Meta considers EU shut down in the absence of a framework for the storage of EU data on US servers.
Representatives from Meta have spoken up about the possibility of the company having to shut down Instagram and Facebook services in the EU, unless a framework is implemented which allows them to store EU data on US servers. A recent annual report from the company made mention that unless there is an option to store, transfer, and process data from its European users on the US based servers which it has always used, Facebook and Instagram may be shut down across the EU.
Meta representatives call for clear global rules to protect transatlantic data flows over the long term.
With current frameworks to enable transatlantic data transfers under heavy scrutiny in Europe, the company is in need of a new framework in order to allow continued operations in the EU. Several businesses have been called to question for their practices of transatlantic data transfers. As a result, Standard Contractual Clauses or SCCs have been used by some companies in order to facilitate these transfers, however it has been suggested that SCCs cannot be used in practice for EU-US transfers. According to a report from City AM, Nick Clegg, VP of Global Affairs and Communications at Meta said “Businesses need clear, global rules, underpinned by the strong rule of law, to protect transatlantic data flows over the long term.”
Since the invalidation of the Privacy Shield, many companies have had to change the way they operate in an effort to remain in compliance.
Since the invalidation of the Privacy Shield in July 2020, the impact has been felt by businesses all across Europe, which previously used US servers, or used the services of US based companies, which involved the transfer of data from EU users to the US. Due to US laws, European user data which has been transferred to the US may be accessed by US intelligence. As a result several companies have been ordered to cease their use of US cloud services and other US-based service providers. Many companies turned to the use of Standard Contractual Clauses or SCCs in order to facilitate these transfers. Unfortunately, in many cases, this has been found inappropriate as a solution, as SCCs themselves do not protect the data from being accessed by US intelligence. Meta is one of several companies which have been investigated for unlawful data transfers to the US.
While the investigation by the Irish DPC is ongoing, this watchdog has previously ruled against the use of SCCs to facilitate transatlantic data flows.
The Irish DPC communicated with Facebook in August 2020 that the use of Standard Contractual Clauses was not in line with the GDPR. This meant that Facebook had to stop processing European data on American servers. However this preliminary conclusion has been appealed by Facebook and therefore, change has yet to come about. Judges ruled that the investigation by the Irish DPC can continue, with a final verdict expected within the first half of this year. Since the Schrems II decision of the Court of Justice of the EU, an adequate data transfer impact assessment is required for the transfers of the data based on SCCs. The current situation faced by Meta is that it may no longer be feasible to offer its services in the EU, should the use of Standard Contractual Clauses be deemed illegal in their case at the end of the investigation.