New York February 7 2022: Meta (formerly Facebook) is subject to evolving laws and regulations that dictate whether, how, and under what circumstances company can transfer, process and/or receive certain data that is critical to our operations, including data shared between countries or regions in which company operate and data shared among our products and services, as per company filling at exchange.
If a new transatlantic data transfer framework is not adopted and company is unable to continue to rely on Standard Contractual Clauses (SCCs) or rely upon other alternative means of data transfers from Europe to the United States, company will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations.
A L S O || R E A D
Pakistan IT Exports Set To Grow To USD 3.5 Billion This Year
For example, the Privacy Shield, a transfer framework company relied upon for data transferred from the European Union to the United States, was invalidated in July 2020 by the Court of Justice of the European Union (CJEU). In addition, the other bases upon which Meta relies to transfer such data, such as Standard Contractual Clauses (SCCs), have been subjected to regulatory and judicial scrutiny. In August 2020, company received a preliminary draft decision from the Irish Data Protection Commission (IDPC) that preliminarily concluded that Meta Platforms Ireland’s reliance on SCCs in respect of European user data does not achieve compliance with the General Data Protection Regulation (GDPR) and preliminarily proposed that such transfers of user data from the European Union to the United States should therefore be suspended. Company believe a final decision in this inquiry may issue as early as the first half of 2022.
If company is unable to transfer data between and among countries and regions in which company operate, or if company are restricted from sharing data among company’s products and services, it could affect company’s ability to provide our services, the manner in which company provide Facebook services or company’s ability to target ads, which could adversely affect company’s financial results.
Facebook or Meta has been subject to other significant legislative and regulatory developments in the past, and proposed or new legislation and regulations could significantly affect company’s business. For example, the GDPR includes operational requirements for companies that receive or process personal data of residents of the European Union that are different from those previously in place in the European Union, requires submission of personal data breach notifications to company’s lead European Union privacy regulator, the IDPC, and includes significant penalties for non-compliance with the notification obligation as well as other requirements of the regulation.
The GDPR is still a relatively new law, its interpretation is still evolving, and draft decisions in investigations by the IDPC are subject to review by other European privacy regulators as part of the GDPR’s consistency mechanism, which may lead to significant changes in the final outcome of such investigations. As a result, the interpretation and enforcement of the GDPR, as well as the imposition and amount of penalties for non-compliance, are subject to significant uncertainty. In addition, Brazil, the United Kingdom, and other countries have enacted similar data protection regulations imposing data privacy-related requirements on products and services offered to users in their respective jurisdictions.
The California Consumer Privacy Act, which took effect in January 2020, and its successor, the California Privacy Rights Act, which will take effect in January 2023, also establish certain transparency rules and create new data privacy rights for users. In addition, effective December 2020, the European Union’s ePrivacy Directive includes additional limitations on the use of data across messaging products and includes significant penalties for non-compliance.
Changes to company’s products or business practices as a result of these or similar developments may adversely affect our advertising business. Similarly, there are a number of legislative proposals in the European Union, the United States, at both the federal and state level, as well as other jurisdictions that could impose new obligations or limitations in areas affecting our business. For example, the proposed Digital Markets Act in the European Union and pending proposals to modify competition laws in the United States and other jurisdictions could cause us to incur significant compliance costs and could potentially impose new restrictions and requirements on companies like ours, including in areas such as the combination of data across services, mergers and acquisitions, and product design. In addition, some countries, such as India, are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering company services.
New legislation or regulatory decisions that restrict our ability to collect and use information about minors may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions.
