The European digital sector, highly dependent on US technology multinationals, has been hanging by a very fine thread for years. A thread over which the scissors of a local regulator fly over, to whom the low-tax policy of his country has given great power. This is the Irish data protection agency, which has decided to cut. The first derivative may be to put Facebook and Instagram in front of the mirror to see if they were serious when they proposed leaving Europe.
Facebook considers freezing hundreds of contracts in Spain after the slowdown in technology
The Irish body has positioned itself on the Standard Contractual Clauses used by Meta (parent of both networks, as well as WhatsApp) to continue sending personal data of Europeans to the US despite the fact that two rulings of the Court of Justice of the EU prohibit it . It is a decision that impacts the entire continent but is made in Dublin because Meta, like many other technology companies, has its headquarters there due to its very favorable taxation.
The Irish authority (DPC) has decided to invalidate data transfers based on the aforementioned Clauses, as revealed this week Political. Since it is a decision that affects the entire EU, the DPC must send the draft resolution to the data protection agencies of each country so that they can position themselves. They have a month to do it.
“The DPC can confirm that we have submitted a draft decision to the other data protection authorities, who have one month to give their opinion. We cannot comment on the content of the draft, since the procedure is still ongoing”, the agency confirmed to elDiario.es.
In February, Meta made it clear that it could shut down Facebook and Instagram in Europe if the Standard Contractual Clauses were invalidated, the thread that hangs both its business and that of many other US tech companies operating on the continent.
Will you do it? “The draft is still subject to review by the European data protection authorities,” a spokeswoman for the multinational answers this medium, who prefers not to answer before the decision is final. Meta is confident that a deal between Brussels and Washington will save its European business, but that deal may not come in time.
Where does all this come from?
Last February, news spread like wildfire in Europe: Facebook and Instagram could leave the EU if they were not allowed to continue exporting European data to the US. The fuse was lit by an official communication from Meta to the US stock market regulator, the SEC, to which the country’s listed companies must give details of the drastic changes that their business could suffer.
“If a new transatlantic data transfer framework is not adopted and we cannot continue to use PPAs [Cláusulas Contractuales Estándar] or to other alternative means of data transfer from Europe to the United States, we may not be able to offer several of our most important products and services, such as Facebook and Instagram, in Europe, which could adversely affect our business, financial condition and results of the operations”, warned Meta.
The statement was quickly interpreted as a threat for the EU to relax its privacy policies. The situation escalated to provoke reactions from the community authorities and the Franco-German axis, which was caught up in the mess in the middle of a high-level meeting. “We would live very well without Facebook,” said the French Finance Minister after being asked about the social network at a press conference, while his German counterpart nodded.
The fire caused Meta to have to issue an official statement assuring that “it is not true” that his comment to the SEC was “a threat.” “We absolutely do not want to withdraw from Europe; of course not. But the simple reality is that Meta, like many other companies, organizations and services, relies on data transfers between the EU and the US in order to operate our global services,” he explained.
The multinational does not want to leave the continent, but revealed the key to why it might do so: “Companies need clear and global rules to protect transatlantic data flows in the long term and, like other companies in a wide range of sectors, We are closely monitoring the potential repercussions for the millions of people and businesses that use our services as these events unfold.”
Events have moved on and the decision of the Irish privacy regulator, which at that time was not yet on the horizon, has already arrived.
Lifeline deal that may not arrive on time
Meta says he wasn’t threatening to leave Europe, but his statement to the SEC sparked movement. Barely a month later, Brussels and Washington agreed to establish a new treaty to provide legal security for transfers of personal data from Europeans made by US technology companies to their country.
It is the third in less than a decade. The previous two were annulled by the Court of Justice of the EU (CJEU), and both for the same reason: US law allows its security agencies to investigate the databases of technology companies without judicial authorization, which is incompatible with Community law.
After the cancellation of the last of those agreements, in 2020, the US technology companies did not stop the shipments, but continued to carry them out under the Standard Contractual Clauses. In his opinion, these annexes to the service contracts that they sign with their European clients allow them to continue making data transfers, an interpretation that the Irish data protection authority is about to knock down.
In its communication to elDiario.es, Meta recalls that it only uses the Clauses due to the absence of an international treaty. “This is a conflict between EU and US legislation that is in the process of being resolved. We welcome the agreement between the EU and the US for a new legal framework that will allow data to continue to be transferred across borders, and we hope that this framework will enable us to keep families, communities and economies connected.” .
The problem with all of this is that the times might not add up. According to the European Commission, the new treaty will not be ready at least until the end of this year. But European privacy agencies must send their assessment to Ireland within a month, starting this week.
There remains the option of a third way to fix the situation for a few months, a possibility that Meta also contemplated in its communication to the SEC. Sources from the multinational emphasize to elDiario.es that they are not the only ones affected by this situation and that if the Clauses fall, a multitude of digital services in Europe could follow them.
“We are not alone. At least 70 other companies from a wide range of sectors, including ten European companies, have also raised the risks around data transfers in their earnings statements.