UK-US data transfers – does the Irish DPC’s Meta decision make a difference?

Debbie Heywood and Matt Quezada of Taylor Wessing look at the impact of the recent Meta decision in the context of the EU-US Data Protection Framework, and what that means for UK-US data  transfers.

For ten years, Max Schrems has argued that Meta Ireland (previously Facebook) does not adequately protect personal data it sends from the EEA to the US because the data is subject to access by US law enforcement, and EU individuals have no adequate means of redress in relation to unlawfully accessed data in the US. As the ECJ struck down first Safe Harbor and then the Privacy Shield in what became known as the Schrems I(1) and II(2) decisions, Facebook moved to using Standard Contractual Clauses (SCCs) and supplementary measures for its transfers. A decision by the Irish Data Protection Commissioner (DPC) on whether or not this was lawful, went all the way through an Article 65 procedure, culminating in a European Data Protection Board (EDPB) decision which the DPC was required to follow.

Continue Reading

UK Report subscribers, please login to access the full article


If you wish to subscribe, please see our subscription information.