Facebook and Instagram going offline for EU users?

Ask most teenagers to imagine a life without their beloved Insta (and their parents without Facebook), and you’ll likely be met with cries of despair. But both services may be shuttered this year due to disagreements about personal data being transferred to the US from the EU.

Ireland’s privacy regulator, the Irish Data Protection Commission, has informed its counterparts on the continent that it will move to block Meta from sending data back to the US. An existing agreement between the US and the EU, the Privacy Shield, was annulled by the European Court of Justice in 2020. The current legal situation is that US companies can transfer data to US sovereign soil via “standard contractual clauses” (SCCs).

Politico.eu reports that another agreement between the two power blocs has hit the rocks over disagreements as to some of the finer points of detail – without this new pact in place, Europeans may have to live their lives without either of Meta’s two big social media platforms.

“If a new transatlantic data transfer framework is not adopted […] we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe,” Meta has said in an earlier filing with the US Securities and Exchange Commission.

A paper discussing the then extant Privacy Shield [PDF] published by University College, London in May 2020 stated “There is minimal scope for a political or legal resolution due to a clash between US national security and surveillance laws and programs, and EU data protection standards and fundamental rights.”

One of the main sources of contention is the differences between the continent-wide standardization of data policy in Europe and the patchwork state-based provisions in the US – the fact that laws and governance are localized makes a full federal agreement between the US and the EU highly complex. The paper also states, “EU data protection law is comprehensive, harmonized and grounded in fundamental rights, in contrast to the limited and inconsistent patchwork of US. data privacy laws and lack of constitutional protection for privacy.”

At the heart of the matter is the US security services’ ability to seize and examine (for security, homeland protection, prevention of crime, etc.) the personal data of European citizens.

There is significant potential for the EU’s more stringent position to be undermined by the actions of the UK – a country that prides itself on its “special relationship” with its ex-colony. If data protection laws are slackened in the post-Brexit legislative program in the UK, the US could find itself a sympathetic ear in its need to get data across the Atlantic.

There are some significant differences between the EU and the US positions on personal data, which can be summarized as businesses in the EU can’t process personal data by default: doing so needs a lawful basis. In the US, the default is to permit access to data, but with the risk of large fines if companies or organizations abuse their power.

It’s interesting to compare the US’s position regarding processing and using foreign nationals’ data for its own purposes (generally thought to be A Good Thing) and its abhorrence that other countries should be able to do the same (China).

Nevertheless, any European government would potentially face a backlash from an electorate deprived of its access to large social networks. While there are “domestic” social platforms in many EU countries (Skyrock, Taringa! and Badoo, for example), none have the ubiquity of Meta’s offerings.

The success of “free” social networks is a testament to the fact that users themselves are either unaware of or unconcerned about their data being freely available, internationally.