Previously, data transfers were safeguarded by the Privacy Shield, a transatlantic pact. However, this framework was invalidated in 2020 by the EU’s top court due to its failure to protect data from US surveillance programs. The ruling was a response to a claim by Austrian lawyer Max Schrems, whose legal battle against Facebook originated in 2013 with Edward Snowden’s revelations about US surveillance practices.
Although Meta has now been ordered to halt data transfers, there are several caveats that favor the US social media giant. Firstly, the ruling only applies to Facebook data, excluding other Meta entities like Instagram and WhatsApp. Secondly, there is a five-month grace period before Meta must cease future transfers and a six-month deadline to halt the storage of existing data in the US. Lastly, the EU and US are currently negotiating a new data transfer agreement, expected to be implemented between this summer and October.
