By Conor Humphries
DUBLIN (RockedBuzz via Reuters) – A new pact to facilitate the secure transfer of EU citizens’ personal data to the United States may not enter into force in time to avoid a suspension of Facebook’s transatlantic data flows, Europe’s top regulator said on Tuesday of the US company.
Facebook owner Meta, which has warned that an outage could force it to shut down Facebook’s services in Europe, declined to comment on the possible timing of the regulator’s decision or whether the new pact would go into effect.
European Union regulators led by Irish Data Protection Commissioner (DPC) Helen Dixon are finalizing a ban on the legal tool Facebook used to transfer European user data over concerns that US intelligence agencies could access it.
In an interview, Dixon said the ban could take effect by mid-May, while a new EU-US data protection framework that would provide an alternative basis for transfers could take longer.
“There’s definitely a possibility. More than a possibility, I would say,” said Dixon, who is the top European regulator for US tech companies, including Apple, Google and Twitter, as their regional headquarters are in Ireland.
“They could be very close in timeline or the DPC’s suspension order could go into effect earlier,” Dixon told RockedBuzz via Reuters. “Things are going over the edge.”
The suspension could set a precedent for other companies. It must be signed by other European regulators by April 13, after which Dixon said he would have another month to issue a ruling.
A spokesperson for Meta said the company “welcomes the progress made by policy makers to ensure the continued transfer of data across borders and awaits the regulator’s final decision on the matter.”
Officials said the new EU-US framework, which aims to offer EU citizens the same level of data protection as under European law, could be ready by summer. “They’re still talking about July,” Dixon said.
It would face a legal challenge from critics who believe it is too weak. Two previous US-EU pacts, Safe Harbor and Privacy Shield, have been struck down by the European Union’s highest court.
Dixon said she and her fellow regulators were positive about the new deal and that the European Commission was confident it would survive the judicial challenge.
Critics, such as privacy activist Max Schrems, accused Dixon and his office of being underresourced and too soft, a charge he denied.
“We’re really hitting our stride, working at a pace,” said Dixon, whose office issued fines worth more than €1bn last year, about two-thirds of the fines issued in the EU and Britain combined last year.
It is working on 22 large-scale international cases, including against Google, Meta and Tik Tok, after concluding 17 cases last year, he said.
It plans to increase its staff to about 250 this year from 200 last year and from 27 when Dixon joined in 2014.
(Writing by Conor Humphries; Editing by Tomasz Janowski)