Facebook is facing a potential suspension of transatlantic data flow due to privacy concerns. European regulators have moved to finalise a ban on the tech giant sending user information to the United States.
New European data-privacy regulations, which come into effect in May 2023, will prevent data transfers from the EU to America due to the risk of surveillance from American intelligence agencies.
The ban will only come into effect if the EU and America fail to confirm a shared ‘Data Privacy Framework’, regulating personal data, that is currently being negotiated. EU regulators are seeking European data to be treated with the same protections in America as those in place in the EU. Two previous attempts at a deal have failed.
The data ban will affect Meta subsidiary Instagram, with EU regulatory efforts led by the Irish Data Protection Commission (DPC) due to Facebook’s European headquarters being based in Dublin. The DPC is regarded by many experts as the regulatory arm of the EU and has previously fined Meta for data protection breaches.
The DPC ordered an update to regulations following a ruling from the European Court of Justice which stated that the American regulators must do more to protect EU user data from government snooping.
DPC director Helen Dixon confirmed that the ban could come into force before a new agreement between the U.S. and EU is achieved, putting pressure on American negotiators:
They could be very close in [the] timeline or the DPC’s suspension order could come into effect in advance … things are coming down to the wire.
It is speculated that the DPC decision to enforce new regulations could be a way for the EU to pressure Facebook and the U.S. government to finalise the new regulatory framework.
A suspension of Facebook’s data transfer would create a legal precedent that could impact Apple, Google, and Twitter, since the Irish DPC is also their primary regulator.
Facebook responded to media inquiries saying the DPC suspension would force it to potentially curtail services in Europe, but did not comment on the timing of the decision. Last year the DPC issued over a billion euros in fines, with 22 ongoing investigations pending against Meta, Google, TikTok, and other tech giants relating to potential misuse of user data.