While TikTok remains in the firing line due to concerns that it may be sharing data on US citizens with the Chinese Government, the case may have also highlighted rising global concerns over data sovereignty, and the risks associated with sharing user data between nations.
Earlier this month, the European Union privacy regulator sent a preliminary order to Facebook which called for it to suspend data transfers about its EU users back to the US. According to the order, EU officials are increasingly concerned about potential surveillance practices by the US Government, and are now looking to limit such by restricting the flow of user information.
That would essentially force Facebook to keep EU user data in Europe, and implement new restrictions on data-sharing between nations. Which, of course, would be expensive, restrictive and would make things increasingly complicated for The Social Network.
And now Facebook has issued an official response, saying that, if such rules are implemented, it may be forced to stop operating both Facebook and Instagram in Europe entirely.
As reported by Vice, Facebook noted that:
“If the decision is upheld, “it is not clear to [Facebook] how, in those circumstances, it could continue to provide the Facebook and Instagram services in the EU,” said Yvonne Cunnane, who is Facebook Ireland’s head of data protection and associate general counsel.”
Facebook and Instagram have more than 410 million combined users in the EU region, and all them, theoretically, would lose access to both platforms, if Facebook were to follow through with this threat.
Of course, that’s not very likely. Not only would Facebook lose a lot of money and market share, but it would also be a drastic action to take in response to data privacy measures. A more likely scenario would eventually see Facebook forced to establish EU-only data centers, which may be the eventual outcome.
But the fact that Facebook would threaten a full pull-out underlines the significance of the concern, and the rising concerns over data-sharing between nations.
Facebook actually threatened similar recently in Australia, which is seeking to implement new regulations that would force both Facebook and Google to pay Australian news publishers for the use of their content.
In response to the proposed Australian regulations, which Facebook says are ‘counterproductive’, the company has also noted that it would also have to:
“…reluctantly stop allowing publishers and people in Australia from sharing local and international news on Facebook and Instagram.”
That’s not the same as a full ban, but the threat matrix is the same – if you want to implement tougher restrictions, we’ll simply stop serving that element.
In the Australian case, it makes more sense – Facebook is not reliant on Australian publisher content, and eliminating such from its service likely won’t have significant impacts. But cutting off all of Europe would obviously be a much bigger shift, and one that Facebook would be very reluctant to undertake.
Is it possible? Yes, but as noted, the more likely final outcome will see Facebook, potentially, forced to implement specific data centers in Europe, and create new access separations to keep user data in each region safe.
Which, really, could be the way of the future in all regions. Not only would that establish clearer boundaries in regards to data privacy, but by implementing new regulations relating to data separation for apps of a certain scale, it could also ensure that social platforms pay their fair share in local tax, rather than using regional tax havens to avoid full tax obligations in each nation.
This is a key issue in various nations – and incidentally, the crux of the Australian press case. All of the major tech platforms minimize their tax obligations where they can by using lower-cost nations to house their local data centers and operations. But if new regulations forced them to keep local user data within each nation, that would also require them to establish home bases in each, which could see them properly taxed under local laws.
Of course, that’s a far more complex undertaking, and as noted, there would need to be parameters set around company size in order to avoid restrictions on newer apps looking to establish their presence. But with serious questions now being raised about the ways in which user data can be weaponized, in various form, it makes sense that more regions are looking to implement rules around data access separation.
And that could have big impacts on the future of the space.
Right now, it’s still fairly preliminary – the new regulations have been proposed, and Facebook’s opposing them in the strongest manner it can. But it’s an interesting case to watch, which could have much broader implications for the company, and the tech sector in general, moving forward.