[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_european-facebook-blackout-is-closer-than-you-think_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"coverImageWithoutText":44,"inlineMedia":52,"id":181,"title":182,"excerpt":183,"locale":8,"slug":184,"authorSlug":185,"automaticTranslated":11,"publishedAt":186,"updatedAt":187,"ctaTitle":188,"ctaButton":189,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"cover":44,"languages":190},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">As reported by the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://iapp.org/news/a/meta-braces-for-eu-shutdown-gdpr-fine/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">IAPP\u003C/a>, two publicly available documents from Meta suggest that the Irish data protection authority (DPC) may soon \u003Cstrong>suspend EU-US data transfers for the Facebook platform\u003C/strong> and impose a fine on Meta. As reported by the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.irishtimes.com/business/2023/04/20/data-protection-boss-dixon-rejects-criticism-over-enforcement/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Irish Times\u003C/a>, the decision could come as soon as May 12.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">This could result in a temporary Facebook blackout for Europe, depending on how things play out. This high-profile case will certainly set a precedent and may \u003Cstrong>impact the digital lives of millions\u003C/strong>. \u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">\u003Cem>(Update: the order to suspend data transfers arrived on May 22, along with a record \u003Cstrong>1.2 billion Euro fine\u003C/strong>. We examined the decision in \u003CNuxtLink to=\"/blog/meta-hit-with-record-breaking-1-3-billion-fine-over-facebook-data-transfers-to-the-us#the-decision\"  >another blog\u003C/NuxtLink>)\u003C/em>\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#what-do-the-documents-say\">What do the documents say?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#the-story-so-far\">The story so far\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#the-legal-issues\">The legal issues\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#what-happens-next\">What happens next?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#what-does-the-decision-mean-for-data-transfers\">What does the decision mean for data transfers?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#final-thoughts\">Final Thoughts\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaTwo />\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Let’s dive in!\u003C/ContentEditable>\n\u003CContentEditable  id=\"what-do-the-documents-say\" parent=\"\" tag=\"h2\" :articleId=\"463\">What do the documents say?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The two documents (an \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://investor.fb.com/investor-news/press-release-details/2023/Meta-Reports-First-Quarter-2023-Results/default.aspx?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">earnings report\u003C/a> and a \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.sec.gov/ix?doc=%2FArchives%2Fedgar%2Fdata%2F1326801%2F000132680123000067%2Fmeta-20230331.htm&utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">form\u003C/a> submitted to the US Security and Exchange Commission) are long and deal with a lot of different issues, so here are the interesting bits.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Page 3 of Meta’s quarterly earning report reads:\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">\u003Cem>We expect the Irish Data Protection Commission (IDPC) to issue a decision in May (...), including a suspension order (...) and a fine. Our ongoing consultations with policymakers on both sides of the Atlantic continue to indicate that the proposed new EU-U.S. Data Privacy Framework will be fully implemented before the deadline for suspension of such transfers, but we cannot exclude the possibility that it will not be completed in time.\u003C/em>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The Q-10 form includes more details on page 54:\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">\u003Cem>Once the final decision is issued, we will have an opportunity to appeal and seek a stay. A transfer suspension order would become effective after a period of time unless a new transatlantic data transfer framework is finalized prior to that time or the IDPC revisits the suspension order due to a material change in U.S. law.\u003C/em>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">We consider the documents to be reliable. It is not unusual for the parties of a procedure to have inside information on the outcome before a decision is published. This is especially true for a tech giant with plenty of connections and lobbying capabilities.