The Turf War Over Personal Data Continues

Written by: Richard Sheinis, Esq.

As many of our readers know, the transfer of personal data from the EU to countries outside the EU is heavily regulated by the GDPR. Companies that transfer personal data from the EU to the US typically use Standard Contractual Clauses, which are intended to provide some assurance that personal data transferred to the US will have the same level of protection as provided by the GDPR. The Standard Contract Clauses have been under fire and sometimes additional protections for the transfer of data are required to be added to the Standard Contract Clauses.

It seems that Mark Zuckerberg and Meta have had quite enough of the multiple hoops they have to jump through to transfer personal data from the EU to the US. Transferring personal data is undoubtedly a big component of the various advertising services that Meta is able to provide, and generates tremendous income for Meta. Meta has warned that if a new framework is not adopted, or if they are no longer allowed to use the current agreements, they will probably no longer be able to offer many of its most significant products and services, including Facebook and Instagram, in the EU.

In today’s world, personal data is money, and any restrictions on a company’s ability to use personal data to offer services can restrict the company’s earnings. I question whether data transfer rules and data localization rules, which require that personal data remain in the country in which it originates, are due to altruistic concerns about protecting data, or a more covert desire to increase the influence of the country’s data sector, including companies that benefit from personal data being stored or processed within its borders.  None of these questions are likely to be answered soon.