Ireland’s data watchdog has sent a draft of its final decision to other EU regulators on whether Meta can continue transferring EU data to the US.
Meta may soon have to halt Facebook and Instagram data transfers between the EU and US, as an updated draft ruling by the Irish Data Protection Commission (DPC) was shared with other EU regulators yesterday (7 July).
The data watchdog has been investigating whether Meta’s transatlantic data-sharing practices comply with EU rules.
It follows the Schrems II case in 2020 that struck down Privacy Shield, the data privacy tool that allowed for the transfer of European data to US companies, and said transfers of personal data from the EU could only take place if there is a sufficient level of protection.
Because the EU does not consider US data protection to be adequate, data transfers can only take place through mechanisms such as standard contractual clauses.
While the temporary measure has allowed for data flow to continue, the DPC has been probing the matter and a spokesperson confirmed to Reuters yesterday that it has informed its EU counterparts of a draft final decision.
Details of the decision have not been made public, but the DPC previously proposed that Meta may have to cease its EU-US transfers as its use of standard contractual clauses in respect of European user data does not comply with GDPR.
Other EU regulators now have a month to weigh in on the draft ruling before a final decision is made.
The Irish DPC leads the regulation of tech companies such as Meta under GDPR because Ireland is the European base for many US companies. In March, it slammed a €17m fine on Meta for not complying with GDPR requirements in the context of a dozen data breaches.
‘Long-term solution on EU-US data transfers needed’
In February, the DPC issued a revised preliminary decision to Meta in relation to its data transfer inquiry.
A Meta spokesperson told SiliconRepublic.com at the time that the DPC had asked for “further legal submissions” after sending the draft decision. They added that this was “not a final decision” and was part of an “ongoing process that has some way to run”.
“Suspending data transfers would be damaging not only to the millions of people, charities and businesses in the EU who use our services, but also to thousands of other companies who rely on EU-US data transfers to provide a global service,” the Meta spokesperson said.
“A long-term solution on EU-US data transfers is needed to keep people, businesses and economies connected.”
Earlier this year, Meta threatened shut down Facebook and Instagram in the EU market because of the legal quagmire around the flow of data across the Atlantic.
The European Commission and the US Government have started negotiations on a successor arrangement to the Privacy Shield that would comply with the Schrems II ruling, but an agreement has yet to be finalised.
Meta is not the only Big Tech company being impacted by the current lack of a data transfer deal between the EU and US.
The Austrian data protection authority found earlier this year that the use of Google Analytics by an Austrian website did not comply with EU data protection law due to data being transferred to the US. Similar decisions were later made by authorities in France and, most recently, Italy.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.