The enactment of the EU General Data Protection Regulation (GDPR) has elevated the significance of personal data protection for institutions operating in the European Union (EU) and beyond. Global tech companies like Meta Platforms Inc. (Meta), Google, and Microsoft have faced heightened scrutiny in this regard. Meta and the EU have recently engaged in a diplomatic dispute over data protection issues affecting EU citizens. Meta has threatened to withdraw Facebook and Instagram from the EU unless data transfers to the US can continue, as negotiations are underway to replace the invalidated transatlantic data transfer pact.
Though it would be wrong to say that personal data protection issues were not stressed before the enactment of the EU General Data Protection Regulation (GDPR); however, ever since the advent of GDPR, the matter of data protection has been at the heart of importance for institutions whose activities involve keeping and/or sharing personal data in the European Union (EU) and elsewhere. It has been a superlative concern, particularly for major global tech companies such as Meta Platforms Inc. (Meta), Google, Microsoft etc.
Meta and the EU, in recent times, have been in a diplomatic brawl over the issues of data protection of EU citizens. Both Meta and the EU seem to be very bellicose in their approach which is indeed not a good thing for the overall U.S.-EU relationship and of course for the millions of Facebook and Instagram users in the EU.
Meta has warned to pull Facebook and Instagram from the EU if it cannot keep transferring data of the EU users back to the U.S. while negotiations are ongoing between the regulators to substitute the transatlantic data transfer pact that was struck down by the Court of Justice of the European Union (CJEU) in July 2020 in a case known as ‘Schrems II’ brought by an Austrian privacy advocate Max Schrems, who complained that the Facebook data contract clauses do not provide adequate protection to the Europeans from the government inspection and monitoring in the U.S. The CJEU has categorically stated that it is impossible to ensure that the data of the EU citizens are adequately protected once they enter the U.S. According to some experts and renowned journalists such a decision will have a significant implication on the U.S. companies and the U.S. Congress, since it calls the adequacy of privacy protection in the United States into question.
Meta said in its annual report published on 3 February 2022, “If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs (standard contractual clauses) or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.”
However, in an emailed statement a Meta spokesperson said, “We have absolutely no desire and no plans to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organizations, and services rely on data transfers between the EU and the U.S. in order to operate global services.”
Reactions are also coming from the EU counterparts with the same kind of pugnaciousness. French Finance Minister Bruno Le Maire said that “digital giants must understand that the European continent will resist and affirm its sovereignty.”
A German Minister said, “Life has been fantastic without Facebook and Twitter.”
A European lawmaker said, “Meta cannot just blackmail the EU into giving up its data protection standards.” A counterargument can, however, be made that, are the U.S. data protection law standards not compatible with that of its EU counterpart. But frankly speaking, such conversational jousts will bring favorable outcomes for either of the parties.
Following these skirmish statements from both sides, Meta has already seen their shares fell as much as 4.5% in trading in New York earlier this month.
A meek statement has been put forward by a spokesperson of the European Commission who said, “Only an arrangement that is fully compliant with the requirements set by the EU court can deliver the stability and legal certainty stakeholders expect on both sides of the Atlantic.” The question therefore arises, is the ball in the court of the CJEU?
On a different note, while both sides are making aggressive statements over the shutting down of Facebook and Instagram in the EU, are they keeping the millions of Facebook and Instagram users in the EU into consideration, for whom using these social media has essentially become an inextricable part of their lifestyle, education, work and, professional activities? While we are concentrating outright on the legal aspects of personal data protection and rightly so, are we not advertently/inadvertently averting our eyes from the rights of the individuals to make personal choices? All we know today, the last word has not been spoken yet..