In a preliminary decision from 2020, the Data Protection Commission (DTC), Ireland’s CNIL, found that transfers of personal data of European citizens to the United States by Meta violated the GDPR. The final decision, initially expected for the first half of 2022, is blocked by objections from other European CNILs, according to information communicated on August 10 by the DTC spokesperson, and reported by Politico.
Facebook and Instagram could have been removed from the EU this summer
Meta warned: if the DTC’s decision is validated, Facebook and Instagram will close on the European continent. A threat, a term challenged by the American giant, explicitly mentioned in a report submitted to the American stock market policeman at the start of the year. It took little for this scenario to arise this summer.
China: new suspects in a corruption case that affects the semiconductor sector
At the beginning of July, the DTC informed its European counterparts that it intended to prevent Meta from transferring sensitive data from Europeans to the United States. Since the end of the Privacy Shield, quashed by the Court of Justice of the European Union in 2020, these flows have been governed by the mechanism of “standard contractual clauses” (SCC).
It is on these SCCs that the DTC’s decision relates. She wants to prevent Meta from using them and therefore from being authorized to make her transfers. A decision motivated by American laws authorizing the surveillance of said data on its territory. This is the same motivation that led to the invalidation of the Privacy Shield.
Meta felt the wind of the ball, but was saved by the procedures of Brussels. In accordance with the rules in force, the DTC submitted its project to the European CNIL. Some raised objections. These will have to be examined and give Meta a few months of reprieve. Politico recalls that a previous revision took about four months.
If the 27 CNILs fail to agree, it will be up to the European Data Protection Council to decide. Leading to new procedures and a new deadline of one month. Meta also has the option of appealing the final decision.
Meta bets on the future data transfer agreement, currently being negotiated
Europe’s often-criticised bureaucracy can also come in handy in such tricky cases. The European Union and the United States are currently negotiating a new arrangement, a successor to the Privacy Shield, to regulate transatlantic data transfers.
This framework is vigorously demanded by Meta, but also Google and American and European companies. Ursula von der Leyen, President of the European Commission and Joe Biden announced in March that an agreement in principle had been reached. The final text is expected in the first half of 2023.
The delay of the European CNIL procedure could allow Meta not to change anything in its way of managing European data, if it lasts until the adoption of this text.