In what would surely add on to the compounding problems that Facebook — and social media companies in general, Ireland’s data regulator has sent a preliminary order to Facebook, barring it from sending user data back to the US. The order, which sources close to the matter have confirmed to The WSJ, was sent by Ireland’s Data Protection Commission to Facebook late last month, asking for the company’s response.
The move could be the first significant step that the European bloc has taken, after it ruled on a similar vein in July. In its July ruling, EU had said that it would prohibit Facebook from sending data of EU users, back to the US. The bloc cited EU users’ inability to question or argue US government surveillance, as the prime reason for its ruling.
In a statement to WSJ, Facebook has sort of confirmed this preliminary order. While talking to the Journal, Nick Clegg, Facebook’s top policy and communications executive, confirmed that Ireland’s privacy regulator has suggested, as part of an inquiry, that Facebook can no longer in practice conduct EU-U.S. data transfers using a widely used type of contract.
“A lack of safe, secure and legal international data transfers would damage the economy and prevent the emergence of data-driven businesses from the EU, just as we seek a recovery from Covid-19,” Clegg told WSJ.
If found failing in compliance of this order, Ireland has the power to charge upto 4% of Facebook’s annual revenue as a fine. In current terms, and looking at Facebook’s blockbuster earnings, that fine would amount to roughly $2.8Bn, a significant financial blow to any major tech company.
But it is important to note that the order is preliminary in nature and may or may not see the light of the day. Ireland will do multiple round of consultations before fleshing out a final order, a process that takes several months. And even though Ireland leads EU privacy enforcement for Facebook, it will have to consult other EU regulators since this involves cross-border rulings.
The regulator meanwhile, has given Facebook until mid-September to respond to the notice. Post receiving a response, the commission will then send it to the other 26 regulators in the EU, as mandated by the Union’s privacy law.