Facebook (META -0.43%) is not acquiescing to Irish regulators' demands that it stop transferring data from the European Union to the U.S. The social networking site is challenging the decision by requesting a judicial review of the order to obtain clarity on what is permissible.
Facebook says Ireland's Data Protection Commission (DPC) issued a preliminary order that would restrict its ability to transfer personal information. While it still needs to be approved by other EU regulators before it takes effect, Facebook says the DPC questions whether Facebook can continue relying upon standard contractual clauses (SCCs) to facilitate and protect data transfers to the U.S.
Earlier this year, the EU's top court struck down the Continent's Privacy Shield framework over concern about U.S. government surveillance. But it left intact the SCCs, which thousands of businesses rely upon to perform data transfers between other countries and the U.S.
Now the DPC says companies must offer consumers the same level of protection they receive in the EU, meaning "in practice, the application of the SCCs transfer mechanism to transfers of personal data to the United States is now questionable."
If approved, the decision would have broad implications beyond just Facebook as banks also rely heavily upon SCCs to do business.
Facebook wrote, "The Irish Data Protection Commission has commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers."
By going to the court before a final decision is made, Facebook is hoping to head off a catastrophic decision, which it says "could have a far-reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on."