Despite EU Court Rulings, Facebook Says US Is Safe To Receive Europeans' Data

Despite the European Union's highest court twice declaring that the United States does not offer sufficient protection for Europeans' data from American national security agencies, the social media giant's lawyers continue to disagree, according to internal documents seen by POLITICO. Their conclusion that the U.S. is safe for EU data is part of Facebook's legal argument for it to be able to continue shipping data across the Atlantic. From the report: In July 2020, the Court of Justice of the European Union (CJEU) struck down a U.S.-EU data transfer instrument called Privacy Shield. The court concluded Washington did not offer adequate protection for EU data shipped overseas because U.S. surveillance law was too intrusive for European standards. In the same landmark ruling, the Luxembourg-based court upheld the legality of another instrument used to export data out of Europe called Standard Contractual Clauses (SCCs). But it cast doubt on whether these complex legal instruments could be used to shuttle data to countries where EU standards cannot be met, including the U.S. The CJEU reached a similar conclusion in 2015, striking down the predecessor agreement to Privacy Shield because of U.S. surveillance law and practices. In both rulings, Europe's top judges categorically stated Washington did not have sufficiently high privacy standards. Still, Facebook -- the company at the heart of both cases -- thinks it shouldn't follow the court's reasoning.

The company's lawyers argue in the documents that the EU court ruling "should not be relied on" for the social media company's own assessment of data transfers to the U.S., because the judges' findings relate to Privacy Shield data pact, and not the Standard Contractual Clauses which Facebook uses to transfer data to the U.S. "The assessment of U.S. law (and practice) under Article 45 GDPR is materially different to the assessment of law and practice required under Article 46 GDPR," the document reads. That refers to the two different types of legal data transfer instruments under the EU's General Data Protection Regulation and indicates that assessment under SCCs is different to assessment under Privacy Shield. The company also says that changes to U.S. law and practices since the July 2020 ruling should be taken into account. As an example, it cites the U.S. Federal Trade Commission, a watchdog, "carrying out its role as a data protection agency with unprecedented force and vigour." Those arguments have been central to Washington's pitch during ongoing transatlantic negotiations over a new EU-U.S. data agreement. "Though companies have to take the EU court ruling into account when making their own assessments of third party country regimes, they can, in theory, diverge from the court's findings if they believe it is justified in a particular situation," notes Politico. "This means that companies like Facebook can, in theory, continue to ship data out of Europe if they can prove its sufficiently protected."

Irrelevant

[LeeLynx]

Facebook isn't "safe to receive" anyone's data, irrespective of what country it is in.

Re:

[Penis Orgasm]

Exactly.

Re:

[luvirini]

Yes, thus them moving the data to any "safe" country like EU wants would not fix the base problem of Facebook itself and all the spy companies on their platform having the data.

Ban hammer

[Computershack]

The EU needs to do a temporary 7 day ban on Facebook access within the EU. Maybe that'll send a strong enough message. Until they start to do stuff like that Facebook will continue to think it can get away with ignoring rulings with impunity.

Re: Ban hammer

[Malays2 bowman]

I banned Facebook from my personal life simply because it's a heap of shit with no real value.

Facebook is very uncool these days.

Re:

[NotEmmanuelGoldstein]

... no real value.

Businesses keep using it so customers are locked to it.

I logged into Facebook recently: The 12 Facebook-required shortcuts down the page meant it could show only one user-generated shortcut. The Facebook 'Groups' shortcut shows only one user-generated shortcut: Even the Facebook folder structure couldn't access the shortcuts I used.

I decided to change the account name so it matched the updated profile picture. As confirmation, it demanded I log-in from an earlier computer (which would be the office

it was ALWAYS uncool

[aepervius]

But it was trendy so people did facebook. Same with myspace, and same with whatever tiktok or other social media : they "look" cool because they are "trendy" and there are people which think they look cooler when they start trends, led trends, or surf the trend. That is simply a superficial definition of being cool or uncool. I am biased , always despised facebook for the very same reason people call them "uncool" today, but apparently my arguments were "uncool" years ago, a naysayer or whatever. That make

Re: it was ALWAYS uncool

[Malays2 bowman]

I tried it to see what the hype was about. I even became hooked for a minute.

But all I saw were vapid "inspirational quotes, and one sided "mee too" 'arguments' over the stupidest of things. I never encountered a site seething with "toxic positivity" (look that up) and such emptiness until Facebook.

Is this really worth the endless data mining and reaming? The only other thing it had was orgs using it as their web site, but that was not enough to justify my comtinued usage of Facebook.

I close

Re:

[Local ID10T]

The EU needs to do a temporary 7 day ban on Facebook access within the EU. Maybe that'll send a strong enough message. Until they start to do stuff like that Facebook will continue to think it can get away with ignoring rulings with impunity.

Riots. In. The. Streets.

There are enough people who use Facebook (and Instagram, and whatever else they have absorbed) that blocking access would cause significant disruptions across european society.

