The privacy activist who filed the original complaint against Facebook that led to the invalidation of the U.S-EU Safe Harbor Framework (Safe Harbor) has filed three follow up complaints against Facebook. The complaints were filed with the Irish, Belgian, and Hamburg data protection authorities and were announced on December 2. The complaints ask the authorities to ensure compliance with the October 6, 2015 European Court of Justice ruling which invalidated Safe Harbor, and to “suspend all data flows from Facebook Ireland Ltd to Facebook Inc” based on beliefs of mass surveillance and data sharing between private companies and the U.S. national security agencies. Facebook stated that it was never part of the U.S. National Security Agency’s PRISM effort and that since Safe Harbor was invalidated it has ensured other legal methods to transfer personal data from Europe to the U.S.
While the Article 29 Working Party, comprised of all member state data protection authorities, agreed to hold off on concerted enforcement efforts until January 2016, they have stated that individual data protection authorities are of course free to respond to individual complaints until then. We will continue to provide updates as post-Safe Harbor enforcement efforts develop.