EU member states should be allowed to block Facebook Europe’s transfer of user data to U.S. servers despite a European Commission finding that U.S. personal data protection controls are “adequate” when the NSA spying scandal showed they’re not, a European Court of Justice adviser said Wednesday.
Austrian national Maximillian Schrems – a Facebook user since 2008 – lodged a complaint with the Irish data-protection authority when he learned that Facebook Europe routinely transferred EU users’ data to U.S.-based servers. EU law allows for personal data transfers to third nations only where the European Commission finds the third nation’s controls are adequate.
But Schrems argued that revelations made by National Security Agency whistleblower Edward Snowden in 2013 showed that the United States’ laws and practices in fact meant his data was not safe from unwanted surveillance – in this case, by the United States government itself.
The Irish authority rejected Schrems’ complaint in light of a 2000 finding by the commission that the United States’ “safe harbor” scheme – by which businesses can voluntarily provide personal data protection – offered the necessary “adequate” level of protection for legal transfers out of the EU.