The newly renamed Meta Platforms (the company formerly known as Facebook) is once again threatening to shut down two of its most popular social media services in the European Union (a move that would be devastating for the company's bottom line while also instigating a backlash from EU consumers) if EU regulators don't strike a more suitable agreement on a new data privacy arrangement with regulators in Washington.
Meta said that if it couldn’t rely on new or existing agreements to shift some data back to the US using "standard contractual clauses," then it would "likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe," according to Bloomberg. The warning came in Meta's annual report.
This isn't the first time the company has threatened to cut off its services in Europe: Meta raised the prospect of pulling the plug in last year's annual report, too. It also threatened to block news articles from being shared on its platform in Australia after a court ruling there required social media firms to pay news organizations for use of their content.
"We have absolutely no desire and no plans to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organizations and services, rely on data transfers between the EU and the US in order to operate global services," a Meta spokesman said in an emailed statement.
But Meta's continuedthreats highlight "the increasing tension between the social media company and lawmakers over the ownership of user data" collected on Facebook's platforms.
Ultimately, the issue must be worked out between the European Commission and Washington. The two sides are currently enmeshed in negotiations with Washington over its data transfer policy. These discussions "take time given the complexity of the issues discussed and the need to strike a balance between privacy and national security."
A spokesman for the commission told BBG on Monday that "only an arrangement that is fully compliant with the requirements set by the EU court can deliver the stability and legal certainty stakeholders expect on both sides of the Atlantic."
All of this stems from a 2020 legal battle between Facebook and Ireland, during which the court ruled that Facebook couldn't use "standard contractual clauses" as a basis for transferring user data back to servers in the US. Facebook tried to appeal that decision, but the Irish court rejected the appeal.
The spokesman continued...
"Only an arrangement that is fully compliant with the requirements set by the EU court can deliver the stability and legal certainty stakeholders expect on both sides of the Atlantic," the spokesperson added.
But what's the point of all these European data laws? Four years after the passage of the EU's General Data Protection Regulation, many critics are warning that the new regulations have almost no impact on consumer choice - and instead of mostly just become an annoyance for tech companies and users alike.
About a week ago, the NYT's Joe Nocera wrote in the paper's daily "Dealbook" email newsletter that Europe's GDPR regulations haven't worked like their architects had hoped. Turns out, nobody reads the "cookie" warnings that sites are required to push to readers - so this whole notion about making an "informed" choice just went completely out the window. It has created a whole new concept called "consent optimization."
That’s not how things turned out. The last time a pop-up window appeared on a website and asked whether you would allow cookies to gobble up your personal data, did you actually read the fine print or think for more than five seconds before you pressed “accept”? Me neither. “No one reads cookie banners,” said Max Schrems, an Austrian privacy advocate who played a key role in pushing for the regulation.
"They’ve become almost a useless exercise." Actually, it is worse. In practice, the proliferation of cookie banners has both numbed people to their purpose and given companies yet another way to manipulate users. Companies have turned cookie banners into a tool that does the opposite of what regulators intended.
You’ve heard of “search engine optimization”? There are now firms, called consent management platforms, that are promising “consent rate optimization”— meaning they create cookie banners that will move people to hit the “accept” button.
One simple example: According to one study, removing the “opt out” button on the front page of the cookie banner increases consent by 22 or 23 percentage points. Some of these companies say they can achieve a consent rate of 90 percent.
Given the decision by the Irish courts, and the European Commission's unflagging support for its GDPR, it doesn't look like the negotiations between the EU and Washington will be resolved in CEO Mark Zuckerberg's favor. That's unfortunate since, as the NYT explained above, Europe's data privacy rules haven't made much of a difference to consumers.