Is our European Facebook Data safely being transferred to the US?
Facebook user data is stored in the United States on servers owned or managed by Facebook INC, although there is a headquarter here in Europe, located in Dublin and it’s there to oversee the safety agreements about data protection within Europe. The Facebook data exchange between Europe and the US was managed by the Safe Harbour agreement. This agreement was made between the EU and the US to protect EU citizens’ data if transferred by American companies to the US. But what does it mean when the Safe Harbour agreement is declared invalid?
What was the safe harbour agreement?
EU privacy law forbids the exchange of its citizens’ data outside of the EU, with the exception if it is transferred to a location which has approved safety regulations regarding data security. It is only allowed if the regulations are in line with those of the EU. In a decision of 6 October 2015, the Court of justice of the European Union declared the ‘Safe Harbour’ Security agreement invalid due to its lack of protection of personal transferred data. One can wonder why the agreement was approved in the first place, but what first was viewed as adequately safe quickly changed after the Snowden revelations.
The big American companies could no longer rely on self-certification, and would have to strike “model contract clauses” in each case. Only these would authorize the transfer of data outside of Europe. They have to guarantee an adequate level of protection.
“The data of Facebook’s European subscribers to the US should be suspended on the grounds that that country does not afford an adequate level of protection of personal data” the EUCJ said.
Forming these clauses is mostly a lot of paperwork for these companies, but it is a crucial factor for the European citizens’ privacy.
On February 2nd The European Commission and the United States have agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield.
This new agreement will protect the fundamental rights of Europeans where their data is transferred to the United States and ensure legal certainty for businesses. The new arrangement will provide stronger obligations on companies in the US to protect the personal data of Europeans and stronger monitoring and enforcement by the US, including through increased cooperation with European Data Protection Authorities. This arrangement will have clear conditions, limitations and oversight, preventing generalized access.
Let’s hope that this new agreement will protect our Facebook data better than the last one.
Babs Hessing, Sandra Yuen & Ellis Rietberg