- Facebook warned it may stop operating its core app and Instagram in Europe if it’s forced to suspend transfers of EU data back to the US.
- In a court filing on the decision, Facebook said it has 410 million monthly active users in Europe.
- Facebook’s legal fight with Ireland’s Data Protection Commissioner (DPC) stems from a preliminary order issued earlier this month by the DPC questioning the legal validity of the mechanism Facebook currently uses to send data back to the US.
Facebook says it may stop operating its core app and Instagram in Europe, thanks to new regulations impacting how it transfers data from the EU to the US.
The company filed an affidavit to Ireland’s high court on September 10, with Ireland’s Business Post being the first to report on the document on Sunday.
In the affidavit, Facebook challenged a preliminary order issued by Ireland’s data privacy watchdog the Data Protection Commissioner (DPC) earlier this month, which threatened to block Facebook from transferring EU data back to the US over privacy concerns.
“In the event that the Applicant [Facebook] were subject to a complete suspension of the transfer of users’ data to the US, as appears to be what the DPC proposes, it is not clear to the Applicant how, in those circumstances, it could continue to provide the Facebook and Instagram services in the EU,” wrote Facebook Ireland’s head of data protection and associate general counsel Yvonne Cunnane, adding that Facebook has 410 million monthly active users in Europe.
A Facebook spokesman denied that this constituted a threat to withdraw from the EU.
“Facebook is not threatening to withdraw from Europe. Legal documents filed with the Irish High Court set out the simple reality that Facebook, and many other businesses, organizations, and services, rely on data transfers between the EU and the US in order to operate their services,” Facebook’s spokesman said in a statement.
“A lack of safe, secure, and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from COVID-19,” he added.
Vice News, which obtained a full version of Facebook’s affidavit, reported the tech giant also complained it was being treated unfairly, as no other US tech companies had been similarly targeted by the DPC.
The DPC’s preliminary order called into question whether the system Facebook currently uses to send data back to the US, called Standard Contractual Clauses (SCCs) is legally valid in the case of sending data to the US.
SCCs were deemed valid overall as a cross-country data transfer mechanism in July, after the EU dismantled a long-standing EU-US data transfer agreement called Privacy Shield. However to qualify for SCCs, countries have to demonstrate a sufficiently high level of data privacy, and the concern is that US data surveillance is too invasive to match up with the EU’s high standards on privacy.