In this era, it becomes more important both for Internet users and for the different governments of the world. Thus, while we see that when it comes to making their privacy policies compatible with community regulations, after several threats, it seems that Meta is postponing its decision to stop operating in Europe if regulators prevent the transfer of personal data of its users to the United States.
Meta threatened to stop operating in Europe if data transfer ban is passed
The story is not new: in 2020 the Court of Justice of the European Union the agreement on the Privacy Shield (Privacy Shield) of 2016 between the European Union and the United States.
pointed out that the big North American technology companies, such as Apple, Google and Meta (Facebook, at the time) could manage the data of European users from the United Statesbut said agreement And it is in this environment that the Irish Data Protection Commission, the main European regulator in this matter, and the country in which Facebook has its headquarters, decided begin to require the company not to remove the data of European users from this region.
This restriction would essentially force Meta to install servers in Europe and implement new restrictions on data sharing between regions, which of course would not only be expensive, but would complicate the business of the great social network.
Given this scenario, Meta’s reaction was to threaten to stop operating in Europe: both Facebook and Instagram would stop working throughout the region.
“If the decision is upheld, it is unclear how the Facebook and Instagram services could continue to be provided in the European Union under these circumstances.” assured in 2020 , director of data protection and privacy of Facebook in Ireland.
And since then, nothing.
That was a preliminary decision that now Facebook, renamed Meta, You have seen how it has been postponed. Sent in February of this year to the US stock market regulatory agency (SEC), the company expressed very clearly what its fears towards this legal novelty consist of and the impact that its implementation would have on its results:
“We are subject to evolving laws and regulations that dictate whether, how and under what circumstances we may transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which we operate and data . shared between our products and services.
If we are unable to transfer data between countries and regions in which we operateor if we have restrictions on sharing data between our products and services, this could affect our ability to provide our services, lto how we provide our services or our ability to target ads, which could adversely affect our financial results.
For example, Privacy Shield, a transfer framework we rely on for transferring data from the European Union to the United States, was invalidated in July 2020 by the Court of Justice of the European Union (CJEU). Additionally, the other bases Meta relies on to transfer such data, such as Standard Contractual Clauses (SCCs), have come under regulatory and judicial scrutiny. In August 2020, we received a draft preliminary decision from the Irish Data Protection Commission (IDPC) which preliminarily concluded that Meta Platforms Ireland’s reliance on SCC with respect to European user data does not comply with the General Data Protection Regulation () and preliminarily proposed that, therefore, stop such transfers of user data from the European Union to the United States.
We believe that a final decision can be issued in this consultation already in the first half of 2022. If a new transatlantic data transfer framework is not adopted and we cannot continue to rely on SCCs or other alternative means of transferring data from Europe to the United States, we may not be able to offer a number of our most important products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition and results of operations.
We have been subject to other significant legislative and regulatory developments in the past, and proposed or new legislation and regulations could materially affect our business. For example, the GDPR includes operational requirements for companies that receive or process personal data from European Union residents that are different from those previously established in the European Union, requires sending personal data breach notifications to our main privacy regulator of the European Union, the IDPC, and includes significant penalties for failure to comply with the notification obligation, as well as other requirements of the regulation.
GDPR is still a relatively new law, its interpretation is still evolving, and draft decisions in IDPC investigations are subject to review by other European privacy regulators as part of the GDPR consistency mechanism, which may lead to to significant changes in the final result. of such investigations. As a result, the interpretation and application of the GDPR, as well as the imposition and amount of penalties for non-compliance, are subject to significant uncertainty.
(…)
Additionally, as of December 2020, the European Union’s Electronic Privacy Directive includes additional limitations on data usage across all messaging products and includes significant penalties for noncompliance. Changes in our products or business practices as a result of these or similar developments may adversely affect our advertising business. Similarly, there are a series of legislative proposals in the European Union, the United States, both at the federal and state levels, as well as other jurisdictions that could impose new obligations or limitations in areas that affect our business.
For example, the proposed Digital Markets Act in the European Union and pending proposals to amend competition laws in the United States and other jurisdictions could make us incur significant compliance costs and could impose new restrictions and requirements on companies like ours, including in areas such as data blending between services, mergers and acquisitions, and product design. (…)
New laws or regulatory decisions that restrict our ability to collect and use information about children may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions.”
A march that, for now, is on pause
In March, the EU and the US reached a tentative agreement on a new data transfer pact, but negotiations on a new deal are not expected to conclude before next year, by which time the Irish could have issued and its ban on PPAs.
As a result of the latest twist in this saga, Meta has stalled its departure from the European zone as other regional DPAs (regional data protection authorities) have been reviewing it internally and have raised objections to the Irish decision.
Under the EU’s General Data Protection Regulation (GDPR), these kinds of cross-border decisions generally require the cooperation and at least the consensus of the DPAs in the affected regions, thus giving harmed authorities the right to influence those decisions.
“We have received some objections from a small number of data protection authorities in this case”, confirmed the deputy commissioner of the Irish Data Protection Commission, Graham Doyle. “We are currently evaluating the objections and will contact the relevant authorities to try to resolve the issues raised.”.
This means that a final decision on the (seemingly) never-ending saga over the legality of Meta’s data transfers, and the fate of its service in Europe, will be delayed for at least several more months.
A decision that could have a great impact on the technology sector in the future
Currently Facebook and Instagram together they have more than 400 million users in the EU, and in theory, all of them would lose access to both if Facebook decides to stop operating in Europe.
Of course, it would be very unlikely that Facebook would decide to carry out this threat, since Mark Zuckerberg’s company would not only lose a lot of money and market share, but also would be a drastic refusal to take direct action in protecting user dataone of the points that about the social network.
The most likely scenario for the resolution of this situation is that eventually Facebook will be forced to establish exclusive data centers in the European Union. But beware, the simple fact that the company has made this threat underlines the growing tension that has been created between social networks and regulatory bodies in several countries around the security and protection of user data.
Of course cutting off the entire European market would obviously be a huge change, and one that most probably the company will not be willing to face, But it will be a matter of time to know what decision Facebook makes regarding this new restriction, and how the issue of user data protection in different countries and regions impacts the future of large technology companies.
Image:
Stay informed of the most relevant news on our news channel
Facebook Comments
Disqus