Irish regulator puts Facebook’s data policies back in the spotlight
A draft decision by Irish regulators threatened on Thursday to block Facebook and Instagram from transferring user data from the European Union to the United States, the latest round a year dispute over the protection of European citizens’ data against American espionage.
The order from the Irish Data Protection Commission stems from a court ruling that data from Facebook and Instagram users in Europe could not be transferred to the US because the services were subject to US laws which give surveillance agencies access to certain information about international users.
The decision, first reported by Politico, increases pressure on US and European negotiators to strike a deal. agreement, announced in March, to allow companies to continue moving digital information across the Atlantic. Meta, which owns Facebook and Instagram, said it may have to shut down services in Europe if it is unable to transport data easily.
Meta was at the center of the debate as he was the subject of a lawsuit that led to a 2020 ruling by the European Court of Justice, the European Union’s highest court, which overturned a major sharing pact data between the European Union and the United States. The court said the agreement, known as Privacy Shield, was illegal due to a lack of privacy protection against US espionage.
The move was an example of how governments around the world are increasingly setting rules and standards governing how data can move around the world.
A blackout of Facebook and Instagram in Europe is considered unlikely. Data protection regulators in other European Union countries have one month to express their objections to Ireland’s order. Meta can also appeal against the judgment in court. The draft order submitted on Thursday only applies to Facebook and Instagram, not other Meta services like WhatsApp.
The White House has been scrambling to strike a deal to keep the data flowing. Without an agreement, the operations of thousands of companies, not just internet companies like Meta, would be in jeopardy.
President Biden announced in March a preliminary agreement with Ursula von der Leyen, the president of the European Commission, but the two parties did not reach a final agreement.
Since the 2020 court ruling, Meta and dozens of other companies have used a legal mechanism known as “standard contractual clauses” to keep data flowing.
The draft order submitted by the Irish authorities on Thursday said that this mechanism was not sufficient to comply with the judgment of the European Court of Justice. The decision focused solely on Meta this time as the company was already under investigation into its data collection practices in Ireland.
Ireland is responsible for regulating Meta’s data practices in Europe as the company has its European headquarters in Dublin.
Meta expressed confidence that an agreement preventing any interruption of its services would be concluded.
“This draft decision, which is subject to review by European data protection authorities, concerns a conflict between European and American law which is in the process of being resolved,” Meta said in a statement. “We welcome the EU-US agreement for a new legal framework that will enable the seamless transfer of data across borders, and we hope this framework will allow us to keep families, communities and economies connected.”