Meta hints at European exit over decision of data watchdog

She noted that a decision from the DPC regarding the transfer of data across the Atlantic Ocean is due on or before May 12 in order to give effect to 2020 findings that such transfers are invalid, given the security agency surveillance in place for all communications at the American end.

Ms Li said the company expects that a new transatlantic ‘data privacy framework’ will be in place before the suspension of such data transfers — which affects all companies, not just Meta — can take place.

“We cannot exclude the possibility that it will not be completed in time,” she said, however.

We will also evaluate whether and to what extent the DPC decision could otherwise impact our data-processing operations, even after a new data privacy framework is in force.

Privacy and data consultant Daragh O’Brien said Meta's statement indicates a strategy of “creating political concern” that a possible pullout is in the works.

DPC decision

“It is par for the course, and is a point we should all be paying attention to. The DPC’s decision will have implications for all variety of other services like Microsoft 365 and Google Suite, anything with the potential for data to be transferred to the US,” he said.

If this were a small thing Meta would not have felt the need to mention it. But this is a huge, systemic risk to the company. 

"It had to mention it; it is no small thing by any stretch of the imagination,” Mr O’Brien added.

Meta’s concerns relate to a decision by the Court of Justice of the EU (CJEU) in July 2020 which invalidated the Privacy Shield agreement in place between the US and the EU in terms of transatlantic data transfers.

That decision had its origins in an action taken by Austrian privacy activist Max Schrems to the DPC, the regulator for Facebook since the company’s European operations are headquartered in Ireland, objecting to the transfer of personal data to the US given the known surveillance carried out on such communications by the American government’s intelligence agencies.

The DPC was instructed earlier in April by the European Data Protection Board, the European grouping for national privacy regulators, to officially make an order putting a stop to the EU/US data transfers.

Meta is the second tech multinational to voice concerns regarding the pending DPC decision this week, after Microsoft used its own quarterly report to warn of the effect shutting off US data transfers would have on its business.