![]() ![]() Meta, whose EU base is in Ireland, said it had been “singled out” by the DPC despite thousands of other businesses using the same data transfer processes. ![]() The regulator said data transferred by Facebook under a legal instrument called standard contractual clauses (SCCs) “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the in its judgment”. The CJEU ruled that data leaving the EU must have the same level of protection as it would have under GDPR when it reaches its destination outside the EU. The DPC said Meta infringed GDPR by continuing to transfer EU user data to the US without proper safeguards in place, despite a ruling by the European court of justice in 2020 requiring robust protection of that information. Meta said it would appeal against the decision and seek a stay on the data transfer order. The ruling does not affect data transfers at Meta’s other main platforms, Instagram and WhatsApp. Meta has also been given six months to stop “the unlawful processing, including storage, in the US” of personal EU data already transferred across the Atlantic, meaning that user data will need to be removed from Facebook servers. ![]() The DPC punishment relates to a legal challenge brought by an Austrian privacy campaigner, Max Schrems, over concerns resulting from the Edward Snowden revelations that European users’ data is not sufficiently protected from US intelligence agencies when it is transferred across the Atlantic. ![]()
0 Comments
Leave a Reply. |