EU moving closer to Facebook ban
Published on Jul 7, 2022 by Iron Brands
There is a risk Europeans won’t be able to use Facebook after the Irish data protection agency (DPC) doubles down on stopping data transfer between the US and the E.U.
Read the full statement here by Politico.eu who were the first to report
At July 7, 2022 12:37 PM CET by Vincent Manancourt.
Europeans risk seeing social media services Facebook and Instagram shut down this summer, as Ireland’s privacy regulator doubled down on its order to stop the firm’s data flows to the United States.
The Irish Data Protection Commission on Thursday informed its counterparts in Europe that it will block Facebook-owner Meta from sending user data from Europe to the U.S. The Irish regulator’s draft decision cracks down on Meta’s last legal resort to transfer large chunks of data to the U.S., after years of fierce court battles between the U.S. tech giant and European privacy activists.
The European Court of Justice in 2020 annulled an EU-U.S. data flows pact called Privacy Shield because of fears over U.S. surveillance practices. In its ruling, it also made it harder to use another legal tool that Meta and many other U.S. firms use to transfer personal data to the U.S., called standard contractual clauses (SCCs). This week’s decision out of Ireland means Facebook is forced to stop relying on SCCs too.
Meta has repeatedly warned that such a decision would shutter many of its services in Europe, including Facebook and Instagram.
“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Meta said in a filing to the U.S. Securities and Exchange Commission in March this year.
The Irish blocking order, if confirmed by the group of European national data protection regulators, is likely to send a chill through the wider business community too, which has been scratching its head about how to continue sending data from Europe to the U.S. following the EU’s top court ruling in 2020.
The EU and U.S. are in the midst of negotiating a new data-transfer text that would allow companies like Meta to continue to ship data across the Atlantic irrespective of the Irish order. Brussels and Washington in March agreed to a preliminary deal at the political level, but negotiations on the legal fine print have stalled and a final deal is unlikely to be reached before the end of the year.
A spokesperson for the Irish DPC confirmed that the draft decision had been sent to other European privacy regulators, who now have a month to give their input, but wouldn’t discuss details of the decision.
“This draft decision, which is subject to review by European Data Protection Authorities, relates to a conflict of EU and U.S. law which is in the process of being resolved,” a Meta spokesperson said. “We welcome the EU-U.S. agreement for a new legal framework that will allow the continued transfer of data across borders, and we expect this framework will allow us to keep families, communities and economies connected.”
View source at politico.eu.
Thursday, the DPC informed counterparts in other EU member states that it will block Facebook from sending data from the EU to US servers. Data protection agencies of other EU members have a month to add their views and objections before it moves forward. The move could mean the biggest disruption of the social media giant in its history. The DPC did not comment on the specific contents or release a statement, but they confirmed the issue at hand.
Earlier this year, Facebook stated that if it’s unable to transfer data overseas, it could affect the availability of its products. It seems close to becoming a reality now.
1. Impact of Schrems II
The statement of the Irish regulator (DPC) is a result of the invalidation of the privacy shield in July 2020. This is referred to as the Schrems II ruling that concluded that data transfer to the US violates the GDPR law.
The mandate of the GDPR is simple: Protect the privacy of EU citizens. This cannot be guaranteed when personal data is sent from the EU to Facebook servers in the US.
Facebook qualifies as an “Electronic communication service provider” and is therefore obliged to share data with the US intelligence service if requested. This means that the US intelligence service can access the personal data of EU citizens.
2. Crackdown on Google Analytics
The Schrems II ruling did not lead to a response from EU data protection agencies until the beginning of this year, when the DSB (Austria) responded by banning the use of Google Analytics. CNIL (France) was quick to follow, and Garante (Italy) banned Google Analytics last week as well. More EU member states are likely to follow suit in the coming months.
The issue, however, does not only apply to Facebook and Google. Notably, they are the biggest advertising platforms that transfer personal data overseas, but every entity doing this should be very aware of this ruling.
3. Privacy Shield 2.0
A Facebook spokesperson noted that the issue is in the process of being resolved, referring to a new agreement between the U.S and the EU that will allow the continued transfer of data. The so-called Privacy Shield 2.0. However, the deal is far from finalized. Both the EU (here) and the US (here) announced a new agreement on a new framework for transatlantic data transfer, but no legal document has been provided. It’s a political agreement without any legal merit.
“The final text will need more time; once this arrives, we will analyze it in-depth, together with our US legal experts. If it is not in line with EU law, we or another group will likely challenge it. In the end, the Court of Justice will decide a third time. We expect this to be back at the Court within months from a final decision.” Max Schrems of Noyb noted
4. Implications of Facebook ban
An unresolved conflict about transatlantic data transfer could have a significant impact on (almost) all Europeans. It sounds unrealistic that Facebook would not be available for EU citizens, but this might very well become a reality.
In February, DPC head Helen Dixon told Reuters that a decision would not immediately affect WhatsApp as it has a different data controller.
It sounds harsh, but finally, the GDPR is showing its teeth. Privacy is a human right and should be treated as such. Google and Facebook have become the biggest monopolies companies in the world by monetizing our data. This model is showing cracks as more and more consumers are demanding privacy.
We started Simple Analytics because we care about privacy. Our “fight” is mainly with Google as Simple Analytics is a privacy-first Google Analytics alternative, but it goes further than that. We believe in an independent web that is friendly to website visitors.
To create a more open web, we need to adopt a different mindset. We must find ways to stop relying on the biggest advertising companies in the world. We really need to figure out how to become independent from those data-devouring beasts.
To change this, we need alternatives that allow us to do so. And yes, we are biased because we built a privacy-first Google Analytics alternative. But if this message resonates with you, you should check out all these EU-based alternatives for digital products and see for yourself.