On Wednesday, Ireland’s Data Protection Commission announced that Facebook should not be sending European data to the U.S. In a recent inquiry by regulators, it is believed that the data transferred to the United States does not protect users from surveillance by American agencies.
If Facebook is found to be in breach of the European data protection laws, it could be fined an amount equal to 4% of its global revenue. That is a couple billion euro’s and big enough to force the tech giant to change its operations.
The order is only a preliminary action, as Facebook has until the end of September to address this issue.
A loophole could be present
The social media company has been transferring data under a legal framework that they call ‘Privacy Shield.’ This framework was made invalid in July by the European Court of Justice. It was decided that the agreement was not satisfactory, and European users’ privacy was not protected adequately.
Facebook’s VP of global affairs and communications, Nick Clegg, said that there is an alternative. He is the former deputy prime minister of Britain. Clegg cited an agreement called the ‘Standard Contractual Clauses’ under which an agreement to transfer data is still valid.
Even so, the inquiry by the Irish Data Protection Commission on Facebook E.U. to U.S. data transfers ruled out the effectiveness of that clause.
Significant impacts on all transatlantic businesses
The invalidation of the Privacy Shield will have significant impacts on companies that deal with customer data directly. Clegg said that the invalidation has created uncertainty for more than just U.S. tech companies. Businesses with transatlantic data flow will have to find a way to stay compliant. This can also mean, without transferring data.