The company could soon find itself unable to transfer data between Europe and the US and so opt to no longer operate on the continent, it warned.
The warning came as part of Meta’s annual report, filed with the US Securities and Exchange Commission, in which it lays out the current situation of the business – including any threats it could face in the near future.
It noted that its operations are particularly subject to regulations on how data can be transferred or processed between different countries and regions, as well as different products. Any new rules limiting that transfer could lead to significant changes in how it operates, it notes.
One of those changes is the restrictions on Privacy Shield, a framework it has historically relied on to transfer users’ data between the European Union and the US. That framework was invalidated in July 2020.
Meta also relies on another system called Standard Contractual Clauses, or SCCs, which also regulate such transfer, but have similarly been criticised by regulators and legal experts. In 2020, the Irish Data Protection Commission ruled that such agreements is not in line with Europe’s General Data Protection Regulation – and that such transfers should therefore be suspended.
That led the company to suggest that if a final decision did not introduce a new framework for transferring data between the two regions, then Meta could be forced to shut down its apps in Europe.
“If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations,” it wrote.
It also noted that other countries have been pursuing similar restrictions on the transfer and processing of data, which could have similar effects. While it did not threaten to remove products entirely, it said that other data protection regulations in the US, UK, Brazil and elsewhere could force it to make significant changes to the ways it operates its products.
A decision on Meta’s use of SCCs is as expected as soon as the first half of this year, meaning that any shutdown could come soon after.
But large companies regularly suggest that they would have to pull products and services from use in an attempt to influence lawmakers, or simply to offer a worst-case scenario to investors and others – and it is possible that Meta would find a way to continue offering profitable products such as Facebook and Instagram even in the face of changes to data protection regulation.