The EU has strict data protection requirements regarding the transfer of personal data from Europe to the United States and in 2016, the EU and United States agreed to a framework for data transferred between continents, called the Privacy Shield.
But that Privacy Shield was invalidated in July 2020 by the Court of Justice of the European Union (CJEU).
Europe’s new laws require users’ data to be kept and processed on General Data Protection Regulation (GDPR)-complaint servers in Europe.
In addition, Meta currently relies on Standard Contractual Clauses (SCCs) to transfer data, which the company says have been “subjected to regulatory and judicial scrutiny.”
The company said (pdf) it received a preliminary draft decision from the Irish Data Protection Commission in August 2020 that Meta’s reliance on SCCs to transfer European data was not in compliance with the EU’s GDPR.
The Irish Data Protection Commission proposed that such transfers of user data from the EU to the United States should therefore be suspended.
The tech giant warned that its processing of data across continents is crucial for its business, particularly for ad targeting, and that if it is not given the option to transfer, process, and receive data from its European users on U.S.-based servers, both Facebook and Instagram risk being shut down across Europe.
“We are also subject to evolving laws and regulations that dictate whether, how, and under what circumstances we can transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which we operate and data shared among our products and services,” the company said.
“If we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect our ability to provide our services, the manner in which we provide our services or our ability to target ads.”
Meta went on to clarify that it thinks it will be able to reach new agreements on new transatlantic data transfer frameworks in the first half of 2022.
However, it warned that “if a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe.”
This, it said, could “materially and adversely affect” the company’s business and finances and overall operations.
The company also expressed concern about data privacy laws that are currently being weighed by several countries.
“In addition, some countries, such as India, are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services,” the company wrote.
“New legislation or regulatory decisions that restrict our ability to collect and use information about minors may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions.”
Source: The Epochtimes