Facebook parent warns on widening of Revenue’s investigation

Meta also expects final decision on DPC inquiry to be announced in first half

Facebook parent Meta is under investigation by both Revenue and the Irish Data Protection Commission. Photograph:   Kirill Kudryavtsev/AFP
Facebook parent Meta is under investigation by both Revenue and the Irish Data Protection Commission. Photograph: Kirill Kudryavtsev/AFP

Facebook parent Meta has warned that a Revenue Commissioners inquiry into the social media giant could be widened.

It also expressed concern that incoming changes to taxation at a global level and investigations into the granting of illegal state aid by the EU, could “harm our financial position.”

The company has also forecast that a final decision regarding the Irish Data Protection Commission (DPC)'s investigation into the social media giant will likely be issued shortly.

The DPC suggested a penalty of between €28 million and €36 million for Facebook in a controversial draft decision circulated to other European regulators last year.

READ SOME MORE

Data

The news comes as the company said it has "no desire and no plans to withdraw from Europe" after warning once again that it may pull Facebook and Instagram unless it is permitted to transfer user data back to the US.

In its annual report, Meta, which has a significant presence in Ireland, noted that it is currently under investigation by Revenue Commissioners for 2016 through to 2018.

The company, which is also under examination by the US Internal Revenue Services (IRS), said: “Our 2019 and subsequent tax years remain open to examination in Ireland.”

Meta’s main Irish subsidiary paid an additional €35 million to the Revenue Commissioners to settle outstanding tax matters in 2020. The payment came as the amount of money the company set aside to cover potential fines from regulatory investigations increased to more than €1 billion.

The social media giant said in the annual report that it expects the DPC investigation into Meta to conclude in the “first half of 2022.”

The commission has been investigating claims that Facebook has “bypassed the GDPR” by changing terms and conditions for users so that it no longer needs consent to process personal data. It is alleged it has done this by relabelling agreements on data use as a “contract”.

Penalties

If the fine suggested by the DPC is levied against the company, would amount to roughly 0.048 per cent of Meta’s global revenue.

The General Data Protection Regulation (GDPR) allows for penalties of up to 4 per cent. European counterparts have criticised both the level of the suggested fine, and the DPC’s ruling.

In its annual report, Meta warned that EU investigations into the granting of state aid, along with potential changes on the taxation front at a global level, could impact the company.

"The European Commission has conducted investigations in multiple countries focusing on whether local country tax rulings or tax legislation provides preferential tax treatment that violates European Union state aid rules and concluded that certain member states, including Ireland, have provided illegal state aid in certain cases. These investigations may result in changes to the tax treatment of our foreign operations," Meta said.

“Due to the large and expanding scale of our international business activities, many of these types of changes to the taxation of our activities described above could increase our worldwide effective tax rate, increase the amount of non-income taxes imposed on our business, and harm our financial position, results of operations, and cash flows.

“ Such changes may also apply retroactively to our historical operations and result in taxes greater than the amounts estimated and recorded in our financial statements,” it added.

Meta employs over 3,000 Meta employees directly in the Republic of Ireland with an additional 6,000 people also working for the social media giant via third parties.

In its annual report, Meta also once again threatened to pull Facebook and Instagram from Europe unless it is permitted to keep transferring user data back to the US.

The Court of Justice of the European Union (ECJ) in July 2020 that declared Privacy Shield invalid as it fails to guarantee the fundamental data protection and privacy rights of EU citizens.

The so-called “Schrems II ruling” followed an earlier judgment in 2015 that invalidated its predecessor, Safe Harbour, on similar grounds.

Agreements

In its annual report, Meta said that if it couldn’t rely on new or existing agreements – such as so-called standard contractual clauses (SCC) – to transfer data, then it would likely withdraw products and services.

“We have absolutely no desire and no plans to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organisations and services, rely on data transfers between the EU and the US in order to operate global services,” a spokeswoman for the Irish operation said.

“Like other companies, we have followed European rules and rely on SCCs, and appropriate data safeguards, to operate a global service. Fundamentally, businesses need clear, global rules to protect transatlantic data flows over the long term, and like more than 70 other companies across a wide range of industries, we are closely monitoring the potential impact on our European operations as these developments progress,” she added.

Charlie Taylor

Charlie Taylor

Charlie Taylor is a former Irish Times business journalist