Beautiful Virgin Islands

Tuesday, Jun 03, 2025

Despite EU court rulings, Facebook says US is safe to receive Europeans’ data

Despite EU court rulings, Facebook says US is safe to receive Europeans’ data

Internal documents say EU judges’ ruling ‘should not be relied on’ in data transfer assessments.
Europe's top court says Washington plays fast and loose with European data. Facebook disagrees.

Despite the European Union's highest court twice declaring that the United States does not offer sufficient protection for Europeans' data from American national security agencies, the social media giant's lawyers continue to disagree, according to internal documents seen by POLITICO.

Their conclusion that the U.S. is safe for EU data is part of Facebook's legal argument for it to be able to continue shipping data across the Atlantic.

"The conclusion of the Equivalence Assessment is, in summary, that relevant U.S. law and practice provides protection of personal data that is essentially equivalent to the level of protection required by EU law," says one of the Facebook internal documents, dated 2021. Equivalence Assessments are made by companies to judge how privacy protections in non-EU countries compare to Europe's.

In July 2020, the Court of Justice of the European Union (CJEU) struck down a U.S.-EU data transfer instrument called Privacy Shield. The court concluded Washington did not offer adequate protection for EU data shipped overseas because U.S. surveillance law was too intrusive for European standards.

In the same landmark ruling, the Luxembourg-based court upheld the legality of another instrument used to export data out of Europe called Standard Contractual Clauses (SCCs). But it cast doubt on whether these complex legal instruments could be used to shuttle data to countries where EU standards cannot be met, including the U.S.

The CJEU reached a similar conclusion in 2015, striking down the predecessor agreement to Privacy Shield because of U.S. surveillance law and practices. In both rulings, Europe's top judges categorically stated Washington did not have sufficiently high privacy standards.

Still, Facebook — the company at the heart of both cases — thinks it shouldn't follow the court's reasoning.

The company's lawyers argue in the documents that the EU court ruling "should not be relied on" for the social media company's own assessment of data transfers to the U.S., because the judges' findings relate to Privacy Shield data pact, and not the Standard Contractual Clauses which Facebook uses to transfer data to the U.S.

"The assessment of U.S. law (and practice) under Article 45 GDPR is materially different to the assessment of law and practice required under Article 46 GDPR," the document reads. That refers to the two different types of legal data transfer instruments under the EU's General Data Protection Regulation and indicates that assessment under SCCs is different to assessment under Privacy Shield.

The company also says that changes to U.S. law and practices since the July 2020 ruling should be taken into account. As an example, it cites the U.S. Federal Trade Commission, a watchdog, "carrying out its role as a data protection agency with unprecedented force and vigour." Those arguments have been central to Washington's pitch during ongoing transatlantic negotiations over a new EU-U.S. data agreement.

Though companies have to take the EU court ruling into account when making their own assessments of third party country regimes, they can, in theory, diverge from the court's findings if they believe it is justified in a particular situation. This means that companies like Facebook can, in theory, continue to ship data out of Europe if they can prove its sufficiently protected.

"A transfer impact assessment conducted under EU law should take [the court's findings] into account for transfers to the U.S., but it is still an assessment that each company makes for their specific transfers under SCCs, which they are responsible for if the legality of that transfer is or will be challenged," said Gabriela Zanfir-Fortuna of the Future of Privacy Forum think tank.

Even so, several legal experts contacted by POLITICO said they could not see how Facebook would be able to conclude the U.S. protections are essentially equivalent to the EU's in light of the court ruling. One said that this was especially true for Facebook, since the company's own data transfers were at the heart of the case.

The revelations heap fresh pressure on the Irish Data Protection Commission (DPC), which first received a complaint against Facebook's data transfers in 2013 from Austrian campaigner Max Schrems. That complaint led to the CJEU's so-called Schrems I and Schrems II rulings that concluded that U.S. protections fall short of EU standards.

In a preliminary decision in September 2020, the Irish DPC suggested Facebook would have to stop transferring data to the U.S. following last July's ruling, but has yet to finalize the decision despite overturning Facebook's challenge to the agency's investigation in May. Dublin now holds the power to stop Facebook from moving EU data to the U.S.

If the Irish watchdog follows through with that decision, it would mark a serious blow to Facebook's efforts to keep the data taps flowing amid the ongoing EU-U.S. discussions on a new data-transfer pact.

The Irish DPC said it could not comment since it has an open inquiry into the matter.

