The data and advertising group Facebook has indicated that it could withdraw from the European business if it could not act as it wanted due to data protection regulations. “It is not clear (Facebook) how it can continue its services Facebook and Instagram in the EU under these circumstances,” wrote Yvonne Cunnane, lawyer at Facebook Ireland, in an affidavit to an Irish court.
The Irish data protection authority had started investigations into Facebook’s data transfers to the states after years on the instructions of the European Court of Justice. However, the Irish privacy advocates have not yet made a final decision. However, the EU’s General Data Protection Regulation prohibits the transfer of personal data to non-EU countries. As far as the USA was concerned, there was first the Safe Harbor Agreement, and later the Privacy Shield, to allow such a transfer. But the ECJ had overturned both agreements, and Facebook was not allowed to invoke the standard contractual clauses as long as the USA could access the data of Europeans with its own surveillance laws. The Austrian data protection activist Max Schrems had brought an action before the ECJ. Schrems, himself a lawyer, had long accused the Irish data protection authority of inaction. Now, according to the instructions of the ECJ, the data protection commissioner there could no longer do otherwise and had to investigate. Facebook sued the investigation in an Irish court, while the proceedings are paused.
There have been better times for Facebook. Times when many of the company, which had exploded into a billion-dollar company, believed that it was really about connecting people. Those days are over and hardly a day goes by without Facebook or one of its daughters Whatsapp and Instagram making negative headlines. While in the US the focus is on influencing the upcoming presidential election, in Europe it is mainly about data protection.
How Facebook tried to wriggle out of it
A few months ago, the group started a kind of charm offensive, led by former British Vice Prime Minister Nick Clegg. Facebook boss Mark Zuckerberg had also publicly stated on several occasions that he even wanted the company to be regulated, you couldn’t do that yourself. But while other companies managed to adapt to the requirements of European data protection, Facebook tried to wriggle out of it. Facebook even wrote a letter to the European Parliament stating that data would continue to be transferred to the USA despite the ECJ rulings, based on the standard contractual clauses.
The reason for this is obvious: Facebook’s business is to use the collected data to build up a great deal of knowledge about its users with the aim of being able to offer their advertisers the most meaningful profiles possible. Above all, the aggregation of the data provides valuable insights. The more activities of many users can be evaluated, the more precisely trends can be peeled out and conclusions can be drawn about other users if their behavior is similar. Saving the data of the European users separately would at least be laborious, and it might also reduce their informative value.
And how should it go on now? In the short term, the EU will try to adapt the standard contractual clauses, but in the long term there will be no avoiding looking for a common path in data protection for the western states. In any case, the current situation cannot stay that way. Smaller companies in particular, which do not have hordes of lawyers on hand like corporations, are overwhelmed by the chaos that is now prevailing. They need clear rules that last longer than Safe Harbor and Privacy Shield.