The world's biggest social network could be headed for more legal trouble over its handling of private data after an Irish court has ordered a probe into the firm's transfer of EU users' personal information to the US.
The High Court in Dublin on Tuesday instructed the Irish Data Protection Commissioner (IDPC) to audit Facebook, which has its European headquarters in the country's capital.
The privacy watchdog had initially refused to launch an investigation, arguing that the social media giant's practices were protected under a 15-year-old trade agreement known as Safe Harbor, which permitted the free transfer of data between the EU and the US.
But a ruling by the European Court of Justice (ECJ) two weeks ago, striking down Safe Harbor, rendered this line of legal reasoning moot. On Tuesday, the IDPC appeared to have fallen in line, vowing to "proceed to investigate the substance of the complaint with all due diligence."
Facebook said it would cooperate with investigators, but insisted in a statement that it had never been part of a program to give the US government direct access to its servers.
Safe Harbor sparks celebration, uncertainty
The ECJ's October 6 strike-down of Safe Harbor was seen as a victory of David and Goliath proportions for privacy protection activists, who have been scathing in their criticism of Washington's sweeping surveillance tactics exposed by former National Security Agency (NSA) contractor-turned-whistleblower Edward Snowden.
The landmark ruling was the result of a legal challenge by Austrian law student Max Schrems, lodged in the wake of Snowden's revelations in 2013 of the NSA's so-called Prism program, which allowed intelligence officials to harvest private user information from big tech firms such as Facebook and Google.
Handing down its verdict, the Luxembourg-based EU court delivered a blistering critique of the US for "compromising the essence of the fundamental right to respect for private life."
Under EU data protection law, it is illegal for companies to hand over EU citizens' personal data to countries outside the bloc deemed to have insufficient privacy safeguards.
But what was seen as a cause for celebration among privacy advocates has become a source of confusion for thousands of EU and US companies. Many worry about the legal consequences of transferring personal data across the Atlantic, ranging from employees' payroll information to data used for online advertising - one of the main engines of revenue for many tech firms.
pad/hg (AFP, Reuters)