Re:Ban hammer

[Nrrqshrr]

I remember when that big outage happened a couple of months ago. I didnt even know about it since I neither use facebook nor instagram. But boy did I notice something weird when I saw that my favorite coffee shop, which was usually pretty empty and relaxed, was crowded and full of people sitting in groups and talking with each other.
It was the weirdest sight, I tell you.

Re:

[Anonymous Brave Guy]

The trouble with this is that the same rules apply to all US companies that could receive personal data from within the EU (or, at least for now, the UK). So if you're going to argue that the US laws that require privileged government access to data held by private corporations are fundamentally incompatible with EU laws that aim to protect privacy, you have to apply that argument everywhere and ban all EU personal data exports to the US. Enjoy it while it lasts, because the resulting total economic collaps

Re:

[Required Snark]

So you think that Facebook has more clout then the EU? They have many more options then "cut off all electronic sharing of personal data with these outside jurisdictions." They could levy huge fines or even ban ZukerFace specifically as an example to those "outside jurisdiction."

Re:Ban hammer

[fazig]

Probably not more clout than the EU, but its far reaching influence is difficult to deny during these times for other reasons.
Remember that during this COVID times, to a good portion of people, what they read on facebook or WhatsApp is unmitigated truth, without even knowing how much those platforms themselves distort what they're presented with. A significant enough amount of people is already demonstrating in the streets with a smaller subset being ready to become violent.

These platforms have become an alarmingly monolithic 3.5th estate (analogous to https://en.wikipedia.org/wiki/... [wikipedia.org]).

Re:

[Anonymous Brave Guy]

I didn't say Facebook has more clout than the EU, but the entire business world certainly does and other businesses are all subject to the same data protection rules as Facebook.

Countless things that we rely on every day would stop working if we actually banned the transfer of personal data to US-based entities entirely. Yes, authorities can try imposing fines or selective enforcement rather than just shutting everything down. But what are they going to do if they impose penalties significant enough to prom

Re:

[Anonymous Brave Guy]

What exceptions to what general rules do you think they had, specifically?

Re:

[clsc]

You seem to be an American. Things are not quite the way you imagine when seen from an European perspective.

>> you have to apply that argument everywhere and ban all EU personal data exports to the US

Done already. That is the essence of the Max Schrems verdict. No US firm is trustworthy in EU at all.

All US firms are subject to the EU court decision, and from an European perspective it is a wise decision indeed, that will boost EU industry, regardless of US industry.

Americans crossed too many of the wr

Re:

[Anonymous Brave Guy]

Be careful with those assumptions. You might look a little foolish when it turns out you're completely wrong and talking to a Brit.

You've similarly completely missed the point of my earlier comment. It's not a wise decision. It's a decision that if actively enforced, fairly and across the board, would cripple the economy of Europe in a matter of days. There wouldn't be some magical instant production of EU industry to rival the US. People would be too busy worrying about why they suddenly couldn't communica

Edward Snowden

[VeryFluffyBunny]

I think Edward Snowden & anyone who's reviewed the leaked NSA documents would disagree with Facebook's claims. That is unless their relationship with the NSA has changed substantially since he blew the whistle on it.

Re:

[BardBollocks]

the sock-puppets will always promote the false narrative that we can trust others with our data, despite snowden showing all of us what was happening with it - well - the stuff he disclosed 'the tip of the iceberg'

hmmm

[RegistrationIsDumb83]

Do EU citizens have protections from EU government surveillance? Or is this just a case where they want people's data in their jurisdiction so they can get at it?

Re:

[Anonymous Coward]

The court ruling is not asking for the data to be stored within the EU, it is about having it stored in any jurisdiction that offers similar citizen data protection as it would in the EU.

BULLSHIT.

[BardBollocks]

no, there's nothing safe about anyone compiling our data.

Barefaced liars

[JustNiz]

....Like Facebook have got any credibility at all when it comes to personal data.

Facebook may be right.

[Maelwryth]

The SCC's are intended for use in countries without the GDPR to enforce the same conditions in a contractual form.

However, the problem with the U.S. is that the security services don't give a shit about the SCC's and there are proven cases of them using the data so the EU can no longer turn a blind eye.

Re:

[clsc]

Nope. Privacy Shield got ruled out years ago. Then some people invented SCCs in the hope that could evade GDPR. Not so. GDPR is key, no matter what kind of evasion technique you try to cling to.

To be legal

[terminal.dk]

They should prove that they will not give any data to NSA/FBI/CIA on request.
A court order limiting data to sole name individuals is required.
And they should be able to tell how all their AI makes decisions.

The problem is not just FB

[Martin S.]

The problem is that it is effectively impossible to opt-out of Facebook, Google, Amazon etc collecting personal private data about people and that is illegal under EU data protections laws. The fines will keep getting bigger until they start complying, and that will only happen once compliance become more profitable than flouting the law.

And ...

[Fudoka]

Well, they would say that wouldn't they.