Meta, the company founded by Mark Zuckerberg and running the social networks Facebook and Instagram, has been facing increasing controversy over its data privacy management for many months.
The phenomenon is not new and goes back to the Cambridge Analytica scandal, which revealed in 2018 a massive leak of data from the social network that was then exploited for political purposes. This time, Ireland is raising its voice in the face of what it considers to be an unreasonable leak of data collected on European soil to be used in the United States. The country has just blocked the transfer of its citizens’ data to the U.S., and is asking its EU neighbours to do the same. If no agreement is reached in the coming weeks, Meta’s social networks could be banned from the continent.
Ireland was chosen a few years ago to be the headquarters of Facebook because of its advantageous tax conditions. Mark Zuckerberg’s company used the so-called “double Irish” technique: the Irish tax law does not apply to transfers to the United States, allowing huge sums of money transferred from Dublin to the United States to escape the radar. Thanks to this mechanism, Facebook-Meta, for example, would have paid only 0.7% tax on its $15 billion in profits in 2018, according to calculations by Europe1. But the European Union had put an end to this little tax optimization game. The American firm was forced to liquidate all its holdings on Irish soil at the end of 2020.
Meta’s troubles with Ireland are not limited to tax issues. A few months ago, Ireland fined Meta €17 million for non-compliance with its data protection policy—an insignificant sum considering the profits made by Meta, which has had a fund of €1 billion set aside since 2021 to settle such fines. The fine is but a symbolic reckoning.
But on Thursday, July 7th, the tone went up a notch. The Irish Data Protection Commission took the unprecedented decision to block all data transfers between Europe and the United States. The commission then sent its report to its European neighbours. The European data protection institutions have one month to give their opinion on the matter.
The European Court of Justice in 2020 annulled an EU-U.S. data flows pact called Privacy Shield because of fears over American surveillance practices. A rule regarding the transfer of personal data had been imposed, referred to as ‘standard contractual clauses’ (SCCs), but now a new perennial transatlantic data-transfer framework has to be drafted. Brussels and Washington in March agreed to a preliminary deal at the political level, but negotiations on the legal fine print have stalled, and a final deal is unlikely to be reached before the end of the year, says Politico.
Ireland’s new decision means Facebook is forced to stop relying on SCCs too, making the conclusion of a new agreement even more urgent. Despite this warning signal, the Meta firm is confident that the time has not come for it to leave Europe. “This provisional decision, which must be submitted to the European data protection authorities for review, is linked to a conflict between European law and American law that is being resolved,” its representative explained to Politico.
Negotiations are therefore ongoing. For the time being, there is no indication that an agreement is being reached. Beyond the Irish case, the firm has been drowning for several months in a flood of regulations from all the countries where it is deployed to guarantee data protection, and it would seem that it is not fully able to manage this new challenge.