Facebook's fate in Europe is tied to an Irish ruling
The data protection bodies are close to issuing a historic ruling in a case that has been going on for years, which according to forecasts will sanction the blocking of the transfer of Facebook data across the Atlantic. For years Meta has been fighting against European activists for the protection of privacy about how data is sent to the United States. Courts have repeatedly ruled that the company does not adequately protect the privacy of European users, who may be spied on by US intelligence agencies such as the National Security Agency NSA.
Although yes focus on Meta, the case has widespread ramifications, with potential consequences for thousands of companies in Europe that rely on the services of Google, Amazon, Microsoft and more. At the same time, US and European negotiators are trying to finalize a new, long overdue data sharing agreement that will limit the information that US intelligence agencies can get their hands on. If the negotiators fail to come to an agreement, people's privacy will remain at risk and billions of dollars of trade will be jeopardized.
The state of the art At the beginning of July the Irish Data Protection Commission - Facebook's leading data regulator in Europe - published a preliminary version of a ruling that would block the sending of Meta data in the United States. Although the details are unknown, if the decision is implemented it could create a Facebook blackout across Europe.
Under the GDPR - the European regulation on data protection - EU member states had thirty days to review Ireland's decision on Meta and respond with any changes or complaints. Time has now run out. A spokesman for the Irish regulator said "some" objections have been received from a "small" number of countries, which the body is working on. According to experts, these are presumably minor legal issues, and not requests to overturn the sentence.
Possible scenarios How likely is it that Meta will actually withdraw its services from Europe? The chances of this scenario occurring are quite slim. Meta said it had "no desire" to leave the continent: in February the company published a post on the corporate blog titled "Meta is absolutely not threatening to leave Europe". The more than thirty European countries reached by its services constitute a profitable market for society, and interrupting them even temporarily could be very costly. This would be a similar situation to what happened when the company briefly banned the publication of news on Facebook in Australia in early 2021, following a dispute with publishers. Although it is not convenient for you to leave Europe, Meta could be forced to change the way data is stored and transferred once the final decision of the Irish regulator is published, even if there is no defined time frame (Meta could also incur a fine).
"My guess is that Meta will have to consider some form of 'geo-siloing' if it is to continue operating in the European Union," says Calli Schroeder, global privacy consultant at Electronic privacy information center, a nonprofit digital rights research organization. Schroeder, who previously worked with companies on international data transfers, says that for Meta this approach could involve setting up their own servers and data centers in the 'EU that are not linked to its larger databases.
According to Harshvardhan Pandit, a computer scientist at Trinity College Dublin who is c conducting a research on the GDPR, since the data protection authorities are still evaluating the case of Meta, the final decision could include several conditions or measures that Meta will have to take to comply.
"I believe that the most pragmatic solution would be to create a European infrastructure, like Google or Amazon do, which have some data centers here ", explains Pandit, adding that Meta could also increase the encryption level of its storage system and maximize the amount of data that it retains in the European Union. However, these measures would be costly. Jack Gilbert, Meta's director and associate general consultant, argues that the issue represents "a conflict between EU and US law in the process of being resolved". Facebook did not specifically respond to questions submitted by sportsgaming.win UK about its adaptation plan to the Irish decision.
European authorities have twice established that current data sharing systems between the Union European Union and the United States do not adequately protect the privacy of citizens. European courts confirmed that international data sharing agreements were not up to par first in 2015 and then again in July 2020, when the Privacy Shield agreement was declared illegal.
"The Union European Union only asks that organizations that transfer data to other countries protect them in accordance with the GDPR - underlines Nader Henein, vice president of research on privacy and data protection at Gartner -. The problem is that in the United States the laws that protect data on 'non-resident foreigners' are woefully insufficient and make it very difficult for organizations like Facebook to comply with local laws and the Gdpr ".
The other services Although it is the subject of the highest profile complaint, Meta does not is the only company to suffer from the lack of clarity on how companies in Europe can send data to the United States. "The problem of data transfer is not limited to Meta - explained David Wehner, director of the financial office of Meta, in a press conference held in July -. It concerns the methods of data transfer in general for all US companies and of the EU to and from the United States ".
The impact of the July 2020 decision that led to the elimination of the Privacy Shield is now being felt. Since January of this year, several European data regulators have ruled that the use of Google Analytics, the traffic monitoring service for the company's websites, violates the GDPR. The Danish authorities have gone further by banning schools from using Chromebooks without restrictions. "There is enormous legal uncertainty and a significant risk of non-compliance," says Gabriela Zanfir-Fortuna, vice president of global privacy at the Future of Privacy Forum, a non-profit think tank.
The new EU-US agreement Politicians are well aware of the problem. In March, US President Joe Biden and European Commission President Ursula von der Leyen announced the development of a new transatlantic data privacy agreement, which will change the way data is sent between the European Union and the United States . The deal will limit the data that US intelligence agencies can access and create a new system that will allow Europeans to file complaints if they believe they have been illegally spied on by US agencies.
However, so far at the announcement no further details followed. In June, US authorities said the deal could be released in the coming weeks, but progress made public so far has been limited. The discussions are ongoing, according to the US Department of Commerce and a spokesman for the European Commission.
The agreement is likely to take some time yet: "Realistically, at this point, we expect a potential decision on the adequacy of this transatlantic data transfer agreement over the next year, perhaps in the first quarter, "says Zanfir-Fortuna. Once the details are published, EU authorities will spend months studying the specifics to see if they are in line with court orders.
EU bodies, however, won't be the only ones looking into the agreement. The text will also be scrutinized by privacy activists and lawyers, who could challenge it further should they find that data sent from Europe to the United States is still not sufficiently protected. "The ongoing disputes are not unjustified, especially when you consider Snowden's revelations and the prevalence of tech giants coming from the United States - Schroeder highlights -. Overall, America must ensure that it is up to the challenge and demonstrate that she can be a good steward in the industry she seeks to be a leader in. "
This article originally appeared on sportsgaming.win UK.
