For a platform that likes to keep reminding us over and over and over again that it prizes our individual privacy, Facebook’s done a pretty piss-poor job of actually following through. Over the past few months, we’ve seen the company purposefully prevent any of us from opting out of this sort of data-mining machine, while later accidentally sharing that data with thousands of developers — both locally and abroad. Now, it looks like the data-hoovering giant is trying to weasel out of not only its promises to consumers, but the assurances it made to regulators, too.
This news comes from Bloomberg, which first reported that Facebook was attempting to push back against Ireland’s Data Protection Commission — the de facto national authority responsible for enforcing data-protection laws across the entire EU. Earlier this week, the Wall Street Journal reported that these Irish authorities sent Facebook a preliminary order asking that the company stop sending the data of European citizens back to the company’s Silicon Valley HQ, or risk a multibillion-dollar fine from local authorities.
To back up a bit, Ireland isn’t acting alone here. Its order came not long after the entire Court Justice of the European Union officially invalidated a set of longstanding rules, known as the Privacy Shield, meant to ensure that the data of EU citizens could be safely held on the servers of U.S.-based tech companies like Facebook and Google without the federal government getting its hands on it. Without any meaningful alternative to the Shield, companies like Facebook are left trying to prove to EU regulators that they can be responsible for EU users’ data — and without the legislative promise that imbued them with some degree of trust that they enjoyed until now.
But when pushed against a wall by the Irish regulator, Facebook didn’t reach into its usual bag of tricks: It didn’t downplay its ties to the always-lurking, all-American dragnet, launch into incredibly flimsy facades about its care for consumer choice, or point any fingers at China. Instead, it just pointed out that the proposal to keep the EU’s data off of Facebook’s American servers would be bad for business.
“A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from COVID-19,” Facebook’s VP of Global Affairs, Nick Clegg, said in a blog post earlier this week.
“The impact would be felt by businesses large and small, across multiple sectors. In the worst case scenario, this could mean that a small tech start up in Germany would no longer be able to use a US-based cloud provider. A Spanish product development company could no longer be able to run an operation across multiple time zones. A French retailer may find they can no longer maintain a call centre in Morocco.”
Facebook’s no stranger to using small businesses as a makeshift shield when it’s looking to dodge some weighty regulations or curry favour among the parties trying to pass them. But none of these imaginary international companies are the subject of the EU watchdog’s ire right now — Facebook is. And Facebook, even in the best-case scenario, has a lot of money on the line here. If it doesn’t want to constantly fork over a percentage of its revenue in fines to the European government, it needs to make a good-faith effort to actually cut off these transatlantic data flows from the roughly 400 millon Facebookers based in the region.
Because “data” is kind of a squishy term, technically everything from hiring protocols to cloud services would need to be upended under Ireland’s proposal, since these sorts of jobs often run the risk storing some sort of data from the EU in one of Facebook’s servers. And as the Journal points out, these same stipulations could easily be floated to just about every other major tech company, even if Facebook pushes back. And like Facebook also pointed out, taking this stipulation one step too far has the potential to completely upend trillions of dollars expected to pass between the U.S. and EU digital markets this year. And considering how our trade deals with the region have grown kinda frosty under Trump’s tenure, it’s safe to say that this kind of shock to our e-economy is the last thing we really need right now.
Granted, all of this is the worst-case scenario. Ireland’s data watchdog gave Facebook until “mid-September” to respond to the order, as sources close to the deal told Bloomberg. Once they do, the commission plans to send out a new draft of the order to the 26 other data authorities across the EU for “joint approval” from all sides.
But right now, Facebook isn’t proposing any solutions; it’s leaving it to the EU to come up with a legislative answer that meets privacy standards while also allowing Facebook to bring data to its U.S. servers. And as long as it demands that, it’s admitting that it will always put profits over privacy.