Meta, the parent company of social network giant Facebook and Instagram, recently saw its share price plummet by 20% after below expectation earnings which the company blamed on new privacy rules from Apple.
In its annual report to the U.S. Securities and Exchange Commission, the company has also warned that it will “probably” no longer be able to offer many of its “most significant products and services,” including Facebook and Instagram, in the EU if they are now allowed to process the data of European users in the USA.
The company has so far been operating under the so-called Privacy Shield and Standard Contractual Clause, and the former was declared invalid by the European Court of Justice in July 2020 because of data protection violations, while the latter is under increased scrutiny and may suffer the same fate in the near future.
According to Nick Clegg, Meta’s VP of Global Affairs and Communications, the rules need to be replaced immediately to prevent widespread impact on data-driven businesses in the EU.
“The impact would be felt by businesses large and small, across multiple sectors,” he said.
“Businesses need clear, global rules, underpinned by the strong rule of law, to protect transatlantic data flows over the long term. In the worst case scenario, this could mean that a small tech start up in Germany would no longer be able to use a US-based cloud provider. A Spanish product development company could no longer be able to run an operation across multiple time zones.”
A decision regarding Standard Contractual Clause use by Facebook is expected in the near future, with the Irish Data Protection Commission already telling Meta in August 2020 that it had provisionally concluded that the use of the model agreements was not in line with the GDPR.
Meta warns that if a new framework is not adopted and the company is no longer allowed to use the current model agreements “or alternatives,” the company will have to withdraw its products from the EU.
“While policymakers are working towards a sustainable, long-term solution, we urge regulators to adopt a proportionate and pragmatic approach to minimise disruption to the many thousands of businesses who, like Facebook, have been relying on these mechanisms in good faith to transfer data in a safe and secure way.”
It remains unclear why Facebook has not responded by setting up local data storage and processing facilities in the EU, similar to many other companies such as Google and Microsoft.