Facebook warns privacy rules could force it to exit European market – Ars Technica

Facebook warns privacy rules could force it to exit European market  Ars TechnicaView Full Coverage on Google News


Enlarge / Facebook’s European headquarters in Dublin.
Brian Lawless – PA Images / Getty

Facebook has warned that it could be forced to pull out of the European market if European regulators push forward with limits on data sharing between the European Union and the United States.

Until this year, an arrangement called Privacy Shield allowed US technology companies to move data easily between the two jurisdictions. But Europe’s highest court nixed that arrangement in July, arguing that US law lacks robust protections against surveillance by the US government.

In the wake of that ruling, Ireland’s privacy regulator ordered Facebook to stop sending data on European users to its US data centers. Ireland’s Data Protection Commission (DPC) leads enforcement of European privacy regulations with respect to Facebook because Facebook’s official European headquarters is in Dublin.

“In the event that [Facebook] were subject to a complete suspension of the transfer of users’ data to the US, as appears to be what the DPC proposes, it is not clear to [Facebook] how, in those circumstances, it could continue to provide the Facebook and Instagram services in the EU,” Facebook data protection official Yvonne Cunnane wrote in a court filing made earlier this month in Dublin and first reported on Monday.

She notes that Facebook and Instagram have a combined 410 million monthly active users in Europe and claims that Facebook is “an important tool for freedom of expression.” She also notes that Facebook ads have driven billions of dollars’ worth of business to European businesses.

Cunnane argued that the Irish regulators were rushing through the data transfer ban without giving Facebook adequate time to respond. Facebook has been given three weeks to react to Ireland’s proposed ban, and Cunnane argues that the Irish authorities seem to already have their mind made up on the issue.

More specifically, Cunnane argues that a single Irish official, Data Protection Commissioner Helen Dixon, has too much authority over the regulatory process. Cunnane writes that traditionally, the initial investigation into a company’s practices is carried out by a different official than the official who makes the subsequent ruling on possible remedies for problems identified in an investigation.

But in this case, Facebook says, Dixon will play both roles, which Facebook considers a violation of its due process rights. So Facebook is asking an Irish court to intervene in the case to ensure that Facebook gets a fair hearing.