Meta is threatening to leave the EU market if it’s not allowed to share EU user data with its US-based data centers.
The EU ruled in 2020 that using US cloud providers was a violation of the GDPR. Because they are often required to hand over data to intelligence agencies, US companies are not capable of being compliant with the privacy protections the GDPR provides EU citizens. While many companies, on both sides of the Atlantic, have ignored the ruling, the Austrian Data Protection Authority recently ruled that it is illegal for EU companies to use Google Analytics.
It appears Meta is preparing for the worst, according to iTWire, warning in an SEC filing that it may pull Facebook and Instagram out of the EU market if a replacement for the Privacy Shield legislation is not enacted. Privacy Shield governed the transfer of data between the EU and the US, prior to the 2020 ruling.
In August 2020, we received a preliminary draft decision from the Irish Data Protection Commission (IDPC) that preliminarily concluded that Meta Platforms Ireland’s reliance on SCCs in respect of European user data does not achieve compliance with the General Data Protection Regulation (GDPR) and preliminarily proposed that such transfers of user data from the European Union to the United States should therefore be suspended. We believe a final decision in this inquiry may issue as early as the first half of 2022. If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.
It remains to be seen if Meta’s threat is genuine or idle, but its statement is another indication of the headwinds the company faces as privacy increasingly becomes a major issue.