Facebook’s European data transfers under scrutiny

An influential privacy activist is pressing European Union officials to halt Facebook’s data flows from Europe to the U.S.

Austrian Max Schrems on Tuesday sent a letter to the data protection agency in Ireland — where Facebook has its European headquarters — arguing that the authority should “suspend all data flows from ‘Facebook Ireland Ltd’ to ‘Facebook Inc.'”

Schrems is the same activist that got the European courts to cancel a major U.S.-EU data transfer agreement months ago.

The European Court of Justice invalidated the long-standing “Safe Harbor” agreement — which allowed thousands of companies to legally transfer Europeans’ data to the U.S. — over concerns about U.S. surveillance programs.Schrems argued that Facebook is subject to those same surveillance programs and thus should not be allowed to move European data across the Atlantic Ocean.

“There is clear evidence that leads me to believe that my personal data, controlled by ‘Facebook Ireland Ltd,’ and processed by ‘Facebook Inc,’ is at the very least ‘made available’ to U.S. government authorities under various known and unknown legal provisions and spy programs,” he wrote.

In the wake of the court decision, companies fearing that European data protection agencies may come after them moved to house more of their customer information in EU-only data centers.

Major Silicon Valley players, such as Apple, Facebook, Google and Yahoo, had all relied on Safe Harbor to shuttle data between the two continents.

More proactive data protection authorities — such as Germany’s regulators — have already said they are investigating the U.S.-EU data flows at these top companies in light of the ruling.

Schrems also sent his Facebook letter to the Belgian Privacy Commissioner and the Hamburg Data Protection Authority in the hopes of raising pressure on Ireland’s office.

“We want to ensure that this very crucial judgement is also enforced in practice when it comes to the U.S. companies that are involved in US mass surveillance,” Schrems said in a statement. “The court’s judgement was very clear in this respect.”

Other tech industry giants, including Apple, Google, Microsoft and Yahoo, could also receive the same scrutiny in the near future, Schrems added.

“We are reviewing the situation in relation to all PRISM companies right now,” he said, referring to the U.S. surveillance program that collects Internet data.

Negotiators are scrambling to complete a Safe Harbor 2.0 agreement that includes enhanced privacy provisions. But digital rights advocates have argued that the new agreement would still face the same concerns over U.S. mass surveillance.

Schrems agreed, maintaining his points about Facebook would still apply even if a new Safe Harbor deal is struck.

“While a new ‘Safe Harbor’ may be helpful for most companies, it will not be able to overrule the findings in cases of ‘mass surveillance,’ which is why there is no reason to await the political process underway,” he said.