\u003C/ContentEditable>\n\u003Cp>\u003Cimg src=\"https://cms-assets.simpleanalytics.com/dark_social_gathering_2_86efc524fd.png\" alt=\"dark-social-gathering-2.png\">\u003C/p>\n\u003CContentEditable  id=\"the-story-so-far\" parent=\"\" tag=\"h2\" :articleId=\"463\">The story so far\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The story is long by now, so grab a sandwich (or skip ahead- we won’t blame you).\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">It all started in 2013 when NSA whistleblower Edward Snowden leaked confidential files on the agency’s operation, including \u003Cstrong>large-scale electronic surveillance programs\u003C/strong> Upstream and Prism.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Snowden’s revelations prompted Max Schrems (yes, the guy from the Schrems I and II rulings) to file a complaint with the Austrian data protection authority against Facebook’s data transfers to the US. He claimed that, due to the massive scale and indiscriminate character of electronic surveillance from the US government, data transfers to Facebook in the US \u003Cstrong>could not ensure the confidentiality of personal data\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The Austrian authority forwarded the complaint to its Irish counterpart since Facebook had its main European subsidiary in Ireland. This was the start of a \u003Cstrong>never-ending legal battle\u003C/strong> in which Facebook tried to postpone a final decision in every way. For a decade, the case went back and forth between the DPC, the Irish courts, and the EU Court of Justice.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The decisions of the Court of Justice had a very important impact on European privacy law. In 2015 the \u003Cstrong>Schrems I\u003C/strong> ruling invalidated the Safe Harbor agreement, which greatly simplified EU-US data transfers. A new agreement, known as the Privacy Shield, replaced the Safe Harbor, but it was again invalidated by the Court in the 2020 \u003Cstrong>Schrems II\u003C/strong> ruling.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">A decade and two landmark rulings later, the DPC finally drafted a decision to suspend data transfers and submitted it to the European Data Protection Board (the EU institution where all data protection authorities sit). The EDPB settled the matter last month with a yet-unpublished decision. The EDPB’s decision is binding on the DPC, but she still has some margin of autonomy, including the quantification of the fines.\u003C/ContentEditable>\n\u003CContentEditable  id=\"the-legal-issues\" parent=\"\" tag=\"h2\" :articleId=\"463\">The legal issues\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">We do not have a decision yet, but in light of the Schrems II ruling and recent decisions against Google Analytics, it is easy to guess what legal issues are at stake.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">When a European user browses Facebook, their data are processed by several entities connected to Meta. The most important are Meta Platforms and its main European subsidiary, Meta Platforms Ireland. Because Meta Platforms itself carries out the bulk of the data processing, \u003Cstrong>Facebook requires a data transfer to the US to work\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Data transfers to the US have been problematic since the Schrems II ruling. Companies transferring data to the US (and other “unsafe” countries) need to implement sufficient measures to \u003Cstrong>keep personal data safe from State surveillance\u003C/strong>. These measures must be implemented on top of data transfer mechanisms such as standard contractual clauses or binding corporate rules, which are a standard requirement for most non-EU countries.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Meta relies on standard contractual clauses for transferring data, but it is not clear whether the company has implemented sufficient supplementary safeguards to keep personal data confidential. If it did not, then the data transfers from Meta Ireland to the parent company are \u003Cstrong>in breach of the GDPR\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">And in all likelihood, it did not. This is \u003Cstrong>the exact same problem Google is facing\u003C/strong> in a coordinated set of complaints filed by noyb (an NGO founded by Schrems himself) and the reason \u003CNuxtLink to=\"https://www.simpleanalytics.com/blog/the-complete-overview-from-101-noyb-complaints-to-banning-google-analytics\">\u003Cstrong>five European data protection authorities have practically banned Google Analytics\u003C/strong>\u003C/NuxtLink> from their respective countries. \u003Cstrong>There is no easy solution\u003C/strong>, even for a company as big as Google.