The Drum: Meta may be forced to suspend services in Europe over data transfer concerns — but it’s only the first domino to fall

July 8, 2022

“Meta is one of the largest data processing companies in the world — they have global reach and the volume and scope of personal data that they collect and transfer is truly enormous,” says Calli Schroeder, global privacy counsel at Electronic Privacy Information Center, a Washington, DC-based nonprofit organization dedicated to raising awareness about privacy-related issues. “If the draft decision bars them from transferring EU data, my guess is that they will have to set up internal controls to immediately geo-silo Europe to ensure they no longer collect or transfer data from Europe … if they are unable to ensure that no EU data is transferred to the US, Meta would have to stop doing business in the EU until this is resolved.”

Any company that regularly transfers data on EU users to the US — including other tech titans like Google and Amazon — will likely be feeling the pressure right now, and, per Schroeder, “should consider … what technical and procedural measures they could take” if their ability to transfer data becomes more restricted.

Beyond the business implications of the DPC’s decision, the move signals a broader concern about the US’ stance on data protection and privacy. “[This move] can … be viewed as a warning from Europe that the US has not taken EU laws and enforcement seriously enough,” Schroeder notes.

A possible solution? A new, more stringent EU-US data transfer agreement. Regulators in both regions have already been negotiating a framework to replace Privacy Shield, and Schroeder predicts that it’s “very likely” they’ll reach a deal. The DPC’s new draft order is likely to increase pressure on regulators to finalize a deal.

Read the full article here.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.