Facebook to change terms of service for members outside Europe ahead of GDPR
The company says that despite the timing of the move, all users will have the same data privacy protections.
Facebook will change the way it administers its terms of service (TOS) for 1.5 million users in Africa, Asia, Australia and Latin America, the company confirmed today. Though users in those territories previously agreed to TOS dictated by the company’s corporate entity in the EU nation of Ireland, now they must legally agree to be bound by the US-based corporation’s terms.
The move, reported by Reuters today, comes as the EU prepares to begin enforcing the General Data Protection Regulation (GDPR) next month, and it means that only European Facebook users will immediately gain the personal data protection offered by the law. Facebook maintains, however, that the shift has nothing to do with GDPR, despite the timing, and says that all users everywhere will get the same privacy protection.
GDPR mandates how entities handle EU citizens’ data no matter where they reside. The deadline for compliance is May 25, 2018. Organizations in breach of GDPR can be fined up to 4 percent of their annual global turnover or €20 million (whichever is greater).
“The GDPR and EU consumer law set out specific rules for terms and data policies, which we have incorporated for EU users,” Stephen Deadman, Facebook’s deputy chief global privacy officer, told me over email. “We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that.”
Facebook is still struggling to save face after it was revealed in March that data firm Cambridge Analytica used members’ data to target 87 million users with ads aimed at influencing the 2016 presidential election in the US. And the social media giant has repeatedly tussled with European regulators over privacy issues.
In early April, company chief executive Mark Zuckerberg told the press that Facebook would apply GDPR globally, contradicting a Reuters report from the day before that it would only apply the rule in “spirit.”