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">To be clear, there are technical measures that can make data transfers safer, but they are only practical for certain types of services (we discussed some of them \u003CNuxtLink to=\"/blog/how-to-move-forward-with-data-transfers-between-the-eu-us#supplementary-measures-for-data-transfers\"  >here\u003C/NuxtLink>). As a matter of fact, three years have passed since noyb’s complaints, and Google has not found a solution yet. Our educated guess is that Meta has not, either. \u003Cstrong>If the company had any cards up its sleeve, it would have played them by now\u003C/strong> instead of risking a Facebook blackout.\u003C/ContentEditable>\n\u003Cp>\u003Cimg src=\"https://cms-assets.simpleanalytics.com/dark_social_gathering_1_d59479ba69.png\" alt=\"dark-social-gathering-1.png\">\u003C/p>\n\u003CContentEditable  id=\"what-happens-next\" parent=\"\" tag=\"h2\" :articleId=\"463\">What happens next?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The decision will not spell the end of Facebook in Europe, but it might cause a \u003Cstrong>temporary blackout\u003C/strong> for the service in the EU and the EEA, depending on two factors.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The first factor is time. The EU and the US have reached an agreement on the \u003Cstrong>Trans Atlantic Data Privacy Framework\u003C/strong>- yet another data transfer framework to replace the Privacy Shield. This framework will be enacted in the EU legal framework when the European Commission adopts an \u003Cstrong>adequacy decision\u003C/strong>- an act that essentially “greenlights” a non-EU country as a safe destination and allows for hassle-free data transfers.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">(On a side note, the new framework will surely face legal challenges from noyb. We are looking at a Schrems III ruling, and it’s hard to predict how it will play out. But this is not a pressing issue for Meta yet.)\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">An adequacy decision has already been drafted and is currently pending Member States&#39; approval. It is likely to pass, but it is not clear when that will happen.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">According to the documents, Meta expects the DPC’s suspension order to come with a deadline. Therefore, the continuity of service for Facebook depends on the timing of the adequacy decision. If the adequacy decision is adopted before the deadline, Meta will be able to rely on the decision for transferring data and will continue to provide the service. But if the decision comes too late, Meta may be forced to suspend the service in the meantime. Meta is somewhat optimistic that the decision will come in time, but not entirely certain.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">The second factor at play is the outcome of Meta’s future legal actions. Meta intends to challenge the decision and \u003Cstrong>seek a stay for the suspension order\u003C/strong>- presumably until the vote on the adequacy decision takes place within the European Commission.  A stay could buy Meta the time to keep providing Facebook to European users until data transfers can be resumed under the adequacy decision.\u003C/ContentEditable>\n\u003CContentEditable  id=\"what-does-the-decision-mean-for-data-transfers\" parent=\"\" tag=\"h2\" :articleId=\"463\">What does the decision mean for data transfers?\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Of course, this case has implications that go well beyond Facebook. Many US service providers are walking on thin ice with their data transfers. Given the EDPB’s involvement, this case could \u003Cstrong>set a very important precedent\u003C/strong>, especially if the new data transfer framework does not survive Schrems III.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">Notably, many US companies, including tech giants like Google and Apple, have their European subsidiaries in Ireland. From this perspective, an Irish precedent could be especially disruptive to EU-US data transfers.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">On the other hand, the DPC has a reputation for not being terribly proactive. After all, it took ten years, two rulings of the Court of Justice, and direct involvement from the EDPB for the case to come to a decision. So the DPC probably won’t crack down on data transfers first thing tomorrow.\u003C/ContentEditable>\n\u003CContentEditable  id=\"final-thoughts\" parent=\"\" tag=\"h2\" :articleId=\"463\">Final Thoughts\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">It took a while, but we are finally starting to see energic enforcement of the GDPR. Five DPAs have already taken a stance against Google Analytics, and Facebook will likely be next. Meta was recently \u003CNuxtLink to=\"/blog/meta-targeted-advertising-not-gdpr-compliant\"  >fined €390M\u003C/NuxtLink> by the DPC for unlawfully targeting users with personalized advertising and may end up paying high damages in a \u003CNuxtLink to=\"/blog/meta-s-privacy-fiasco-a-cautionary-tale-for-big-tech\"  >class action\u003C/NuxtLink> for the same reasons.