Facebook Inc. is appealing a preliminary order by Ireland’s privacy regulator to suspend its data transfers from Europe to the U.S., pushing its stance in a case with wide-ranging implications for global tech businesses.
Facebook filed the case against Ireland’s Data Protection Commission before Ireland’s High Court on Thursday, according to the country’s courts service. The social networking giant says it is asking for judicial review of the data commission’s process because the regulator issued an initial conclusion before receiving regulatory guidance from a body representing all European Union privacy regulators.
“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” Facebook said. “We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached,” the company added.
The company wouldn’t comment on whether it had asked the court to halt finalization of the preliminary order, nor did it offer more detail on the grounds for its request for a judicial review.
Ireland’s Data Protection Commission declined to comment. The privacy regulator leads enforcement of EU privacy law for companies that have regional headquarters in the country, such as Facebook, Alphabet Inc.’s Google and Apple Inc.
The appeal comes after The Wall Street Journal on Wednesday first reported that Ireland’s Data Protection Commission had informed Facebook in a preliminary decision that it expects to order the suspension of the company’s transfers of personal information about EU users to Facebook’s servers in the U.S.
The commission found that a July decision from the European Union’s top court meant that the main legal mechanism Facebook uses to send its users’ data to the U.S. is no longer valid. The July decision restricted how companies could send Europeans’ personal information to the U.S. because the court said Europeans don’t have actionable rights to challenge its subsequent collection by U.S. surveillance agencies.
How—and whether—Ireland’s order is enforced will have a broad impact on tech businesses and the companies they serve. Though the order applies to Facebook, the same logic could apply to other large tech companies that are subject to U.S. surveillance laws, according to people familiar with the matter. Some lawyers say resolving the core issues from the EU court decision might require changes to U.S. surveillance laws to give more legal rights to Europeans.
Ireland’s data commission had given Facebook until roughly mid- September to file its responses to the preliminary order, according to people familiar with the matter. After that, the commission told Facebook it would submit a draft order to a body comprising other EU privacy regulators as part of their joint decision-making process for cross-border cases under the EU’s privacy law, the people said.
A Facebook spokeswoman on Friday said that the company still plans to submit its responses to Ireland’s Data Protection Commission by the deadline set by the regulator.
Separately, the body called the European Data Protection Board said last week that it has formed a task force to investigate complaints filed in response to the July ruling against 101 European websites, arguing that they must stop using tools from tech providers, including Facebook and Alphabet Inc.’s Google, that send personal data to the U.S.
Those complaints were filed by a group founded by Austrian privacy activist Max Schrems, whose initial complaints nearly a decade ago led to the July court decision. On Friday, Mr. Schrems said on Twitter that Facebook’s appeal shows “how it is wholly illusionary to get such a case through in a couple of weeks/months in the Irish legal system.”
Write to Sam Schechner at email@example.com