The battle over data protection in the Meta versus European Union case continues, with Ireland's data protection authority poised to announce a verdict on a data flow prohibition between the EU and the US soon. This restriction would prevent the social network parent company Meta Platforms, Inc. from storing the data of its European users in the United States. It comes after the European Court of Justice invalidated the EU-US Privacy Shield Agreement in a surprise judgment in 2020. The court concluded that data maintained in the United States could not be adequately secured.

 

If a new transatlantic data transfer agreement is not reached soon, Meta's popular social media services, Facebook and Instagram, may become inaccessible to EU users. With about 303 million Europeans using Facebook alone, the corporation will be severely harmed if it withdraws its services from the EU. Meta will not be abandoning such a massive market lightly, especially after reporting its first year-over-year fall in quarterly revenue since becoming public last month.

 

Mark Zuckerberg Meta

 

 

How did it get here?

 

When it comes to personal data, the EU has emerged as the frontrunner in terms of legal protection and responsibility. The General Data Protection Regulation ensures that EU citizens have the right to access, amend, and delete any of their stored personal data. To safeguard such rights, Chapter 5 of the GDPR severely restricts the transfer of any data accumulated inside the European Economic Area to a territory outside the European Economic Area. Businesses may share data with territories outside the EEA only if the European Commission determines that the outside territory provides an adequate level of protection.

 

Following the Edward Snowden leaks in 2013 that revealed the extent of US spying on national and international residents, Austrian privacy campaigner Max Schrems filed a lawsuit claiming that the US provided inadequate protection for European individuals' data. The court's decision in favor of Schrems rendered the current transatlantic data treaty null and void.

 

Companies like Meta have been forced to rely on Standard Contractual Clauses to share data with the US since the ruling. However, the Irish Data Protection Commission has been skeptical of the legality of SCCs as an alternative tool from the start. In a preliminary judgment issued in February, the DPC stated that transfers to the US under SCCs "should be suspended."

 

 

A decision on whether Meta may continue to transport data to the US is likely soon.

 

Last month, the Irish data protection authority delivered a draft of its final decision to other EU regulators on whether Meta can continue to use SCCs to share EU data with the US. The draft ruling is expected to be accepted because the Irish DPC is in charge of regulating tech corporations. After all, Ireland is the European headquarters for several US companies, including Meta. The draft's contents have been carefully shielded from the public.

 

In a blog post, Nick Clegg, former Liberal Democrat leader in the United Kingdom and current president for global affairs at Meta Platforms, stated, "The Irish Data Protection has commenced an inquiry into Facebook's controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers." "While this strategy is subject to further process," he continued, "if implemented, it might have far-reaching effects on enterprises who rely on SCCs."

 

Nick Clegg

 

There is still hope for the corporation, as the European Commission has begun discussions with the US government to develop a replacement to the Privacy Shield agreement that complies with the provisions of the 2020 European Court of Justice judgment. However, no agreement has been reached and will most likely not be reached until next year, by which time the DPC may have declared their ban on Meta's usage of SCCs.

 

 

Meta will be forced to either store its users' data in Europe or discontinue its services.

 

According to a Meta spokeswoman, the firm has no plans to leave Europe, but "the simple reality is that Meta, and many other businesses, organisations and services, rely on data transfers between the EU and the US in order to operate global services." The EU has no intentions to create any exceptions for the corporation and has stated that its decision would be vigorously implemented. "Meta cannot simply coerce the EU into abandoning its data protection requirements," European MEP Axel Voss tweeted. He added, "leaving the EU would be their loss."

 

If Meta is barred from using SCCs to transport data, the company will be compelled to store EU citizens' data on servers within their territory to continue functioning within the EU. Failure to comply might result in a fine of up to 4% of yearly revenue, or $2.8 billion in Facebook's case. However, Meta does not appear to budge for the time being. If the company gives in to the EU's demands, it expects other countries to follow suit, posing a threat to Meta's business models.

 

However, given that we have entered an era in which data privacy and protection is rapidly becoming a major concern globally, the social media behemoth, as well as many other Big Tech businesses, may soon be forced to conform to such demands.

 

Are you prepared to sacrifice your social media accounts for better data protection?