Facebook Ireland is beefing up its board ahead of a European data protection showdown

The company’s top privacy lawyer will become one of the company’s three local directors.

By Paul O'Donoghue

FACEBOOK IRELAND HAS elevated one of its top legal eagles to its board as it prepares for a showdown in Europe over its data protection regime.

Documents recently filed for two of the US social network’s main local subsidiaries show the company’s Ireland-based head of data protection and privacy, Yvonne Cunnane, was appointed as a director earlier this week.

The 42-year-old former director at the Irish Internet Association boasts an extensive legal background, which includes eight years at Matheson before she joined Facebook in 2013.

Her first appointment at Facebook was as the firm’s lead data protection and privacy counsel. The move was seen as the company focusing its operations in the area amid the Irish outpost’s growing regional importance.

Cunnane_1 Yvonne Cunnane giving a talk on data protection around three years ago
Source: Vimeo/Matheson

As Facebook’s European headquarters is in Ireland, its operations here are the bulkhead for any data protection issues across the continent.

Much of the management of the company’s Europe-sourced data – relating to hundreds of millions of users – and the legal responsibility for that information falls on its Dublin office.

The new appointment will see Cunnane join the head of Facebook Ireland, Gareth Lambe, and the firm’s head of international finance, Shane Crehan, on the now three-person board for the companies.

Facebook wouldn’t comment on the reasons for the appointment when contacted via its spokesman by Fora.

Rory McIlroy visit to Facebook International HQ - Dublin Facebook's Gareth Lambe, left, with golfer Rory McIlroy
Source: Niall Carson/PA Wire

Safe harbour

Cunnane’s new role comes less than a month after the Irish Data Protection Commissioner announced it would challenge Facebook’s transfer of EU users’ data to the US at the European Court of Justice (ECJ).

Last year, the ECJ declared invalid the so-called Safe Harbour scheme, which allowed tech companies to automatically shift users’ data to servers in the US.

The ruling stemmed from a case Austrian privacy activist Max Schrems brought against the commissioner over the automatic transfer of his Facebook data offshore.

Following spying revelations from former National Security Agency (NSA) analyst-turned whistleblower Edward Snowden, the ECJ said the 15-year-old agreement worked against the fundamental rights of EU citizens.

Under the scheme, firms like Facebook, Google and Twitter only needed to provide guarantees that they were offering similar protections on data stored in the US to information they kept in Europe.

However once the data was sent offshore, there was effectively nothing in place to stop US authorities from trawling private details – even if the surveillance would have been illegal in the EU.

Europe Facebook Lawsuit Schrems, left, at the ECJ for the ruling last year
Source: AP/Press Association Images

Enforcing the ruling 

At the time of the ruling, the ECJ said Irish authorities now had to rule with “due diligence” whether the transfer of data from Facebook’s European subscribers to the US should be suspended “on the ground that that country does not afford an adequate level of protection of personal data”.

The commissioner announced in May that it is going to the High Court to seek a referral to the ECJ to determine the legal status of the transfers.

Several parties, including Digital Rights Ireland, have also applied to join the data protection case.