By Conor Humphries
DUBLIN (Reuters) – A new pact to facilitate the safe transfer of EU citizens’ personal data to the United States might not come into force in time to avoid a suspension of Facebook’s transatlantic data flows, the U.S. firm’s lead European regulator said on Tuesday.
Facebook owner Meta, which has warned a stoppage could force it to suspend Facebook services in Europe, declined to comment on the possible timing of the regulator’s decision or the new pact’s entry into force.
European Union regulators led by Ireland’s Data Protection Commissioner (DPC) Helen Dixon are finalising a ban on the legal tool used by Facebook to transfer European user data because of concerns U.S. intelligence agencies could access them.
In an interview, Dixon said the ban could be in place by mid-May while a new EU-U.S data protection framework that would provide an alternative basis for the transfers might take longer.
“There is certainly a chance of that. More than a chance, I would say,” said Dixon, who is lead European regulator for U.S. technology firms, including Apple, Google and Twitter, as their regional headquarters are in Ireland.
“They could be very close in timeline or the DPC’s suspension order could come into effect in advance,” Dixon told Reuters. “Things are coming down to the wire.”
The suspension could create a precedent for other firms. It must be signed off by other European regulators by April 13, and after that, Dixon said she would have another month to issue a ruling.
A spokesperson for Meta said the company “welcomes the progress policymakers have made towards ensuring the continued transfer of data across borders and awaits the regulator’s final decision on this matter.”
Officials have said the new EU-U.S. framework, which aims to offer EU citizens the same level of data protection as under European law, may be ready by summer. “They are still talking about July,” Dixon said.
It is expected to face legal challenge from critics who believe it is too weak. Two previous U.S.-EU pacts, Safe Harbour and Privacy Shield, were struck down by the European Union’s top court.
Dixon said she and her fellow regulators were positive about the new deal and that the European Commission was confident it would survive court challenge.
Critics, such as privacy campaigner Max Schrems have accused Dixon and her office of being under-resourced and too soft, a charge she rejected.
“We are really hitting our stride, working at pace,” said Dixon, whose office issued over 1 billion euros in fines last year – around two-thirds of the fines issues in the EU and Britain combined last year.
It is working on 22 large-scale international cases including against Google, Meta and Tik Tok, after concluding 17 cases last year, she said.
It plans to increase its staffing to around 250 this year from 200 last year and 27 when Dixon joined in 2014.
(Writing by Conor Humphries; Editing by Tomasz Janowski)