More than 1.5 billion Facebook users will be beyond the long arm of the General Data Protection Regulations (GDPR), allowing Facebook to evade the soon-to-be-enforced data protection rules.
Though the current terms of service for Facebook’s more than 2 billion users are governed under Irish law, Reuters reports that more than 70% of those users will soon be on a site that is instead under the authority of the data collection and privacy regulations in the US. The shift lets Facebook go on unaffected by the EU’s new data protection laws. As of next month, the service agreements for users outside the US, Canada and the EU will shift to a site regulated by the social network’s main offices in California rather than its international headquarters in Ireland.
That doesn’t completely absolve the social network giant from adhering to the GDPR regulations, though. Given that nearly 30% of its users are within the European Union, Facebook may still be subject to fines of up to 4% of its global annual revenue for failing to properly collect and obtain permission to use the personal data of its EU users.
However, changes to their terms and conditions will mean that more than 1.5 billion Facebook users across the globe, from the US to Asia and Africa, won’t fall under the protections of GDPR, which eliminates the burden of financial responsibility should Facebook improperly handle the data of the vast majority of its users.
The looming deadline of GDPR has many companies scrambling to prevent paying the hefty fines of failing to comply, and Facebook is not alone in its efforts to evade the financial consequences of any infractions. But Facebook’s recent Cambridge Analytica scandal and Mark Zuckerberg’s congress hearing have brought unwanted attention to the company’s privacy controls.
Zuckerberg was smart when he testified before Congress saying that all Facebook users deserve good privacy controls. Taking great care in his word choice, he avoided promising GDPR protections and instead talked about privacy controls.
Moving users from Facebook Ireland allows Facebook some leniency in applying universal privacy protections. While Facebook publicly claims to adhere to the "spirit" of GDPR, this behind-the-scenes move does call into question the legitimacy of Zuckerberg’s guarantee that Facebook would work to enhance – rather than reduce – its privacy protections.