"Facebook continues to breach personal data privacy rights in Europe, says a group of human rights organizations, and it demands that Facebook’s EU-US data transfers stop by February 6, 2016. Facebook has formally responded.
As previously reported, the Privacy First Foundation, Public Interest Litigation Project PILP and the Dutch Platform for the Protection of Civil Rights (collectively, “Privacy First”) sent Facebook a demand letter, to which Facebook has now replied in writing.
Facebook’s written response
Facebook responded to Privacy First’s demand letter by giving written assurances of data protection in accordance with current law–that is, those parts of the Privacy Directive that survived the ruling in Schrems, the case that invalidated Safe Harbor.
Specifically, Facebook states that “the grounds for transfer of data set out in Article 26 of the Directive remain entirely lawful,” and that it complies with “these other grounds to transfer data legally from the European Union to the United States .” Facebook further challenged the Dutch tribunal Privacy First plans to use, as lacking competence over Facebook Ireland, the party it asserts is the data controller for data of Facebook Netherlands.
Privacy First’s reply
Privacy First, in its reply through its counsel Boekx, Amsterdam, reiterated its position that the other instruments currently used as basis for EU-US data transfers (such as Standard Contractual Clauses or individual consent) are “fundamentally flawed, as these options do not resolve the problems identified by the European Court of Justice in the Schrems judgment.”
Privacy First’s reply further reserves its rights to initiate legal proceedings in the Hague “requesting a preliminary injunction and/or raising prejudicial questions with the European Court of Justice” if Facebook doesn’t stop EU-US data transfers or provide adequate protections by February 6th, 2016.
Clearly, Privacy First and its co-plaintiffs are not happy with Facebook's response. (...)
Facebook’s letter also challenges the competence of Dutch courts to hear proceedings in the Netherlands against Facebook Ireland, which it alleges is the true data controller, not Facebook Netherlands B.V. Regarding the competence issue, [Boekx] said that Dutch courts have rendered decisions in the past against both Facebook parties.
As reported, the EU and US are currently negotiating replacement of the Safe Harbor Agreement; there is a meeting of the negotiating parties scheduled for February 2nd to discuss EU-US data transfers and how to ensure protections for EU citizens in the legal uncertainties left by Schrems.
Further delays possible
Due to delay in legislation in the U.S. that may be one of the EU’s preconditions to Safe Harbor (the Judicial Redress Act), further delays in Safe Harbor resolution are expected (by some) that could take those negotiations beyond the February 6 deadline set by Privacy First. These delays could set Facebook up for proceedings that, if successful, would result in a shutdown of its EU-US data transfers. (...)"
Source: http://www.forbes.com/sites/lisabrownlee/2016/01/27/facebook-fires-back-in-eu-privacy-dispute/#2fe9f2801d5b, 27 January 2016.