Back to all articles

Facebook CEO Mark Zuckerberg says the company does not plan to apply GDPR globally

The news comes despite a January announcement of a global privacy centre. The beleagured CEO says the social network “wanted to extend privacy guarantees worldwide in spirit.”

The European Union (EU) legislation requires entities that handle data belonging to EU citizens to comply with a sweeping set of rules mandating increased transparency and verifiable consent. The law also gives EU citizens enhanced rights, including the right to access, move and delete their data. The deadline to comply is May 25, 2018.

From the wire service’s report of a phone interview with Zuckerberg: ”Facebook already complies with many parts of the law ahead of its implementation in May. He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions,” which he declined to describe.

In January, the company announced that it would globally roll out a “privacy center,” designed to give users more control. At the time, Chief Operating Officer Sheryl Sandberg said it “will put the core privacy settings for Facebook in one place and make it much easier for people to manage their data. Our apps have long been focused on giving people transparency and control and this gives us a very good foundation to meet all the requirements of the GDPR and to spur us on to continue investing in products and in educational tools to protect privacy.”

Rough times for the social media giant

Facebook and Zuckerberg are currently embroiled in the fallout from a scandal caused by newsthat data firm Cambridge Analytica used data on 50 million individuals that was harvested from a “personality prediction” app on Facebook for political targeting purposes during the 2016 election campaign.

In response to the Facebook/Cambridge Analytica debacle, Zuckerberg announced in late March that Facebook would audit suspicious apps or misuse of personally identifiable information (PII).

Facebook has faced EU regulator scrutiny on a number of privacy and data handling-related fronts. Organizations in breach of GDPR can be fined up to 4 percent of their annual global turnover or €20 million (whichever is greater).