Methods used by tech companies such as Facebook Inc. to transfer EU citizens' data to countries such as the U.S. are "valid," according to an adviser to the Court of Justice of the European Union.
Advocate General Henrik Saugmandsgaard Øe said personal data transfers may be allowed so long as the company and the regulator in the "third country of destination" provide adequate privacy protection, in line with standard contractual clauses approved by the European Commission.
"There is an obligation — placed on the data controllers and on the supervisory authorities — to suspend or prohibit a transfer when those clauses cannot be complied with," the official said.
The advocate general's opinion came in response to an October 2017 case filed by Irish Data Protection Commissioner Helen Dixon, which was referred by the country's High Court to the EU's top court. The case is in response to a complaint by Austrian lawyer Max Schrems on whether Facebook's transfer of his personal data to the U.S. violated his privacy rights as an EU citizen.
Judges at the CJEU will now have to rule on the case.
Ireland's Data Protection Commission welcomed the advocate general's statement. Facebook, meanwhile, said it was looking forward to the CJEU's final decision, The Wall Street Journal reported.