Potential shutdown of Facebook and Instagram services in Europe has been suggested, if Meta can not process European data on US servers
Meta has buried a blunt warning about the future operation of Facebook and Instagram services in Europe, within its annual report.
Last week Meta published its annual report, which revealed for the first time ever its daily active users was down to 1.929 billion from 1.930 billion DAUs in the previous quarter.
That, coupled with a warning of a $10bn hole in Meta’s finances due to Apple’s privacy changes to iOS, saw Facebook shares fall over 20 percent, wiping over $200 billion off the market value of the firm.
But buried within its annual report to the US Securities and Exchange Commission, Meta warned last Thursday that if it is not allowed to transfer, store and process European user data on US-based servers, it could shut down Facebook and Instagram in Europe.
Meta said if no new framework is adopted and the company could no longer use the current model of agreements, it would probably have to walk away from the continent.
On page 16, where details the risk facing the business, Meta says the following if a new framework is not adopted and the company is no longer allowed to use the current model agreements may result in “limitations on our ability to offer a number of our most significant products and services, including Facebook and Instagram, in Europe as a result of European regulators, courts, or legislative bodies determining that our reliance on SCCs or other legal bases we rely upon to transfer user data from the European Union to the United States is invalid.”
Meta stressed the need for data sharing between countries and regions, which it says is crucial for the provision of its services and targeted advertising.
Meta makes the majority of its money from advertising.
The issue of transferring European user data to American servers has long been a bug bear for the European Commission and privacy campaigners.
Data used to be transferred to the US under the Safe Habour agreement, but the European Court of Justice in 2015 suspended the original Safe Harbour agreement.
It was suspended in the wake of the Edward Snowden revelations about the scale of US and its NSA agency spying on friends and allies.
The Privacy Shield (or Safe Harbour 2.0) was then drafted, but the United States and the European Union were forced to change it after an initial agreement submitted in February 2016 was rejected by European Watchdogs for not being robust enough.
The two sides then agreed to stricter rules for companies holding information on Europeans and clearer limits on US surveillance. And this reworked Privacy Shield agreement was then approved by EU member states and adopted in July 2016.
The European Commission’s Privacy Shield data framework replaced the EU-US Safe Harbour deal which had been in place since 2000, but right from the start it proved controversial with ongoing concerns about US spying.
The Privacy Shield had been designed to help firms on both sides of the Atlantic to move the personal data of European citizens to the United States without breaking strict EU data transfer rules.
Then in July 2020 the European Court of Justice struck down the transatlantic data transfer deal, due to ongoing concerns about US surveillance of European data by American intelligence agencies.
Since then, the EU and the US have been working on a new or updated version of the treaty.
It is understood that in addition to the Privacy Shield, Meta also uses so-called model agreements, or Standard Contractual Clauses, as the primary legal basis for processing data from European users on American servers.
These model agreements are equally under scrutiny in Brussels and other parts of the EU.
Meta told City AM that the firm had no desire to withdraw from the European market, but admitted it may be forced to.
“We have absolutely no desire and no plans to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organisations and services, rely on data transfers between the EU and the US in order to operate global services,” a Meta spokesperson told City AM.
“Like other companies, we have followed European rules and rely on Standard Contractual Clauses, and appropriate data safeguards, to operate a global service,” the spokesperson said.
“Fundamentally, businesses need clear, global rules to protect transatlantic data flows over the long term, and like more than 70 other companies across a wide range of industries, we are closely monitoring the potential impact on our European operations as these developments progress.”
And now a European lawmaker has pushed back at Meta over the threat to withdraw.
“I have always called for an alternative to the EU US #privacyshield to find a balanced agreement on data exchange + always called for #GDPR flexibility,” tweeted Axel Voss.
“However, #META cannot just blackmail the EU into giving up its data protection standards, leaving the EU would be their loss.
Voss is a MEP for the Rhineland in Germany.