Will Europe Force a Facebook Blackout?

“My guess is that Meta will have to look at some kind of geolocation if they want to continue operating in the EU,” says Calli Schroeder, global privacy counsel for the Electronic Privacy Information Center, a digital rights research nonprofit. organization Schroeder, who previously worked with companies on international data transfers, says this approach could mean Meta would have to create its own servers and data centers in the EU that are not connected to its wider databases.

Harshvardhan Pandit, a computer science researcher at Trinity College Dublin who is researching the GDPR, says that because data authorities are still considering Meta’s case and a final decision has yet to be issued, it could include various caveats or steps that Meta should take fall online. For example, a recent data protection decision in Europe gave a six-month period for a company to make changes to its business.

“I think the most pragmatic solution would be for them to build the European infrastructure, like Google or Amazon, which have quite a few data centers here,” Pandit says, adding that Meta could also introduce more encryption into how it stores data and maximize how much it stores in the EU All these measures would be costly, however. Jack Gilbert, director and associate general counsel at Meta, says the issue is “in the process of being resolved.” Facebook did not specifically respond to questions about its plan to respond to the Irish decision.

European officials have twice ruled that the systems set up to share data between the EU and the US do not adequately protect people’s data – complaints have been ongoing since the early 2010s. European courts ruled that the international data sharing agreements were not up to par first in 2015 and then again in July 2020, when the Privacy Shield agreement was ruled illegal.

“All the EU requires when organizations transfer data to other countries is to protect that data in accordance with the GDPR,” says Nader Henein, research vice president specializing in privacy and data protection at Gartner. “The problem is that US laws protecting the data of ‘non-resident aliens’ are woefully inadequate and make it very difficult for organizations like Facebook to comply with local law and the GDPR.”

While Meta is the focus of the most high-profile complaint, it is not the only company affected by the lack of clarity over how companies in Europe can send data to the US. “The data transfer issue is not specific to Meta,” David Wehner, Meta’s chief strategy officer, said on a July earnings call. “It refers to how the data of all US and EU companies is generally transferred back and forth to the US.”

The impacts of the July 2020 decision to get rid of the Privacy Shield are now being felt. Since January of this year, several European data regulators have ruled that the use of Google Analytics, the company’s traffic monitoring service for websites, violates the GDPR. The Danish authorities went even further: schools cannot use Chromebooks without restrictions. “There’s a lot of legal uncertainty and there’s significant compliance risk,” says Gabriela Zanfir-Fortuna, vice president of global privacy at the Future of Privacy Forum, a non-profit think tank.

Source link

Leave a Reply