It’s been a bad year for Facebook so far. They recently revealed that they may have improperly shared the details of 87 million users with a third-party, the now-infamous political consulting firm Cambridge Analytica. Then, on Wednesday, Mark Zuckerberg himself admitted during a press conference that “malicious actors” may have took advantage of Facebook to obtain the public data of all or most of Facebook’s 2.2 billion strong user base.
Data transfer between the EU and US had come under fire in the Irish courts, due to a dispute in the clause Facebook Ireland uses to send data back to its international parent, Facebook US. EU data protection and privacy laws are among the strongest in the world, and as such, any data pertaining to EU citizens cannot be transferred outside Europe without strong assurances in place that the data will be processed under EU-compliant terms. While the US data protection laws are considered inadequate for European data, many international tech companies circumvent this using a model known as “standard contractual clauses”, whereby the parent company (Facebook US, in this example) enters into a contract with their EU subsidiary (Facebook Ireland) which pledges to meet the EU’s strict rules. Ireland is home to the European headquarters of 9 out of 10 of the of the world’s largest social media companies, and standard contractual clauses have been considered legally acceptable by the EU since 2001.