Forget Congress. Facebook’s real problem is in Europe.

Over the past two days, U.S. observers of Facebook have been focusing on Mark Zuckerberg’s testimony to Congress, and the question of whether U.S. politicians might introduce new regulations of Facebook’s privacy and data sharing practices. They have been missing the real story.

Facebook faces a far more immediate threat from European regulators. Next month, the European Union’s General Data Protection Regulation (GDPR) comes into force, potentially forcing Facebook to introduce major changes to its privacy practices, or face massive fines.

As the Open Markets Institute’s Matt Stoller noticed, Zuckerberg had talking points on the GDPR with him when he testified. However, on Thursday morning, the stakes got much, much bigger, thanks to a new ruling by Ireland’s High Court.

Facebook has already been at the center of big fights

What happened is the sequel to an earlier legal battle. After former National Security Agency contractor Edward Snowden revealed the vast extent of U.S. government surveillance, Max Schrems, a young Austrian lawyer and privacy activist, realized that he had an opportunity to take a case against Facebook. Facebook’s business model requires it to share data internationally — so that if an American has European friends (or vice versa) they are all on the same network. However, Europe has much stricter privacy laws than the United States, which means that Europe places restrictions on companies’ ability to export people’s personal information outside Europe, to countries with laxer privacy rules.

Read the full piece at The Washington Post