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">\u003Cstrong>Why do we care?\u003C/strong>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"463\">There is more to privacy than just the laws, rules, and fines. Privacy is a human right. At Simple Analytics, we believe the internet should be a place that is friendly to website visitors and respects privacy. This is why we built an alternative to Google Analytics that does not use cookies or any personal data. If this resonates with you, feel free to \u003CNuxtLink to=\"/signup\"  >give us a try!\u003C/NuxtLink>\u003C/ContentEditable>\n","As reported by the [IAPP](https://iapp.org/news/a/meta-braces-for-eu-shutdown-gdpr-fine/), two publicly available documents from Meta suggest that the Irish data protection authority (DPC) may soon **suspend EU-US data transfers for the Facebook platform** and impose a fine on Meta. As reported by the [Irish Times](https://www.irishtimes.com/business/2023/04/20/data-protection-boss-dixon-rejects-criticism-over-enforcement/), the decision could come as soon as May 12.\n\nThis could result in a temporary Facebook blackout for Europe, depending on how things play out. This high-profile case will certainly set a precedent and may **impact the digital lives of millions**. \n\n_(Update: the order to suspend data transfers arrived on May 22, along with a record **1.2 billion Euro fine**. We examined the decision in [another blog](https://www.simpleanalytics.com/blog/meta-hit-with-record-breaking-1-3-billion-fine-over-facebook-data-transfers-to-the-us#the-decision))_\n\nLet’s dive in!\n\n## What do the documents say?\n\nThe two documents (an [earnings report](https://investor.fb.com/investor-news/press-release-details/2023/Meta-Reports-First-Quarter-2023-Results/default.aspx) and a [form](https://www.sec.gov/ix?doc=/Archives/edgar/data/1326801/000132680123000067/meta-20230331.htm) submitted to the US Security and Exchange Commission) are long and deal with a lot of different issues, so here are the interesting bits.\n\nPage 3 of Meta’s quarterly earning report reads:\n\n_We expect the Irish Data Protection Commission (IDPC) to issue a decision in May (...), including a suspension order (...) and a fine. Our ongoing consultations with policymakers on both sides of the Atlantic continue to indicate that the proposed new EU-U.S. Data Privacy Framework will be fully implemented before the deadline for suspension of such transfers, but we cannot exclude the possibility that it will not be completed in time._\n\nThe Q-10 form includes more details on page 54:\n\n_Once the final decision is issued, we will have an opportunity to appeal and seek a stay. A transfer suspension order would become effective after a period of time unless a new transatlantic data transfer framework is finalized prior to that time or the IDPC revisits the suspension order due to a material change in U.S. law._\n\nWe consider the documents to be reliable. It is not unusual for the parties of a procedure to have inside information on the outcome before a decision is published. This is especially true for a tech giant with plenty of connections and lobbying capabilities.\n\n![dark-social-gathering-2.png](https://cms-assets.simpleanalytics.com/dark_social_gathering_2_86efc524fd.png)\n\n## The story so far\n\nThe story is long by now, so grab a sandwich (or skip ahead- we won’t blame you).\n\nIt all started in 2013 when NSA whistleblower Edward Snowden leaked confidential files on the agency’s operation, including **large-scale electronic surveillance programs** Upstream and Prism.\n\nSnowden’s revelations prompted Max Schrems (yes, the guy from the Schrems I and II rulings) to file a complaint with the Austrian data protection authority against Facebook’s data transfers to the US. He claimed that, due to the massive scale and indiscriminate character of electronic surveillance from the US government, data transfers to Facebook in the US **could not ensure the confidentiality of personal data**.\n\nThe Austrian authority forwarded the complaint to its Irish counterpart since Facebook had its main European subsidiary in Ireland. This was the start of a **never-ending legal battle** in which Facebook tried to postpone a final decision in every way. For a decade, the case went back and forth between the DPC, the Irish courts, and the EU Court of Justice.