook seems to be openly violating the law, without any legal defense,” has denounced Schrems. “It is not surprising that Facebook wants to keep this document confidential. However, it also shows that it does not have a serious legal defense by continuing to send data from Europeans to the United States,” he added.
Contacted by elDiario.es, Facebook has not denied the veracity of the document or that data transfers continue to occur. “Like other companies, we have followed the rules and relied on international transfer mechanisms to transfer data securely. Businesses need clear and comprehensive rules, backed by a strong rule of law, to protect transatlantic data flows. long-term, “says a spokeswoman for Meta, its parent company.