Europeans risk seeing social media services Facebook and Instagram shut down this summer, as Ireland’s privacy regulator doubled down on its order to stop the firm’s data flows to the United States.
The Irish Data Protection Commission on Thursday informed its counterparts in Europe that it will block Facebook-owner Meta from sending user data from Europe to the US The Irish regulator’s draft decision cracks down on Meta’s last legal resort to transfer large chunks of data to the US , after years of fierce court battles between the US tech giant and European privacy activists.
The European Court of Justice in 2020 annulled an EU-US data flows pact called Privacy Shield because of fears over US surveillance practices. In its ruling, it also made it harder to use another legal tool that Meta and many other US firms use to transfer personal data to the US, called standard contractual clauses (SCCs). This week’s decision out of Ireland means Facebook is forced to stop relying on SCCs too.
Meta has repeatedly warned that such a decision would shutter many of its services in Europe, including Facebook and Instagram.
“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Meta said in a filing to the US Securities and Exchange Commission in March this year.
The Irish blocking order, if confirmed by the group of European national data protection regulators, is likely to send a chill through the wider business community too, which has been scratching its head about how to continue sending data from Europe to the US following the EU’s ball court ruling in 2020.
The EU and US are in the midst of negotiating a new data-transfer text that would allow companies like Meta to continue to ship data across the Atlantic irrespective of the Irish order. Brussels and Washington in March agreed to a preliminary deal at the political level, but negotiations on the legal fine print have stalled and a final deal is unlikely to be reached before the end of the year.
A spokesperson for the Irish DPC confirmed that the draft decision had been sent to other European privacy regulators, who now have a month to give their input, but wouldn’t discuss details of the decision.
“This draft decision, which is subject to review by European Data Protection Authorities, relates to a conflict of EU and US law which is in the process of being resolved,” a Meta spokesperson said. “We welcome the EU-US agreement for a new legal framework that will allow the continued transfer of data across borders, and we expect this framework will allow us to keep families, communities and economies connected.”
This article has been updated to add a comment from Meta.