Facebook Inc said a preliminary decision by its lead European Union privacy watchdog that risks banning it from using a key tool to continue transferring data across the Atlantic was premature and violated procedural safeguards.

The social network challenged "the validity of the process” that led to the Irish Data Protection Commission’s preliminary decision in August that Facebook may no longer use so-called standard contractual clauses when it sends data to the United States. The Irish probe was paused after Facebook sought a legal review of the decision from the courts.

The Irish Data Protection Commission "decided to jump the gun” with its draft decision that was "not even” done based on its own investigation, Paul Sreenan, a lawyer representing Facebook, told a commercial court in Dublin on Dec 15, the first day of hearings that are set to continue all week.

The preliminary order by the data protection commission also puts into doubt data transfers by other tech firms under the Irish authority’s purview. The legal wrangling follows a surprise ruling in July by the European Union’s top court to topple the so-called Privacy Shield, an EU-approved trans-Atlantic transfer tool, over fears citizens’ data isn’t safe once shipped to the United States.

The controversy stretches back to 2013, when former contractor Edward Snowden exposed the extent of spying by the US National Security Agency. Privacy campaigner Max Schrems has been challenging Facebook in the Irish courts - where the social media company has its regional base - arguing that Europeans’ data is at risk the moment it gets transferred to the United States.

The Irish authority, which is the main EU privacy watchdog for some of Silicon Valley’s biggest companies, described the court ruling as extending "far beyond” the dispute that pitted it against Schrems over Facebook’s data transfers.

EU data-protection regulators are adopting a much tougher approach to data transfers since the July ruling, because it raised the bar for continued data flows outside the European Union by demanding that data protection in other countries must be "essentially equivalent” to that in the bloc.

The decision is also causing headaches for companies trying to understand how they can continue to legally transfer data to the United Kingdom once the country has officially left the European Union after Dec 31, especially in case Brexit happens without a deal.

 - Bloomberg