Facebook could once again be in the privacy hot seat. The top European court is set to make a ruling on the site’s privacy configuration tomorrow.
Facebook and privacy has, optimistically speaking, an off and on relationship. That’s at least been the case for the last few years anyway. In 2019, it seemed like Facebook was suffering from a data leak at least every other month. Then, on the flip side, Facebook began pushing for end-to-end encryption. This caused governments around the world to lose their collective minds and start demanding Facebook cease this effort. Suffice to say, Facebook has at least both sides of the privacy debate at least at one point or another.
Now, it seems as though Facebook could find itself to be on the anti-privacy side of things depending on how a court ruling goes. A top European court is set to rule on whether or not Facebooks current privacy policies violate European privacy laws. From Yahoo! News:
Europe’s top court will on Thursday rule on the legality of tools companies use to transfer Europeans’ data around the world, in the latest clash between Facebook and Austrian privacy activist Max Schrems.
If the court finds the mechanisms are illegal, companies, ranging from small businesses to industrial giants, such as Facebook, could have to suspend the data transfers that underpin standard contractual clauses or face hefty fines for breach of EU privacy laws.
“The Court could upend one, two or all global data transfer mechanisms, sending tens of thousands of companies scrambling, or could validate the existing legal order, providing companies around the world the legal certainty they’ve been seeking for decades,” Caitlin Fennessy, research director at the International Association of Privacy Professionals (IAPP), said.
Known as the Privacy Shield, it is designed to protect Europeans’ personal data that is transferred outside the European Union when companies sign contracts with non-EU companies on outsourcing services, including payroll and cloud infrastructure.
The latest case – C-311/18 Facebook Ireland and Schrems – came before the Luxembourg-based Court of Justice of the European Union (CJEU) after Schrems challenged Facebook’s use of standard clauses as lacking sufficient data protection safeguards.
RTE, an Irish based publication, offered an interesting primer on the case. From RTE:
This case boils down to whether the private information of EU citizens is properly protected when companies transfer it to US soil.
As part of the EU’s Charter of Fundamental Rights, every citizen is entitled to have their personal data protected. That right is largely underpinned by the General Data Protection Regulation (GDPR).
Of course GDPR does not apply in non-EU countries (so called ‘third countries’) but in order to send certain information outside of the bloc, companies must agree to act as if it did.
At the same time US law obliges certain technology companies – like Facebook, Google, Apple and Twitter – to give its surveillance service access to the data they hold on grounds of national security.
Max Schrems and his organisation NOYB (None of your Business) believe that there is a fundamental clash here.
So, it’ll be interesting to see how the courts will rule. As the primer suggests, there isn’t much to go on as to which way the court is likely to rule. Still, if the court rules unfavourably against Facebook, the company could be on the hook for potentially massive fines. Given how many leaks the company has suffered in the last few years, another loss and increasing number of fines is likely the last thing Facebook wants.
The potential is there that people could see a potential court ruling as, “Wow, Facebook is up to their old ways of violating privacy again.” With COVID-19 stories flooding the media, Facebook privacy concerns have generally slid into the background noise. So, a headline that reads something like, “European Court Ruling Could Mean Facebook on Hook for More Major Fines Over Privacy Violations” could be a potential nightmare scenario for Facebook. So, although a number of people might not be focusing on this case, you can bet plenty at Facebook are watching this case closely.
Drew Wilson on Twitter: @icecube85 and Facebook.
