Irish Data Protection Commission could decide to ban EU-US data transfers for Meta

Ireland’s Data Protection Commissioner has recommended that Meta not be allowed to send personal data on Europeans across the Atlantic to the US, Politico reports. The regulator sent a draft opinion on the matter to the other national privacy regulators in the EU for their approval.

The European Court of Justice in 2020 annulled the EU-US pact on trans-Atlantic data flows, called the Privacy Shield, because of fears over US surveillance practices. In its ruling, it also made it harder to use another legal tool that Meta and many other US firms use to transfer personal data to the US, called standard contractual clauses (SCCs). The DPC warned Meta at the time that it should stop data transfers to the US. If the DPC’s latest decision is confirmed, it would mean Facebook is forced to stop relying on SCCs too.

Meta has warned previously that such a decision would spell the end for many of its services in Europe, including Facebook and Instagram. It could also mean other companies are forced to halt the transfer of personal data between the EU and US, until a new agreement can be reached that meets the requirements of the EU’s General Data Protection Regulation.

A spokesperson for the Irish DPC confirmed that the draft decision had been sent to other European privacy regulators, who now have a month to give their input. They wouldn’t discuss details of the decision. The Irish DPC is the lead regulator for Meta in the EU, while other regulators have the right to comment on its decision as part of power-sharing agreements in the EU.

Meta said in a response that the conflict was between the EU and US, and they are in the process of resolving the legal issues.