Will Europe Force a Facebook Blackout?

Advertisement

While Meta is the focus of the most high-profile complaint, it isn’t the only company impacted by a lack of clarity on how companies in Europe can send data to the US. “The data transfer issue is not Meta-specific,” David Wehner, Meta’s chief strategy officer, said in a July earnings call. “It relates to how in general data is transferred for all US and EU companies back and forth to the US.”

The impacts of the July 2020 decision to get rid of Privacy Shield are now being felt. Since January of this year, multiple European data regulators have ruled that using Google Analytics, the company’s traffic-monitoring service for websites, falls foul of the GDPR

Advertisement
. Danish authorities went even further: Schools can’t use Chromebooks without restrictions being put in place. “There is a ton of legal uncertainty, and there is a significant compliance risk,” says Gabriela Zanfir-Fortuna, vice president of global privacy at Future of Privacy Forum, a nonprofit think tank.

Politicians are well aware of the problems. In March, US president Joe Biden and European Commission president Ursula von der Leyen announced a new Trans-Atlantic Data Privacy Framework, which will change the way data is sent between the EU and US. The deal, which will be introduced by executive order, will limit what data US intelligence agencies can access and will create a new system where Europeans can complain if they think they’ve been illegally spied upon by US agencies.

However, since the deal was announced, no specifics—including any legal texts—have been published. In June, officials said the deal could be published in the coming weeks, but so far, there has been little public progress. The US Department of Commerce says discussions are still taking place, including a meeting between both sides last week. (A European Commission spokesperson says work on the new agreement is ongoing, but they do not have a timeline that can be shared.) The longer the negotiations take, the more blocking orders will drop. “Obviously, if that framework is not complete, we would be in jeopardy of being able to transfer data,” Facebook’s Wehner said earlier this year.

Advertisement

The deal is likely to take a while yet. “Realistically, at this point, we’re looking at a potential adequacy decision for this Trans-Atlantic data transfers framework sometime next year—maybe the first quarter of next year,” Zanfir-Fortuna says. Once the details have been published, EU officials will spend months scrutinizing the specifics to see if they fall in line with court orders.

And they won’t be the only ones pouring over it. Privacy activists and lawyers will also be looking at the agreement and could launch further legal challenges if they find that data moving from Europe to the US still isn’t protected strongly enough. “The continued challenges are not unwarranted, particularly considering the Snowden revelations and the prevalence of Big Tech firms coming out of the US,” Schroeder says. “As a whole, America really needs to make sure we rise to the challenge of showing that we can be good stewards of the industry that we’re trying to be leaders in.”

Advertisement