Are the values of privacy divergent between the EU and the U.S.?

Though it will be wrong to say that the personal data protection issues were not stressed upon before the enactment of the EU General Data Protection Regulation (GDPR); however, ever since the advent of GDPR, the matter of data protection has been at the heart of importance for institutions whose activities involve keeping and/or sharing personal data in the European Union (EU) and elsewhere. It has been a superlative concern particularly for major global tech companies such as Meta Platforms Inc. (Meta), Google, Microsoft etc.

Meta and the EU, in recent times, have been in a diplomatic brawl over the issues of data protection of the EU citizens. Both Meta and the EU seem to be very bellicose in their approach which is indeed not a good thing for the overall U.S.-EU relationship and of course for the millions of Facebook and Instagram users in the EU.

Meta has warned to pull Facebook and Instagram from the EU if it cannot keep transferring data of the EU users back to the U.S. while negotiations are ongoing between the regulators to substitute the transatlantic data transfer pact that was struck down by the Court of Justice of the European Union (CJEU) in July 2020 in a case known as ‘Schrems II’ brought by an Austrian privacy advocate Max Schrems, who complained that the Facebook data contract clauses do not provide adequate protection to the Europeans from the government inspection and monitoring in the U.S. The CJEU has categorically stated that it is impossible to ensure that the data of the EU citizens are adequately protected once they enter the U.S. According to some experts and renowned journalists such decision will have a significant implication on the U.S. companies and the U.S. Congress, since it calls the adequacy of privacy protection in the United States into question.

Meta said in its annual report published on 3 February 2022 that, “If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs (standard contractual clauses) or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.”

However, in an emailed statement a Meta spokesperson said, “we have absolutely no desire and no plans to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organizations and services rely on data transfers between the EU and the U.S. in order to operate global services.”

Reactions are also coming from the EU counterparts with the same kind of pugnaciousness. French Finance Minister Bruno Le Maire said that “digital giants must understand that the European continent will resist and affirm its sovereignty.”

A German Minister said, “life has been fantastic without Facebook and Twitter.”

A European lawmaker said, “Meta cannot just blackmail the EU into giving up its data protection standards.” A counter argument can, however, here be made that, are the U.S. data protection law standards not compatible to that of its EU counterpart. But frankly speaking, such conversational jousts will bring favourable outcome for neither of the either parties.

Following these skirmish statements from both sides, Meta has already seen their shares fell as much as 4.5% in trading in New York earlier this month.

A meek statement has been put forward by a spokesperson of the European Commission who said, “only an arrangement that is fully compliant with the requirements set by the EU court can deliver the stability and legal certainty stakeholders expect on both sides of Atlantic.” The question therefore arises, is the ball in the court of the CJEU?

On a different note, while both sides are making aggressive statements over the shutting down of Facebook and Instagram in the EU, are they keeping the millions of Facebook and Instagram users in the EU into their consideration, for whom using these social media has essentially become an inextricable part of their lifestyle, education, work, professional activities etc.? While we are concentrating outright on the legal aspects of personal data protection and rightly so, are we not advertently/inadvertently averting our eyes from the rights of the individuals to make personal choice?

Mohammed Rakib-ul-Hassan
Legal Research Analyst
Zazoon AG

Please get in touch should you face data protection challenges info@zazoon.com