Over the weekend, several reports suggested that Facebook’s parent company Meta may consider shutting down its services within the EU due to an ongoing legal challenge over how it handles EU user data.
The reports came on the back of this note, which was included in Meta’s most recent SEC update:
“In August 2020, we received a preliminary draft decision from the Irish Data Protection Commission (IDPC) that preliminarily concluded that Meta Platforms Ireland’s reliance on Standard Contractual Clauses (SCCs) in respect of European user data does not achieve compliance with the General Data Protection Regulation (GDPR) and preliminarily proposed that such transfers of user data from the European Union to the United States should therefore be suspended. We believe a final decision in this inquiry may issue as early as the first half of 2022. If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.”
This is not a new thing.
As Meta notes, back in 2020, a European Union privacy regulator sent the company a preliminary order to suspend data transfers to the US about its EU users. The order was based on rising concerns among EU officials in regards to potential surveillance practices by the US Government. The specifics of the perceived threat in this instance were not made clear, but the move did follow shortly after the Trump Administration’s push to ban several Chinese-originated apps from America, including TikTok, due to concerns that they could be used to provide China’s ruling CCP with data on US citizens.
That push didn’t end up going through, and TikTok, as well as many other Chinese apps, continue to operate in the US. But the TikTok example did raise new concerns about the safety of foreign nations tracking citizens through social apps, and the potential ways in which such data could be misused by regional entities, if they were so inclined.
There’s seemingly less cause for concern on this front between the US and EU nations, given their partnership on most fronts. But even so, it is a lingering issue, and as Meta now notes, an official ruling on this case could be coming in the next few months, which could, at least in theory, force Meta to re-assess how it stores user data.
Which could result in it removing Facebook and Instagram from the region.
That would obviously be a big step, and it does seem more like posturing at this stage, as opposed to something that Meta would actually do. But then again, in February last year, Meta did cut off all Australian news publishers from its platforms due to a dispute over revenue share, showing that it is willing to take big action in certain cases.
If it has to. Meta could still come to an agreement about user data transfers, ensuring that it can continue to process EU user data within its US-based data centers. Or it may be forced to keep it all within the region.
Note that Meta does already operate data centers in Ireland, Sweden, and Denmark, and it just recently applied to build another in the Netherlands. So it’s not entirely out of the question that Meta could align with any such requirements, potentially, if it had to. But it would be a significant undertaking, and it could also limit user data analysis, at a time when Meta is already dealing with reduced capacity on this front due to Apple’s iOS 14 update.
The other potential advantage for EU nations here could relate to tax obligations, and ensuring that Meta pays its fair share in each region. If Meta is forced to wholly operate in each nation, and establish fully localized offices, along with data processing, that could limit its capacity to focus on low tax nations to set up regional bases.
That’s a longer bow, and not essentially the focus of this proposal, but the concept is that such regulations ensure data sovereignty in each region, which could also relate to governance in other areas too.
But overall, a full EU shutdown of Facebook and Instagram seems unlikely. Facebook alone has 427 million users in the EU, and it was the only region where it saw any significant growth (+4m MAU) in the most recent quarter. And that’s not including Instagram.
Would Meta really be willing to cut that many people off entirely?
My guess would be that they would need to exhaust all avenues before that happens, and with a ruling not yet finalized, we’re not at that next stage just yet.
UPDATE (2/8): Meta has published a post explaining that has no plans to pull its apps from Europe:
“We have absolutely no desire to withdraw from Europe; of course we don’t. But the simple reality is that Meta, like many other businesses, organisations and services, relies on data transfers between the EU and the US in order to operate our global services. We’re not alone. At least 70 other companies across a wide range of industries, including ten European businesses, have also raised the risks around data transfers in their earnings filings.”
Meta says that the disclosure of this as a risk is in line with the company’s legal requirements to disclose material risks to its investors.