Meta's EU data transfer case will face Article 65 dispute resolution procedure
It has been reported that the Irish Data Protection Commissioner (DPC) has decided to trigger the dispute resolution mechanism under Article 65 of the GDPR in respect of the landmark decision on the data transfers undertaken by Meta Platforms Ireland Limited’s (Meta) social media platforms Facebook and Instagram, commonly referred to as ‘Schrems II’.
In the aftermath of the “Schrems II decision” which invalidated the EU-US Privacy Shield Framework, the DPC sent its draft decision regarding its plans to halt Meta’s transfers of personal data from the EU to the US through the use of standard contractual clauses to its fellow EU data protection authorities. Based on reports on these development, Article 65 was subsequently activated after the DPC as the lead supervisory authority was unable to address relevant and reasoned objections raised by the concerned supervisory authorities to its draft decision.
Article 65 GDPR enables the European Data Protection Board (EDPB) to adopt binding decisions in cases where there are discrepancies in the opinions of the supervisory authorities on some elements of interpretation of the GDPR. As relevant to this case, Article 65(1)(a) GDPR addresses the cases where a consensus could not be reached between the lead supervisory authority and the other supervisory authorities concerned within the consistency mechanism under Article 60 of the GDPR.
The case will officially trigger the Article 65 dispute resolution mechanism once the EDPB Secretariat concludes its administrative work on the case. Meta has said that if the DPC’s original enforcement decision is upheld, then Meta’s Instagram and Facebook services may be shuttered in the EU.
No formal statement has yet been made but the DPC’s recent decision to invoke Article 65 has been reported by both Politico and IAPP here and here respectively.