Facebook CEO Mark Zuckerberg appeared on Capitol Hill recently to talk about online privacy. In his testimony, Zuckerberg said Facebook planned to extend the protections of the upcoming General Data Protection Regulation (GDPR) to all users, not just those in Europe where the regulations are required. However, Reuters reports the company has also taken steps to make sure it can’t be fined if it fails to do so. All it takes is a little juggling of the terms and conditions.
The GDPR has been in the works for several years to limit the user data websites are allowed to collect in the European Union. It also requires users to consent to data collection when visiting a site (i.e. privacy is the default). The regulations were approved in April of 2016 with a two year transition period. They go into effect on May 25th, 2018. So, websites that want to operate in Europe are currently finalizing their implementations, and that includes Facebook, which holds data on many EU citizens.
No matter what changes Facebook makes, it will have to abide by the GDPR in Europe. Failure to do so will result in fines as high as 4 percent of global annual revenue. For Facebook, that could be billions of dollars. Anxious to limit its exposure to that kind of financial hit, Facebook will change the terms and conditions many users agree to.
Currently, about 1.5 billion users in Africa, Asia, Australia, and Latin America agree to the terms and conditions set forth by Facebook’s Ireland HQ when they sign up and use Facebook. Starting next month, that location falls under the GDPR. Therefore, Facebook is switching all those users over to terms issued by the US operation, which does not have to comply with the GDPR. This change affects most of Facebook’s users — just 370 million of the 2 billion plus user base lives in the EU. Another 239 million live in the US and Canada, which are covered by the US T&C regardless.
On the one hand, you can understand Facebook’s desire to limit its potential exposure here. Ignoring the possibility of GDPR fines when it could legally avoid them would likely anger Facebook’s investors. However, the company is under extreme scrutiny after the revelation that data on millions of user accounts was handed over to political consultancy Cambridge Analytica. Simply promising to adhere to the GDPR globally won’t instill confidence in users when Facebook is moving to ensure only a fraction of the user base is guaranteed protection.
Now read: 20 Best Privacy Tips
Let’s block ads! (Why?)