2 min

Facebook and Instagram are staying online for the foreseeable future. The Irish Data Protection Authority (DPA) wants to tighten the reins on Meta, but not every member state supports its case.

Ireland’s DPA proposed a ban on intercontinental data transfers from Meta in July, threatening to remove Facebook and Instagram from Europe. Recently, the DPA’s of several member states objected, meaning the ban’s off the table for now.

Each European member state has a DPA. The authorities enforce the GDPR among organizations based in their countries. Meta has a European headquarters in Ireland. Hence, the Irish Data Protection Authority is responsible for Meta.

The authority has a problem with the way in which Meta transfers European personal data to the United States. We explained the reasons in a previous article. The authority wants to change the rules in order to tighten the reins on Meta, but that’s easier said than done.

All DPAs work together under the European Data Protection Board (EDPB). The Irish DPAs proposal can only go through if the entirety of the EDPB agrees. A number of DPAs recently objected.

Objections

Graham Doyle, the commissioner of the Irish Data Protection Commission (DPC), told the Irish Business Post that “some objections have been received from a small number of Data Protection Authorities in this case”. Doyle added that the DPC is “currently assessing the objections and will engage with the relevant authorities to try and resolve the issues raised”.

It could take months to years for the case to resume. The DPC started a similar procedure against data transfers from WhatsApp in 2018. The verdict came three years later.

Max Schrems, an activist and lawyer that fought multiple privacy cases against Meta, expects significant delays. Meta can file multiple appeals to delay the case. Delays are valuable to Meta, because the European Union and United States are currently drafting a guideline for legal data transfers between the EU and the US.

If Meta succesfully postpones the case until the guideline is in place, the biggest problem is out of the way. The guideline gives Meta a safe alternative to exchange data with the US. The risk of a fine for data transfers in recent years remains, but a fine is a far cry from an all-out ban.

Tip: Data privacy: from necessary security step to competitive advantage