Social media platform Facebook’s owner Meta has stated that if it is unable to continue moving user data to the United States, it may shut down Facebook and Instagram in Europe.
Last Thursday, the social media behemoth issued a warning in its annual report.
European regulators are already drafting new rules that will govern how EU residents’ personal information is transmitted across the Atlantic.
“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs (standard contractual clauses) or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Facebook said.
This “would materially and adversely affect our business, financial condition, and results of operations,” the company added.
“Meta cannot just blackmail the EU into giving up its data protection standards,” European lawmaker Axel Voss said via Twitter, adding that “leaving the EU would be their loss.” Voss has previously written some of the EU’s data protection legislation.
The firm has no planning to leave Europe and has no intentions to do so, a Meta spokesperson told CNBC on Monday and added that its previous filings with the European regulators were used to raise some concerns on the issue.
“But the simple reality is that Meta, and many other businesses, organizations, and services, rely on data transfers between the EU and the U.S. in order to operate global services,” they said.
There was no comment on the issue from the European Commission.
According to a report from The Wall Street Journal that quoted persons with knowledge of the situation, Ireland’s Protection Commission has sent Facebook a preliminary order in August 2020 to stop moving user data from the EU to the US.
“The Irish Data Protection Commission has commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers,” Nick Clegg, Facebook’s vice president of global affairs and communications, said in a blog post at the time.
“While this approach is subject to further process, if followed, it could have a far-reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on,” he added.
In the first half of 2022, Ireland’s Data Protection Commission is likely to make a final ruling.
If SCCs aren’t allowed to be TREATED as a legal basis for data transfers, Facebook will have to separate out most of the data it gathers on European users. If Facebook fails to comply, the DPC might fine it up to 4% of its annual revenue, or $2.8 billion.
The European Court of Justice determined in July 2020 that the EU-US data transfer standard does not effectively protect European citizens’ privacy.
After determining that EU residents had no effective mechanism to contest American government monitoring, the court, the EU’s top judicial authority, limited how U.S. firms could send European user data to the US.
The National Security Agency (NSA) could hypothetically order Facebook and Google to send over data on an EU person and the EU citizen would have no idea.
The ECJ decision came after Austrian privacy campaigner Max Schrems filed a case in the wake of Edward Snowden’s revelations, claiming that US law did not provide adequate protection against government eavesdropping. Schrems filed a lawsuit against Facebook, which, like many other companies, was sending his and other users’ data to the United States.
The EU-US Privacy Shield agreement, which allowed companies to transport EU citizens’ data over the Atlantic, was declared illegal by the court. As a result, businesses have been forced to rely on SCCs.
(Adapted from CNBC.com)