Facebook is threatening to pull out of Europe. The reason isn’t what you’d expect: it’s over new data transfer requirements.
Facebook is threatening to pull out of Europe. You might think it is an extremely delayed reaction to the link tax laws passed last year, but apparently, Facebook was willing to stick it out with that. Surprisingly, it is over data transfer laws.
As you might recall, Europe’s CJEU court made a major ruling on the so-called shield privacy laws back in July. Sometimes referred to as the Schrems case, the ruling said that data policies must be vetted before information gets sent to the US. The ruling, as many pointed out, punched a major hole in the shield law which, according to some critics, allowed personal information to flow to the US with hardly any oversight.
Now, there is even more fallout as an indirect result of the ruling. Irish regulators reformed some of the rules surrounding personal information. In response, Facebook is threatening to pull out of Europe because of the way the laws surrounding personal information work. From The Independent:
A senior Facebook executive has signalled it may not be able to continue providing social media services in Europe if it is forced to suspend the transfer of data to the US.
In an affidavit, Facebook Ireland’s head of data protection and privacy Yvonne Cunnane said it was “not clear” how it could continue to provide Facebook and Instagram.
She said there would be “significant” and “wide-ranging” consequences, not just for the social media giant, but for businesses across Europe.
The claims were made in a legal filing as part of Facebook’s challenge to a preliminary order from Ireland’s Data Protection Commission (DPC) requiring it to stop transferring the data of EU users to the US.
The high-stakes case came before the High Court last week. Facebook’s European headquarters is in Dublin.
“In the event [Facebook] were subject to a complete suspension of the transfer of users’ data to the US, as appear to be what the DPC proposes, it is not clear to [Facebook] how, in those circumstances, it could continue to provide the Facebook and Instagram services in the EU,” Ms Cunnane said in the legal filing.
These comments came about after the Irish regulator ordered Facebook to stop sending European user information to the US. From CNBC earlier this month:
Ireland’s data regulator has sent Facebook a preliminary order to stop transferring user data from the EU to the U.S., according to a report from The Wall Street Journal, citing sources familiar with the matter.
The preliminary order was sent to Facebook by Ireland’s Data Protection Commission in August, according to the report. CNBC has not been able to independently verify these sources.
Facebook declined to comment on the article when contacted by CNBC on Thursday. But, it referred to a blog post published Wednesday that states the DPC has started an inquiry into Facebook’s EU-U.S. data transfers. The post is authored by Nick Clegg, Facebook’s vice president of global affairs and communications.
The DPC also declined to comment.
The report comes just a few months after the European Court of Justice ruled the data transfer standard between the EU and the U.S. doesn’t adequately protect European citizen’s privacy.
The court, the EU’s highest legal authority, restricted how U.S. firms could send European user data to the U.S. after concluding EU citizens had no eﬀective way to challenge American government surveillance. U.S. agencies such as the NSA can theoretically ask internet companies like Facebook and Google to hand over data on an EU citizen and that EU citizen would be none-the-wiser.
That report was followed up by Facebook filing a lawsuit in an attempt to block the order. From CNBC:
Facebook on Friday launched legal action against Ireland’s data regulator, in an attempt to halt a preliminary order that could stop the company from transferring user data from the European Union to the U.S.
The social media giant has applied to seek judicial review of the approach used by Ireland’s Data Protection Commission on the grounds it was premature for the IDPC to have reached a preliminary conclusion at this stage.
“A lack of safe, secure and legal international data transfers would have damaging consequences for the European economy,” a Facebook spokesperson told CNBC via email. “We urge regulators to adopt a pragmatic and proportionate approach until a sustainable long-term solution can be reached.”
The big problem for Facebook is that Europe’s top court has already ruled on the matter. If you plan on operating in Europe and you collect European citizens personal information, then there are protocols that must be in place to safeguard European citizens privacy. You can’t just willy-nilly send it to the US without any kind of oversight. At this point, the only real option left is to have the laws changed – but even then, that is an uphill battle thanks to the ruling in the first place.
At best, this is going to be a stalling tactic. The question is, to what end? To come up with a better system to be more compliant with European privacy laws? To find a way to actually pull out of Europe? It’s a bit puzzling to figure out what the end game plan is on Facebook’s part.
Still, there could be a cascade effect here. If Facebook pulls out, big publishing might see a major revenue stream slip through their fingers. After all, Facebook would be subject to a link tax for the “privilege” of linking to news sources. If they leave, then the potential number of large targets for this law would be reduced.
On that same train of thought, it’s actually quite unfortunate that if Facebook decides to end operations in Europe, they chose a lack of ability to do whatever they want with people’s personal information as the hill they chose to die on. They could very easily have been able to spin this as, “after analyzing where we would be positioned with respect to the link tax, we feel that we can no longer continue operating in Europe.” That, at the very least, would have a good play PR-wise because almost no one outside of the big publishing sector thinks that the link tax is even remotely sane. Pulling out because of being required to follow privacy laws just isn’t as great of a note to end on – assuming they really do pull out in the first place.