A Facebook spokesperson said: “Like other companies, we have followed the rules and relied on international transfer mechanisms to transfer data in a safe and secure way. Businesses need clear, global rules, underpinned by the strong rule of law, to protect transatlantic data flows over the long term.”

The company's internal document also points to the EU's data flows deal with the United Kingdom, which Brussels approved in June, to back up its favorable assessment of the U.S.

"It is clear that in some important respects, the U.K. regime, which the Commission has assessed to be adequate under Article 45 GDPR, takes a similar approach to the U.S. in relation to limitations on data protection rights in the context of interception of communications," the document reads.

In a separate document listing factors relevant to its data transfers, Facebook seeks to downplay the risk that data is accessed by U.S. authorities.

It notes the 234,998 data requests it received from U.S. authorities in 2020 "represents a tiny fraction" of the total number of users, which Facebook estimates at around 3.30 billion.
Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
China Accuses US of Violating Trade Truce
Panama Port Owner Balances US-China Pressures
France Implements Nationwide Outdoor Smoking Ban to Protect Children
German Chancellor Merz Keeps Putin Guessing on Missile Strategy
Mandelson Criticizes UK's 'Fetish' for Abandoning EU Regulations
British Fishing Boat Owner Fined €30,000 by French Authorities
Dutch government falls as far-right leader Wilders quits coalition
Harvard Urges US to Unfreeze Funds for Public Health Research
Businessman Mauled by Lion at Luxury Namibian Lodge
Researchers Consider New Destinations Beyond the U.S.
53-Year-Old Doctor Claims Biological Age of 23
Trump Struggles to Secure Trade Deals With China and Europe
Russia to Return 6,000 Corpses Under Ukraine Prisoner Swap Deal
Microsoft Lays Off Hundreds More Amid Restructuring
Harvey Weinstein’s Publicist Embraces Notoriety
Macron and Meloni Seek Unity Despite Tensions
Trump Administration Accused of Obstructing Deportation Cases
Newark Mayor Sues Over Arrest at Immigration Facility
Center-Left Candidate Projected to Win South Korean Presidency
Trump’s Tariffs Predicted to Stall Global Economic Growth
South Korea’s President-Elect Expected to Take Softer Line on Trump and North Korea
Trump’s China Strategy Remains a Geopolitical Puzzle
Ukraine Executes Long-Range Drone Strikes on Russian Airbases
Conservative Karol Nawrocki wins Poland’s presidential election
Study Identifies Potential Radicalization Risk Among Over One Million Muslims in Germany
Good news: Annalena Baerbock Elected President of the UN General Assembly
Apple Appeals EU Law Over User Data Sharing Requirements
South Africa: "First Black Bank" Collapses after Being Looted by Owners
Poland will now withdraw from the EU migration pact after pro-Trump nationalist wins Election
"That's Disgusting, Don’t Say It Again": The Trump Joke That Made the President Boil
Trump Cancels NASA Nominee Over Democratic Donations
Paris Saint-Germain's Greatest Triumph Is Football’s Lowest Point
OnlyFans for Sale: From Lockdown Lifeline to Eight-Billion-Dollar Empire
Mayor’s Security Officer Implicated | Shocking New Details Emerge in NYC Kidnapping Case
Hegseth Warns of Potential Chinese Military Action Against Taiwan
OPEC+ Agrees to Increase Oil Output for Third Consecutive Month
Jamie Dimon Warns U.S. Bond Market Faces Pressure from Rising Debt
Turkey Detains Istanbul Officials Amid Anti-Corruption Crackdown
Taylor Swift Gains Ownership of Her First Six Albums
Bangkok Ranked World's Top City for Remote Work in 2025
Satirical Sketch Sparks Political Spouse Feud in South Korea
Indonesia Quarry Collapse Leaves Multiple Dead and Missing
South Korean Election Video Pulled Amid Misogyny Outcry
Asian Economies Shift Away from US Dollar Amid Trade Tensions
Netflix Investigates Allegations of On-Set Mistreatment in K-Drama Production
US Defence Chief Reaffirms Strong Ties with Singapore Amid Regional Tensions
Vietnam Faces Strategic Dilemma Over China's Mekong River Projects
Malaysia's First AI Preacher Sparks Debate on Islamic Principles
White House Press Secretary Criticizes Harvard Funding, Advocates for Vocational Training
France to Implement Nationwide Smoking Ban in Outdoor Spaces Frequented by Children
×