Over the summer, the Court of Justice of the European Union struck down a longstanding data-sharing framework known as the Privacy Shield, which allowed companies operating in the U.S. and European Union to transfer user data within those regions.
As the EU has been strengthening privacy protections for consumers in recent years, regulators and lawmakers across the pond have become increasingly concerned about U.S. government surveillance of European users. Furthermore, U.S. data protections are not nearly as stringent as European requirements imposed by the General Data Protection Regulation (GDPR).
Facebook (NASDAQ:FB) has long stored data on its European users in data centers located within the U.S., and the Irish Data Protection Commission (DPC) has ordered the social networking conglomerate to stop sending data to the U.S. Facebook is rather upset about the prospect, and is now threatening to shoot itself in the foot by pulling out of Europe altogether.
Europe represents nearly a quarter of revenue
Facebook is fighting the DPC decision and argues that it can't reasonably run Facebook and Instagram if it's forced to stop transferring user data to the U.S.
"Indeed, in the event that [Facebook] were subject to a complete suspension of the transfer of users' data to the US, as appears to be what the DPC proposes, it Is not clear to [Facebook] how, in those circumstances, it could continue to provide the Facebook and Instagram services in the EU," Facebook's head of data protection and privacy in Ireland Yvonne Cunnane wrote in an affidavit this month.
Facebook suggests that the DPC is targeting the company unfairly, as the regular is not imposing similar restrictions on peer tech companies.
Shuttering Facebook and Instagram in the EU would be devastating for Facebook's business. The eponymous platform has 410 million monthly active users (MAUs) in Europe, although it's unclear how many Instagram MAUs are in the region. Facebook has generated $75.2 billion in total trailing-12-month (TTM) revenue, of which $18 billion -- nearly a quarter -- has come from Europe. That's a massive chunk of the company's top line that would vanish overnight if Facebook follows through with its threat.
Facebook points out that removing those services would have major impacts on European consumers in businesses. Cunnane estimates that there are 25 million businesses in Europe that use Facebook's services to grow sales and reach more customers. The platform helped facilitate 208 billion euros in sales in 2019.
Social media services "are an important tool for freedom of expression and as a medium to access, consume and share information," Cunnane noted. The flip side of that argument is that, like in other parts of the world, Facebook has facilitated the rampant spread of misinformation and conspiracy theories regarding COVID-19 and political topics in Europe. Clamping down on that dissemination would probably be a good thing?
Why so serious?
It's not uncommon for countries to dictate where user data should be stored. China is particularly strict, for example. Even Apple, a champion of user privacy, caved to the Chinese government's demands years ago to store Chinese user data at a state-controlled company in The Middle Kingdom, despite the Chinese government's widespread surveillance of its citizens.
Facebook already has existing data centers in Europe, located in Sweden, Denmark, and Ireland. It doesn't seem that unreasonable to ask Facebook to simply keep or transfer user data to those facilities, particularly when the alternative is wrecking its own business.