Brussels (Sputnik) – the Cambridge Analytics-Facebook data scandal and the new EU rules is to tighten the rules of data flows foreign companies and to bring all member States in accordance with a uniform set of standards for the protection of Europeans ‘ personal data, legal industry experts told Sputnik.
On may 25 of the EU Directive on data protection 95/46/EC On personal data protection will be replaced by the General data protection regulation (GDPR). Preparation this step was long, but it was suddenly put in the spotlight on “the case of Facebook,” a modest use of personal data of millions of users of Facebook consulting firm Cambridge analyst without their consent.
Tougher for TNK
Speaking at the satellite, Rebecca cousin, partner at London law firm slaughter and may, said that the new regulations are designed to enhance the framework of EU citizens on data protection for companies based in foreign companies and to tighten the financial impact of data leakage to third parties.
“The new regime has extraterritorial effect, so it will apply to companies that do not have the base of the EU if they offer goods or services to individuals in the EU or if they follow their behavior. It will bring much more of the entities in the scope of confidentiality of the EU data and, therefore, we are seeing companies from around the world, assesses the impact of GDPR on them and what steps they must take to comply,” she said.
From the point of view of financial sanctions, a cousin, who is the head of slaughter and may data protection and privacy practices, explained that the company will not only hike many times in potential losses if they fail to protect their customer data, but also a greater number of claims of physical persons as the mouth of a greater awareness in Cambridge of the analyst scandal and the EU response.
“The new resolution, the sanctions increase fines not more than 4% of global annual turnover (or € 20 million if higher). For comparison, the Maximum level of fines in the UK is currently £500,000. The amount of the fine, so much more deterrent for the Internet giant firms like Facebook or Google, although reputational consequences has always been a strong deterrent. It will continue to be important for many companies. Fines go to the regulators unlike individuals, the claims about damage compensation. I expect that the increase in civil cases against companies on issues of information, in part due to greater awareness of human rights and argues that companies are beginning to stimulate the ability to bring such a claim,” she said.
Regulation to replace Directive
The first main question-I wonder why the Directive is European law, approved by the European Parliament and then transposed by each country in their national laws, should be replaced by European rules immediately apply to all.
The reason is to eliminate delays and wasted time that result from each country to decide on the rules of the data stream independently, often differ from the original Directive, with some supervision by the European Commission, according to experts of the legal industry.
“Of course, currently such data can be easily transferred outside of the Union in countries that do not guarantee the same level of protection. In order to prevent these data can be used contrary to European regulations, Directives specifically targets “transboundary fluxes” (i.e. personal data outside the European Union). The Directive prohibits such flows to third countries that do not provide the level of protection that it qualifies as “adequate.” The European Commission is responsible for determining whether the country provides this level of protection. If not, the Directive nevertheless allows the transfer, subject to certain conditions, for example, where the controller provides adequate safeguards,” says Jean-Francois Bellis of the Brussels law firm van Bael & Bellis, said of Sputnik.
Until 2013, the U.S. was viewed as “safe” without any problems transfer. The Europeans lived within the framework of the agreement on the “safe Harbor” between Brussels and Washington.
But then, on 6 June 2013, Edward Snowden, a computer specialist, works for the CIA and the NSA, revealed the scale of surveillance that the NSA is doing on American and foreign networks, including social media. Europeans were heard in the CIA. It was a huge scandal at the time. Snowden, the whistleblower, sought refuge in Hong Kong and then Russia where he was granted asylum by 2020.
As Ireland Enters The Game
With regards to the specifics of Facebook’s presence in Europe, which until recently was used in Ireland as a basis for tax revenues and operations, the experts explained that the transfer of data from Europe to the United States is still not determined by the court of justice of the European Union (cjeu), which has yet to take action on the five-year litigation against Facebook. The trial was initiated in 2013 after a complaint by Austrian lawyer max Schrems with the Irish data protection.
“Why Ireland? Because Facebook Ireland European data shared with Facebook Inc in the United States. According to Mr. Schrems, surveillance program, national security Agency USA Edward Snowden, who has just published, is incompatible with European fundamental rights and, as a result, according to Schrems, Facebook has had to suspend cross-border data in the United States to such an extent that it could potentially be subject to mass surveillance by the NSA. This procedure gave rise to a preliminary question, the CJEU, in 2016, abolished the EU and the US “safe Harbor”,” Jean-Francois Bellis said.
Of course, the European Commission, the US government and associated with trying to find a solution to allow data flows to continue across the Atlantic.
Upon termination of Safe Harbor, Facebook Ireland refused the so-called “adequacy” system to system “adequate assurance” and concluded a contract with Facebook Inc. the inclusion of the “standard contractual clauses” of the European Commission. These standard terms have been recognized by the European Commission as offer “sufficient guarantees” for cross-border flows.
But for the Austrian claimant Schrems, these measures were not sufficient. He appealed to the Irish data protection Commissioner (DPC), which could suspend such a transfer. However, the Irish DPC chose not to interrupt the transmission, but handed the hot potato of the CJEU.
The court of justice of the European Union must, therefore, to answer a number of questions that will allow you to determine whether model contractual clauses can be used to transfer personal data in the United States. The importance of this decision is how thousands of companies use these standard contractual clauses.
“The Irish court has the ability to refer questions of European law to the European court, where he issued a ruling in the law in order to be able to apply it in the circumstances of the case. The only certainty is that now it will not be a quick process to get the decision of the European Court,” said Rebecca cousin from slaughter and may said.
I could still two years before the European court gives the answer and shows whether Facebook and other Internet giants can export European data in the United States. Urgent matters can wait a little longer.
Sourse: sputniknews.com