Facebook and Instagram’s parent company, Meta, is threatening to shut down its European operations if EU regulators don’t allow the company to share personal user data back to the United States. The SEC filing relates to a key European Union Court of Justice ruling, Shrems II, that declared the longstanding EU/US data-sharing tool, Privacy Shield, no longer legal.
The move throws the data collection and transfer practices of several major tech companies into light, though Meta is the first to make an official statement on the situation and how it might affect its business—and its users.
So, is Meta about to pull Facebook and Instagram out of Europe?
Why Is Meta Threatening to Pull Facebook and Instagram From Europe?
In the full SEC filing, Meta explains that the recent changes to Privacy Shield will fundamentally alter their business model, making it impossible to offer existing “products and services” to its European users.
If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.
Meta’s primary business is selling advertising spaces based upon the data it collects on its users. Instagram and Facebook account for somewhere between 400 million and 500 million users. Losing out on this data would be extremely damaging to Meta’s targeted advertising (despite Meta claiming to the contrary).
Why Is the Privacy Shield No Longer Legal?
So, back in 2011, Austrian lawyer Maximillian Schrems analyzed 1,222 pages of information Facebook held about him after requesting the data from the company. He found that Facebook held onto information he believed he had deleted from the service along with other information that had been shared without his permission. Schrems lodged a complaint with the Irish data protection commissioner, where Facebook was registered for tax purposes.
Roll forwards to 2020, and the EU Court of Justice found that Privacy Shield, the law that enables US companies and authorities to collect information on EU citizens, was fundamentally flawed. Privacy Shield did not provide enough safeguarding for EU user data (in the EU, user data protection laws are more stringent than the US) and it did not provide adequate means for EU citizens to content issues with the US government regarding personal data privacy breaches.
With the data transfer vehicle of the Privacy Shield no longer lawful, companies like Meta, Google, Amazon, and Microsoft will all have to consider their European operations. Considering that the cloud computing services offered by Google, Amazon, and Microsoft make up a huge chunk of the internet as we know it, Meta is far from the only major tech company facing a major data headache.
Will Meta Pull Facebook and Instagram?
Most industry experts believe Meta’s statement is an empty threat. European Union regulators have been working with their US counterparts in an attempt to shape a new deal for months. It’s just that it hasn’t yet crossed the line and as Meta’s stock price and company value takes a beating elsewhere, shifting the focus is a useful distraction for the social media giant.
In an emailed statement, a Meta spokesperson said, “We have absolutely no desire and no plans to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organizations and services, rely on data transfers between the EU and the US in order to operate global services,” reiterating the company’s desire to assist with getting new data deal done.
The long and the short of it is that there is zero benefit for Meta pulling out of Europe. It would tank its share price, wipe billions from its value, and cut off millions of users from its services. There is little doubt that a Privacy Shield replacement will eventually come into force but will likely feature more stringent protection for EU citizen data than the previous arrangement.
European Facebook and Instagram users have very little to worry about until then.