Meta says it may shut down Facebook and Instagram in Europe over data-sharing dispute
Meta has said it is considering shutting down Facebook and Instagram in Europe if it can't keep transferring user data back to the U.S.
The social media giant issued the warning in its annual report last Thursday.
Regulators in Europe are currently drawing up new legislation that will dictate how EU citizens' user data gets transferred across the Atlantic.
Facebook said: “If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs (standard contractual clauses) or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe.”
The company added this “would materially and adversely affect our business, financial condition, and results of operations.”
“Meta cannot just blackmail the EU into giving up its data protection standards,” European lawmaker Axel Voss said via Twitter, adding that “leaving the EU would be their loss.” Voss has previously written some of the EU's data protection legislation.
A Meta spokesperson told CNBC on Monday that the company has no desire and no plans to withdraw from Europe, adding it has raised the same concerns in previous filings.
“But the simple reality is that Meta, and many other businesses, organizations and services, rely on data transfers between the EU and the U.S. in order to operate global services,” they said.
The European Commission did not immediately respond to a CNBC request for comment.
In August 2020, Ireland's Protection Commission sent Facebook a preliminary order to stop transferring user data from the EU to the U.S., according to a report from The Wall Street Journal that cited sources familiar with the matter.
“The Irish Data Protection Commission has commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers,” Nick Clegg, Facebook's vice president of global affairs and communications, said in a blog post at the time.
“While this approach is subject to further process, if followed, it could have a far-reaching effect on businesses that rely on SCCs and on the online services many people and businesses rely on,” he added.
Ireland's Data Protection Commission is expected to issue a final decision in the first half of 2022.
If SCCs can't be used as the legal basis for transferring data, Facebook would have to silo off the majority of the data it collects on European users. The DPC could fine Facebook up to 4% of its annual revenue, or $2.8 billion if it failed to comply.
Court ruling
In July 2020, the European Court of Justice ruled the data transfer standard between the EU and the U.S. doesn't adequately protect European citizens' privacy.
The court, the EU's highest legal authority, restricted how U.S. firms could send European user data to the U.S. after concluding EU citizens had no effective way to challenge American government surveillance.
U.S. agencies such as the NSA can theoretically ask internet companies like Facebook and Google to hand over data on an EU citizen and that EU citizen would be none-the-wiser.
The ECJ ruling came after Austrian privacy activist Max Schrems filed a lawsuit in light of the Edward Snowden revelations arguing that U.S. law did not offer sufficient protection against surveillance by public authorities. Schrems raised the complaint against Facebook which, like many other firms, was transferring his and other user data to the U.S.
The court ruling invalidated the EU-U.S. Privacy Shield agreement, which enabled firms to send EU citizen's data across the Atlantic. As a result, companies have had to rely on SCCs.
Meta表示,如果不能继续将用户数据传回美国,它正在考虑关闭欧洲的Facebook和Instagram。 这家社交媒体巨头上周四在其年度报告中发出了警告。
欧洲的监管机构目前正在制定新的立法,规定欧盟公民的用户数据如何跨大西洋传输。
Facebook 表示:“如果不采用新的跨大西洋数据传输框架,我们无法继续依赖 SCC(标准合同条款)或依赖从欧洲到美国的其他替代数据传输方式,我们可能无法在欧洲提供我们一些最重要的产品和服务,包括 Facebook 和 Instagram。”
该公司补充说,这“将对我们的业务、财务状况和经营业绩产生重大不利影响。”
“Meta 不能只是勒索欧盟放弃其数据保护标准,”欧洲立法者 Axel Voss 在 Twitter 上表示,并补充说“离开欧盟将是他们的损失。” Voss 此前曾编写过一些欧盟的数据保护立法。
Meta 发言人周一告诉 CNBC,该公司没有意愿也没有计划退出欧洲,并补充说它在之前的文件中提出了同样的担忧。
“但简单的现实是,Meta 和许多其他企业、组织和服务依赖欧盟和美国之间的数据传输来运营全球服务,”他们说。
欧盟委员会没有立即回应 CNBC 的置评请求。
据《华尔街日报》援引知情人士的话报道,2020 年 8 月,爱尔兰保护委员会向 Facebook 发出了一项初步命令,要求其停止将用户数据从欧盟传输到美国。
“爱尔兰数据保护委员会已开始对 Facebook 控制的欧盟-美国数据传输进行调查,并建议 SCC 在实践中不能用于欧盟-美国数据传输,”Facebook 全球事务和通信副总裁尼克克莱格表示。在当时的一篇博文中。
“虽然这种方法需要进一步处理,但如果遵循,它可能会对依赖 SCC 的企业以及许多人和企业所依赖的在线服务产生深远的影响,”他补充说。
爱尔兰数据保护委员会预计将在 2022 年上半年发布最终决定。
如果 SCC 不能用作传输数据的法律依据,Facebook 将不得不孤立它收集的欧洲用户的大部分数据。 DPC 可以对 Facebook 处以高达其年收入 4% 的罚款,如果不遵守,则罚款 28 亿美元。
法院判决
2020 年 7 月,欧洲法院裁定欧盟与美国之间的数据传输标准未能充分保护欧洲公民的隐私。
欧盟最高法律机构法院在认定欧盟公民无法有效挑战美国政府监控后,限制了美国公司将欧洲用户数据发送到美国的方式。
理论上,美国国家安全局等机构可以要求 Facebook 和谷歌等互联网公司交出欧盟公民的数据,而欧盟公民则不明智。
欧洲法院的裁决是在奥地利隐私活动家马克斯施雷姆斯根据爱德华斯诺登的爆料提起诉讼后作出的,他认为美国法律没有提供足够的保护来防止公共当局的监视。施雷姆斯对 Facebook 提出了投诉,该公司与许多其他公司一样,正在将他和其他用户数据转移到美国。
法院的裁决使欧盟-美国无效。隐私盾协议,使公司能够将欧盟公民的数据发送到大西洋彼岸。因此,公司不得不依赖 SCC。