Ruling on Facebook data could throw global business into turmoil

Cantillon: If Privacy Shield incompatible with EU rules, data transfer impact may hit trade

The ongoing battle between Facebook and Ireland's Data Protection Commission was back before the courts on Friday with the social media giant coming off worst in its latest efforts to stop the regulator blocking transfer of data to the United States.

Mr Justice David Barniville dismissed Facebook's attempt to stop the DPC inquiring into or suspending the transfers over concerns that the data would lose the protection it enjoys in Europe under GDPR once it gets to the US.

But a stay on the regulator’s draft decision to suspend the transfers remains in place while the two sides consider the ruling.

Data to US

Facebook maintains the suspension, if it goes ahead, could be damaging not only to the social media company but also to its users and to other businesses.

And that's true. Because the rules in place governing such transfers affect not only Facebook but also any business that is storing or moving customer data out of the EU, and specifically those moving such data to the US.

At issue is Privacy Shield, the sticking plaster put in place in a hurry when the European Court of Justice found the previous regime covering such customer data, Safe Harbor, did not comply with European data protection rules.

International talks

If Privacy Shield is also found to be incompatible with the EU rules – which is where the current investigation appears to be heading – international business will be thrown into turmoil.

The ubiquitous nature of such data transfers is evident in the fact that both the American Chamber of Commerce and domestic business lobby group Ibec were quick to call for international talks to resolve the issue.

“The larger issue of how data can move around the world remains of significant importance to thousands of European and American businesses,” a Facebook spokesperson stated after the ruling.

That being so, would it not be better for governments on both sides of the Atlantic to put in place rules that actually protect the privacy of such data instead of contorting themselves to accommodate the existing business practices?