wordpress blog stats
Connect with us

Hi, what are you looking for?

Here’s why Meta might stop offering Facebook, Instagram in Europe

Compliance issues with the GDPR has caused Meta to dread similar regulations being proposed in India.

Meta will be unable to offer Facebook and Instagram in Europe if regulators there determine that the current legal basis used by the company for cross-border data transfers is invalid, the company said in a filing with the US Securities and Exchange Commission.

The European Union’s General Data Protection Regulation (GDPR) prescribes the grounds under which data can be transferred from the EU to a third country, and the Irish Data Protection Commission (IDPC) issued a preliminary draft decision in August 2020 stating that Facebook is not in compliance with the regulation. A final decision in this inquiry is expected in the first half of 2022, the company said.

“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs (standard contractual clauses) or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.” – Meta

The outcome of this issue has notable implications for India because the Data Protection Bill, 2021, which was tabled in the parliament last December, has equally stringent restrictions, if not more, on cross-border data transfers as the GDPR.

How can companies transfer data from the EU to a third country and why is Facebook having trouble?

According to the GDPR, data transfers from the EU to a third country are allowed under the following grounds:

  1. Adequacy: If the European Commission has declared that a third country offers an adequate level of protection, then data can be sent to entities in the country without any further safeguards or being subject to additional conditions.
  2. Appropriate safeguards such as SCCs: In the absence of an Adequacy Decision, data transfers can take place if there are appropriate safeguards that provide users enforceable rights and effective legal remedies. Such safeguards include binding corporate rules between companies, contractual arrangements such as the standard contractual clauses (SCCs) approved by the European Commission, or adherence to a code of conduct or certification mechanism.
  3. Other specific situations: In the absence of the above two, transfers can be made “based on a number of derogations for specific situations for example, where an individual has explicitly consented to the proposed transfer after having been provided with all necessary information about the risks associated with the transfer.”

Why is Meta having compliance issues with GDPR?

  1. Invalidation of EU-US Privacy Shield: Facebook initially relied on the EU-US Privacy Shield framework, which was declared as adequate by the European Commission, for transfers between the EU to the US. But this framework was invalidated in July 2020 by the Court of Justice of the European Union (CJEU).
  2. Reliance on SCCs does not achieve compliance: Following the invalidation of Privacy Shield, Facebook has been relying on Standard Contractual Clauses (SCCs), but these are currently under regulatory and judicial scrutiny. The Irish Data Protection Commission (IDPC) preliminarily concluded in August 2020 that Meta Platforms Ireland’s reliance on SCCs in respect of European user data does not achieve compliance with GDPR and proposed that such transfers of user data from the EU to the US should be suspended. Facebook challenged procedural aspects of this IDPC enquiry in September 2020, but in May 2021, the court rejected Meta’s procedural challenges and now a final decision in this enquiry is expected in the first half of 2022, Meta said in its filing.

“If we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect our ability to provide our services, the manner in which we provide our services or our ability to target ads, which could adversely affect our financial results.” – Meta

Implications for India

India’s Data Protection Bill stipulates that all sensitive and critical personal data must be stored in India and can only be transferred outside India under certain conditions:

Advertisement. Scroll to continue reading.
  1. Adequacy: Sensitive personal data can be transferred outside India based on countries meeting adequacy requirements, which will be determined by the government along with the Data Protection Authority.
  2. Contract or intra-group scheme: Sensitive personal data can be transferred outside India based on a contract or intra-group scheme approved by the Data Protection Authority in consultation with the government. This is similar to SCCs of GDPR, but India’s version is more cumbersome and onerous because there is no standard template provided and the central government needs to approve the contract.

In its SEC filing, Meta notes the problems this Bill can pose:

“Some countries, such as India, are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services. New legislation or regulatory decisions that restrict our ability to collect and use information about minors may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions.”

Facebook says it does not want to leave Europe

In response to numerous reports suggesting that Facebook is “threatening” to leave Europe, the company on February 8 published a blog post denying any such reports. The company said:

“There has been reporting in the press that we are “threatening” to leave Europe because of the uncertainty over EU-US data transfers mechanisms. This is not true. Like all publicly-traded companies, we are legally required  to disclose material risks to our investors. Last week, as we have done in our previous four financial quarters, we disclosed that continuing uncertainty over EU-US data transfers mechanisms poses a threat to our ability to serve European consumers and operate our business in Europe.”

Facebook added that “international data transfers underpin the global economy and support many of the services that are fundamental to our daily lives” and that “businesses need clear, global rules to protect transatlantic data flows over the long term.”

Update (February 9, 9:23 am): Added comments from Facebook’s blog post 

Get our white paper on the Data Protection Bill 2021 in your inbox

We may also reach out occasionally with our coverage of the Data Protection Bill and more.
Name(Required)
By filling out this form, you agree to receive a copy of MediaNama's white paper and further information about MediaNama's work and services.

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Advertisement. Scroll to continue reading.
Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

News

The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.

News

In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?

News

The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.

News

The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