Lawyer General of the EU Court: Facebook can continue to send European data to the US
Facebook may share data from European users with the US, advises the Advocate General of the European Court of Justice. Facebook’s conditions offer sufficient guarantees for this, the AG concluded in a case brought by Max Schrems.
“Standard contractual clauses for transferring personal data to processors in third countries are valid,” said Advocate General Henrik Saugmandsgaard Øe. He responds to the case that Austrian Max Schrems has been conducting against Facebook for years. Schrems does not want his data as a European to be exchanged with the US. Partly due to Schrems’ case, the controversial ‘Safe Harbor’ program was previously discontinued. It has been replaced by a replacement, Privacy Shield.
Max Schrems specifically criticizes the so-called ‘standard contractual clauses’ that are included in the Privacy Shield. These are standard terms and conditions drawn up by the European Union and data processors, which comply with European privacy legislation. Under these SCCs, companies can transfer data to the United States and other Privacy Shield member countries. Schrems believes those clauses lead to a violation of his rights. He thinks the safeguards in the clauses are not good enough. For example, it would not be possible to exercise certain GDPR rights in America, such as granting removal requests. The Advocate General believes that Facebook does offer enough guarantees to be able to invoke the clauses. As a result, data could simply be passed on to America.
Saugmandsgaard Øe says it is not for the Court to rule on the content of the Privacy Shield clauses. In this case, the European Court must only consider whether the SCCs are valid. The decision of the Advocate General is not binding. The final decision will be made in a few months. Opinions of the Advocate General are generally adopted by the judges of the Court.