Facebook loses its fight to transfer EU data to the US.
The Irish High Court, Ireland's data privacy watchdog, has won a legal fight over Facebook's data flows between the EU and the US.
When the EU-US Privacy Shield was ruled insufficient in protecting the privacy of EU data subjects last year, many companies were left in an uncomfortable state of limbo waiting. Any organization moving data about EU residents from the EU to the US has been in the dark on whether they were still in compliance.
Ireland's data protection commission has become known within the GDPR community for targeting "big tech", in part because Ireland's tax laws have made it an appealing home to the EU subsidiaries of many US companies.
The guidance by those in the privacy community since the breakdown of Privacy Shield has been "wait and hope you aren't targeted." That may still be the only option for smaller companies, but now that Facebook has lost their fight in court we could see a wave of similar legal pushes by the High Court and other EU member states.
To combat this, data localization seems like the most obvious path forward. As the likelihood of a swift replacement for Privacy Shield seems slim, we're seeing more cloud data providers offering EU-specific solutions—like Microsoft's recent announcement that they will offer both storage and processing that meets EU guidelines.