\n\nThe decisions of the Court of Justice had a very important impact on European privacy law. In 2015 the **Schrems I** ruling invalidated the Safe Harbor agreement, which greatly simplified EU-US data transfers. A new agreement, known as the Privacy Shield, replaced the Safe Harbor, but it was again invalidated by the Court in the 2020 **Schrems II** ruling.\n\nA decade and two landmark rulings later, the DPC finally drafted a decision to suspend data transfers and submitted it to the European Data Protection Board (the EU institution where all data protection authorities sit). The EDPB settled the matter last month with a yet-unpublished decision. The EDPB’s decision is binding on the DPC, but she still has some margin of autonomy, including the quantification of the fines.\n\n## The legal issues\n\nWe do not have a decision yet, but in light of the Schrems II ruling and recent decisions against Google Analytics, it is easy to guess what legal issues are at stake.\n\nWhen a European user browses Facebook, their data are processed by several entities connected to Meta. The most important are Meta Platforms and its main European subsidiary, Meta Platforms Ireland. Because Meta Platforms itself carries out the bulk of the data processing, **Facebook requires a data transfer to the US to work**.\n\nData transfers to the US have been problematic since the Schrems II ruling. Companies transferring data to the US (and other “unsafe” countries) need to implement sufficient measures to **keep personal data safe from State surveillance**. These measures must be implemented on top of data transfer mechanisms such as standard contractual clauses or binding corporate rules, which are a standard requirement for most non-EU countries.\n\nMeta relies on standard contractual clauses for transferring data, but it is not clear whether the company has implemented sufficient supplementary safeguards to keep personal data confidential. If it did not, then the data transfers from Meta Ireland to the parent company are **in breach of the GDPR**.\n\nAnd in all likelihood, it did not. This is **the exact same problem Google is facing** in a coordinated set of complaints filed by noyb (an NGO founded by Schrems himself) and the reason [**five European data protection authorities have practically banned Google Analytics**](https://www.simpleanalytics.com/blog/the-complete-overview-from-101-noyb-complaints-to-banning-google-analytics) from their respective countries. **There is no easy solution**, even for a company as big as Google.\n\nTo be clear, there are technical measures that can make data transfers safer, but they are only practical for certain types of services (we discussed some of them [here](https://www.simpleanalytics.com/blog/how-to-move-forward-with-data-transfers-between-the-eu-us#supplementary-measures-for-data-transfers)). As a matter of fact, three years have passed since noyb’s complaints, and Google has not found a solution yet. Our educated guess is that Meta has not, either. **If the company had any cards up its sleeve, it would have played them by now** instead of risking a Facebook blackout.\n\n![dark-social-gathering-1.png](https://cms-assets.simpleanalytics.com/dark_social_gathering_1_d59479ba69.png)\n\n## What happens next?\n\nThe decision will not spell the end of Facebook in Europe, but it might cause a **temporary blackout** for the service in the EU and the EEA, depending on two factors.\n\nThe first factor is time. The EU and the US have reached an agreement on the **Trans Atlantic Data Privacy Framework**\\- yet another data transfer framework to replace the Privacy Shield. This framework will be enacted in the EU legal framework when the European Commission adopts an **adequacy decision**\\- an act that essentially “greenlights” a non-EU country as a safe destination and allows for hassle-free data transfers.\n\n(On a side note, the new framework will surely face legal challenges from noyb. We are looking at a Schrems III ruling, and it’s hard to predict how it will play out. But this is not a pressing issue for Meta yet.)\n\nAn adequacy decision has already been drafted and is currently pending Member States' approval. It is likely to pass, but it is not clear when that will happen.\n\nAccording to the documents, Meta expects the DPC’s suspension order to come with a deadline. Therefore, the continuity of service for Facebook depends on the timing of the adequacy decision. If the adequacy decision is adopted before the deadline, Meta will be able to rely on the decision for transferring data and will continue to provide the service. But if the decision comes too late, Meta may be forced to suspend the service in the meantime. Meta is somewhat optimistic that the decision will come in time, but not entirely certain.\n\nThe second factor at play is the outcome of Meta’s future legal actions. Meta intends to challenge the decision and **seek a stay for the suspension order**\\- presumably until the vote on the adequacy decision takes place within the European Commission.  