Ireland’s High Court on Friday allowed the country’s Data Protection Commission to continue with a procedure that could lead to a ban of Facebook’s data transfers from the European Union to the U.S.
The DPC issued a provisional order last year saying that the mechanism Facebook
uses for data transfers from Europe to its U.S. computer servers “cannot in practice be used.”
Facebook then warned against the “devastating” and “irreversible” consequences of the decision for its business, but the High Court, in a decision closely watched by European privacy activists as well as big internet multinationals, said on Friday that it “refused all of the reliefs sought by [Facebook] and dismissed the claims made by it in the proceedings.”
The preliminary decision of the Irish regulator came last year after a July 2020 ruling by the European Union’s top court that invalidated a U.S.-EU agreement on data transfers known as Privacy Shield, on the grounds that it didn’t provide European citizens enough protection from U.S. government or corporate surveillance.
Even after Friday’s ruling, Facebook—whose main EU regulator is the DPC because its European base is located in Ireland—has until September to respond to the order. And in any case, the DPC will have to coordinate its action with the EU’s other 26 regulating bodies, who must approve the measures taken.
After last year’s court ruling, the EU and the U.S. started negotiating on a new privacy agreement, but the talks will take months to complete.
In the extreme scenario where no deal would be struck, the world’s biggest internet companies would either have to set up large and costly server centers in Europe, or to abandon the European market altogether.