Google, Meta face EU data blackout as watchdog ruling on contracts looms
Meta Platforms Inc.’s stark warning of a retreat from Europe may just be the start, as one of the region’s top privacy watchdogs prepares a decision that could paralyze transatlantic data flows and risk billions in revenue for tech giants.
The Irish data protection authority, which polices the Silicon Valley tech giants that have flocked to the nation, is soon to weigh in on the legality of so-called standard contractual clauses used by Meta, Alphabet Inc.’s Google and others to legally transfer swathes of user data to the US for processing.
Privacy experts say the imminent decision could eliminate one of the only remaining options for Meta and potentially thousands of other companies that rely on shipping vast amounts of commercial data across the Atlantic.
The Irish authority already cast doubt on the legality of the SCCs in an interim opinion, saying they failed a key test of protecting European citizens from the prying eyes of US agencies.
Such is the tension around the ruling, that Meta warned in its latest annual report that it will “likely be unable to offer services” including Facebook and Instagram in the EU if it’s unable to use SCCs.
Facebook produced $8.2 billion in revenue in Europe over the last quarter of 2021, about a quarter of global revenue. While the UK will count for a significant portion of that and will not be impacted by the ruling on SCCs, the region is a serious money maker for Meta, beaten only by its home market of the US and Canada.
There is no easy work-around. Storing data in Europe may not be feasible for any service based on customer interactions across the world, from gaming to video streaming, because European data rules follow a person’s information, no matter where it is.
Meta’s business model, like that of Alphabet’s Google, relies on collecting enough data to discern what users might be interested in or want to purchase, and to serve them relevant ads. The company is already hampered by Europe’s privacy rules and a ban on SCCs would likely make its business model more expensive and less effective to run.
“What’s at stake here are the entire data transfers to the US and the services that depend on them,” said Johannes Caspar, an academic who recently stepped down as one of Germany’s top data protection regulators.
Despite its latest comments in its annual report that it would “likely be unable” to offer Facebook and Instagram in Europe if regulators ruled that SCCs were unfeasible, Meta has also stated — most recently in a blog post that it’s “absolutely not” threatening to leave Europe, a plea that Nick Clegg, now Meta’s leading policy executive, originally made in September 2020.
Meta declined to comment. Google pointed to a January blog post by Kent Walker, its head of global affairs which called for a rapid end to the impasse over a replacement to a EU-US privacy pact that was struck down by the EU’s top court in 2020 over longstanding fears that citizens’ data wasn’t safe from American surveillance.
“The stakes are too high — and international trade between Europe and the US too important to the livelihoods of millions of people — to fail at finding a prompt solution to this imminent problem,” he said.
Should the Irish authority double down on its interim opinion over the contractual clauses, the doomsday scenario for Meta and its rivals of a tech blackout has started to emerge.
The Irish authority’s decision “could now be a precedent which will cause the whole situation to slide,” said Caspar. “It’s up to politicians in the US to avoid plunging their tech industry into chaos.”