A stay could buy Meta the time to keep providing Facebook to European users until data transfers can be resumed under the adequacy decision.\n\n## What does the decision mean for data transfers?\n\nOf course, this case has implications that go well beyond Facebook. Many US service providers are walking on thin ice with their data transfers. Given the EDPB’s involvement, this case could **set a very important precedent**, especially if the new data transfer framework does not survive Schrems III.\n\nNotably, many US companies, including tech giants like Google and Apple, have their European subsidiaries in Ireland. From this perspective, an Irish precedent could be especially disruptive to EU-US data transfers.\n\nOn the other hand, the DPC has a reputation for not being terribly proactive. After all, it took ten years, two rulings of the Court of Justice, and direct involvement from the EDPB for the case to come to a decision. So the DPC probably won’t crack down on data transfers first thing tomorrow.\n\n## Final Thoughts\n\nIt took a while, but we are finally starting to see energic enforcement of the GDPR. Five DPAs have already taken a stance against Google Analytics, and Facebook will likely be next. Meta was recently [fined €390M](https://www.simpleanalytics.com/blog/meta-targeted-advertising-not-gdpr-compliant) by the DPC for unlawfully targeting users with personalized advertising and may end up paying high damages in a [class action](https://www.simpleanalytics.com/blog/meta-s-privacy-fiasco-a-cautionary-tale-for-big-tech) for the same reasons.\n\n**Why do we care?**\n\nThere is more to privacy than just the laws, rules, and fines. Privacy is a human right. At Simple Analytics, we believe the internet should be a place that is friendly to website visitors and respects privacy. This is why we built an alternative to Google Analytics that does not use cookies or any personal data. If this resonates with you, feel free to [give us a try!](https://www.simpleanalytics.com/signup)\n",{"alt":45,"caption":46,"small":47,"medium":48,"large":49,"original":50,"averageColorHex":51,"isDark":25},"Dark Social Gathering 1.png",null,"https://cms-assets.simpleanalytics.com/small_dark_social_gathering_1_d59479ba69.png","https://cms-assets.simpleanalytics.com/medium_dark_social_gathering_1_d59479ba69.png","https://cms-assets.simpleanalytics.com/large_dark_social_gathering_1_d59479ba69.png","https://cms-assets.simpleanalytics.com/dark_social_gathering_1_d59479ba69.png","201b16",{"data":53},[54,129],{"id":55,"attributes":56},312,{"name":57,"alternativeText":46,"caption":46,"width":58,"height":59,"url":60,"formats":61,"mime":66,"provider_metadata":126},"dark-social-gathering-2.png",1456,816,"https://cms-assets.simpleanalytics.com/dark_social_gathering_2_86efc524fd.png",{"large":62,"small":79,"medium":88,"xlarge":97,"xsmall":106,"thumbnail":115},{"ext":63,"url":64,"hash":65,"mime":66,"name":67,"path":46,"size":68,"width":69,"height":70,"provider_metadata":71},".png","https://cms-assets.simpleanalytics.com/large_dark_social_gathering_2_86efc524fd.png","large_dark_social_gathering_2_86efc524fd","image/png","large_dark-social-gathering-2.png",738.19,1000,560,{"meta":72},{"page":73,"blurHash":74,"isOpaque":25,"averageColorHex":75,"dominantColorHex":76,"averageColorBrightness":77,"dominantColorBrightness":78},0,"L27J|N=_02Eg~AoeE3j@02WV-oRk","2d1e16","080808",33,8,{"ext":63,"url":80,"hash":81,"mime":66,"name":82,"path":46,"size":83,"width":84,"height":85,"provider_metadata":86},"https://cms-assets.simpleanalytics.com/small_dark_social_gathering_2_86efc524fd.png","small_dark_social_gathering_2_86efc524fd","small_dark-social-gathering-2.png",196.93,500,280,{"meta":87},{"page":73,"blurHash":74,"isOpaque":25,"averageColorHex":75,"dominantColorHex":76,"averageColorBrightness":77,"dominantColorBrightness":78},{"ext":63,"url":89,"hash":90,"mime":66,"name":91,"path":46,"size":92,"width":93,"height":94,"provider_metadata":95},"https://cms-assets.simpleanalytics.com/medium_dark_social_gathering_2_86efc524fd.png","medium_dark_social_gathering_2_86efc524fd","medium_dark-social-gathering-2.png",424.68,750,420,{"meta":96},{"page":73,"blurHash":74,"isOpaque":25,"averageColorHex":75,"dominantColorHex":76,"averageColorBrightness":77,"dominantColorBrightness":78},{"ext":63,"url":98,"hash":99,"mime":66,"name":100,"path":46,"size":101,"width":102,"height":103,"provider_metadata":104},"https://cms-assets.simpleanalytics.com/xlarge_dark_social_gathering_2_86efc524fd.png","xlarge_dark_social_gathering_2_86efc524fd","xlarge_dark-social-gathering-2.png",1366.88,1400,785,{"meta":105},{"page":73,"blurHash":74,"isOpaque":25,"averageColorHex":75,"dominantColorHex":76,"averageColorBrightness":77,"dominantColorBrightness":78},{"ext":63,"url":107,"hash":108,"mime":66,"name":109,"path":46,"size":110,"width":111,"height":112,"provider_metadata":113},"https://cms-assets.simpleanalytics.com/xsmall_dark_social_gathering_2_86efc524fd.png","xsmall_dark_social_gathering_2_86efc524fd","xsmall_dark-social-gathering-2.png",5.16,64,36,{"meta":114},{"page":73,"blurHash":74,"isOpaque":25,"averageColorHex":75,"dominantColorHex":76,"averageColorBrightness":77,"dominantColorBrightness":78},{"ext":63,"url":116,"hash":117,"mime":66,"name":118,"path":46,"size":119,"width":120,"height":121,"provider_metadata":122},"https://cms-assets.simpleanalytics.com/thumbnail_dark_social_gathering_2_86efc524fd.png","thumbnail_dark_social_gathering_2_86efc524fd","thumbnail_dark-social-gathering-2.png",55.35,245,137,{"meta":123},{"page":73,"blurHash":74,"isOpaque":25,"averageColorHex":124,"dominantColorHex":76,"averageColorBrightness":125,"dominantColorBrightness":78},"2e1e17",34,{"meta":127},{"page":73,"blurHash":128,"isOpaque":25,"averageColorHex":75,"dominantColorHex":76,"averageColorBrightness":77,"dominantColorBrightness":78},"L27J|N=_02EN~AoeE3j@02WV-oRk",{"id":130,"attributes":131},311,{"name":132,"alternativeText":46,"caption":46,"width":58,"height":59,"url":50,"formats":133,"mime":66,"provider_metadata":179},"dark-social-gathering-1.png",{"large":134,"small":142,"medium":149,"xlarge":155,"xsmall":162,"thumbnail":170},{"ext":63,"url":49,"hash":135,"mime":66,"name":136,"path":46,"size":137,"width":69,"height":70,"provider_metadata":138},"large_dark_social_gathering_1_d59479ba69","large_dark-social-gathering-1.png",909.88,{"meta":139},{"page":73,"blurHash":140,"isOpaque":25,"averageColorHex":51,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},"L35h3@t60MWB?GofM|ay0#Nd}?$%",28,{"ext":63,"url":47,"hash":143,"mime":66,"name":144,"path":46,"size":145,"width":84,"height":85,"provider_metadata":146},"small_dark_social_gathering_1_d59479ba69","small_dark-social-gathering-1.png",242.51,{"meta":147},{"page":73,"blurHash":148,"isOpaque":25,"averageColorHex":51,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},"L35h3@t60MWC?GofM|ay0#Nd}?$%",{"ext":63,"url":48,"hash":150,"mime":66,"name":151,"path":46,"size":152,"width":93,"height":94,"provider_metadata":153},"medium_dark_social_gathering_1_d59479ba69","medium_dark-social-gathering-1.png",525.56,{"meta":154},{"page":73,"blurHash":140,"isOpaque":25,"averageColorHex":51,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},{"ext":63,"url":156,"hash":157,"mime":66,"name":158,"path":46,"size":159,"width":102,"height":103,"provider_metadata":160},"https://cms-assets.simpleanalytics.com/xlarge_dark_social_gathering_1_d59479ba69.png","xlarge_dark_social_gathering_1_d59479ba69","xlarge_dark-social-gathering-1.png",1675.88,{"meta":161},{"page":73,"blurHash":140,"isOpaque":25,"averageColorHex":51,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},{"ext":63,"url":163,"hash":164,"mime":66,"name":165,"path":46,"size":166,"width":111,"height":112,"provider_metadata":167},"https://cms-assets.simpleanalytics.com/xsmall_dark_social_gathering_1_d59479ba69.png","xsmall_dark_social_gathering_1_d59479ba69","xsmall_dark-social-gathering-1.png",5.18,{"meta":168},{"page":73,"blurHash":169,"isOpaque":25,"averageColorHex":51,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},"L35h6}t60MWB?GofM|ay0#Nd}?$%",{"ext":63,"url":171,"hash":172,"mime":66,"name":173,"path":46,"size":174,"width":120,"height":121,"provider_metadata":175},"https://cms-assets.simpleanalytics.com/thumbnail_dark_social_gathering_1_d59479ba69.png","thumbnail_dark_social_gathering_1_d59479ba69","thumbnail_dark-social-gathering-1.png",63.85,{"meta":176},{"page":73,"blurHash":177,"isOpaque":25,"averageColorHex":178,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},"L35h6}t70MWB?GofM|ay0#Nd}?$%","201b17",{"meta":180},{"page":73,"blurHash":140,"isOpaque":25,"averageColorHex":51,"dominantColorHex":76,"averageColorBrightness":141,"dominantColorBrightness":78},463,"European Facebook blackout is closer than we think","Irish DPC may suspend EU-US Facebook data transfers & fine Meta. Outcome could impact millions & set precedent for digital privacy.","european-facebook-blackout-is-closer-than-you-think","carlo-cilento","2023-05-02T19:56:47.057Z","2023-08-15T11:50:59.929Z","Want to be ready before the EU creates a Google Analytics blackout?","Get ready",{"en":191,"de":192,"fr":194,"it":196,"es":198,"nl":200},{"slug":184},{"slug":193},"der-europaeische-facebook-blackout-ist-naeher-als-wir-denken",{"slug":195},"le-black-out-europeen-sur-facebook-est-plus-proche-qu-on-ne-le-pense",{"slug":197},"il-blackout-europeo-di-facebook-e-piu-vicino-di-quanto-si-pensi",{"slug":199},"el-apagon-europeo-de-facebook-esta-mas-cerca-de-lo-que-pensamos",{"slug":201},"europese-facebook-black-out-is-dichterbij-dan-we-denken"]