Short-sighted EU Policy Making Could Crater the Digital Economy

A third deal between the EU and the United States on protecting transatlantic data flows has once again brought some time certainty to this tense issue. This new Trans-Atlantic Data Privacy Framework may however only be just another temporary fix saving Europe from enacting a Russia-style ban on Western data transfers.

The recent Russian ban of Facebook, Instagram, and other foreign social media platforms gave Western leaders a small taste of the potential commercial and social consequences that could result from an EU court invalidating, once again, the existing regulations governing data flows between the US and EU.

Just a few weeks before the current deal was reached, policymakers in Europe were laughing at the very idea of such dangers.

Lack of appreciation for the crucial role of digitization

EU policymakers scoffed at the warning from Meta that services such as Facebook and Instagram may have to cease operation in Europe if further data sharing processes are invalidated. Such a measure would crater EU businesses that have migrated to the digital economy, driving out jobs, talent, and trillions in economic activity.

Early February, German Minister for Economic Affairs Robert Habeck brushed off Meta’s warning at a press conference saying:

“After I was hacked, I have lived without Facebook and Twitter for four years, and life has been fantastic.”  

Bruno Le Maire, French Finance Minister, responded at the same press conference:

“I can confirm that life would be very good without Facebook and that we would live very well without Facebook.”  

It is striking that these Ministers either fail to understand the crucial role digitization plays for 99 percent of all businesses in the EU, or simply don’t care. Unfortunately, also Small and Medium Enterprises make up 99pct of all businesses in the EU. They account for 85 percent of new jobs in the last five years, and also they heavily rely on digital services and the free flow of EU-US data across borders. As a matter of fact, digitally connected SMEs are three times more likely to export, and they grow four times faster than their offline peers.   

Specifically, regarding Meta, a study of nearly 8,000 EU businesses, responsible for 92 percent of gross value added (GVA) in the EU, found that Facebook and Instagram were important to growing their business, entering new markets, and cutting marketing costs. These firms are responsible for €58 billion in exports within the EU and €40 billion in exports outside the EU. In total they generated €208 billion in economic activity and employ 3.1 million people.

The ministers’ dismissal of the urgency of the situation is akin to American Congresswoman Alexandria Ocasio-Cortez’s campaign to chase away Amazon from locating a headquarters in her New York district. Her victory cost her district 25,000-40,000 new jobs and nearly $30 billion in new revenue for the state.

The double standards of the European Court of Justice 

The warning from Meta was in response to the preliminary conclusion by the Irish Data Protection Commission (IDPC) that Standard Contractual Clauses were not in line with Europe’s restrictive GDPR rules for data transfers.

After the European Court of Justice struck down the so-called “Privacy Shield# system in 2020 and the “Safe Harbor framework in 2015, Standard Contractual Clauses (SCCs) became the main mechanism permitting the transfer of data across the AtlanticWithout the new deal, those data, worth approximately $7.1 trillion, would have been in jeopardy, forcing a policy of de facto data localization.     

A study by ECIPE and Kearney found that if that scenario would have unfolded, requiring all data to be “stopped, stored, and processed in the originating jurisdiction,” it would have resulted in “a 31 percent decline in digital services imports from the US into the EU. That would translate into €327 billion losses in economic revenue for the EU, roughly the size of Denmark’s GDP.”

The cases stem from a complaint by Austrian privacy activist Max Schrems, who has been claiming that his personal data were not sufficiently protected from public authorities when being transferred to the United States for processing. In response, European and American regulators collaborated to ensure both Safe Harbor and Privacy Shield were compliant with EU law, yet they both were invalidated by EU courts.

The European Court of Justice has not scrutinized data protection in other countries without GDPR and EU law adequacy status in the same way as it has with the United States. Likely they would fail the test as well. Yet, focusing on the United States is consistent with other EU digital policies such as digital service taxes, the Digital Markets Actthe Digital Service Act, competition policy, and antitrust cases.

While the new framework announced last week offers novel changes that the previous two agreements did not contain, the strict nature of EU GDPR rules means that the new framework may still be legally challenged and eventually invalidated in Europe as well.

Conclusion

In all likelihood, privacy activists will continue to challenge transatlantic data sharing arrangements, thereby ignoring that European users voluntarily trust their data with U.S. digital companies.  

The war in Ukraine makes clear why it is more important than ever that data flows between Europe and the U.S. remain secure. These flows support the strength and resilience of both economies and allow instant communication. Forcing these flows to operate under continued uncertainty undermines the alliance.

Instead of dismissing relevant concerns, European policymakers like Ministers Le Maire and Habeck should ensure that the EU is working to forge data regulations that are pragmatic, robust, and mutually beneficial. Any other outcome would be a self-inflicted wound and would undermine the Trans-Atlantic relationship.