Facebook has no plans to extend the user privacy protections put in place by the far-reaching General Data Protection Regulation, or GDPR, law to users of its social network around the globe, according to Reuters. CEO Mark Zuckerberg told the news agency in an interview that Facebook would like to make such privacy guarantees “in spirit,” but would make exceptions. Zuckerberg declined to explain those exceptions, according to Reuters.
“We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” Zuckerberg said of which GDPR protections Facebook would not apply worldwide. He added that many of the protections provided by the GDPR are already part of his company’s privacy settings, including the option to delete all user data through account termination. The chief executive is currently managing the fallout from the Cambridge Analytica data privacy scandal, which saw as many as 50 million Facebook users’ profiles accessed by the Trump-connected data mining firm in violation of the company’s terms of service.
The effects of the scandal have been astounding, with Facebook making substantive changes to its ad practices and the permissions it grants third-party app developers operating on its platform. Still, it does not seem as if Facebook is ready or willing to take measures as severe as the GDPR mandates and apply them to dozens upon dozens of other countries it operates in, including the US.
The GDPR was passed in the EU back in 2016, but companies have until this May to comply with the order. In effect, the GDPR requires robust and unprecedented user consent from companies that wish to collect data over the internet with a product or service. Not only that, but users must be given a way to revoke that consent, as well as a way to request access to any collected data as a way to verify consent given.
Violations of this rule will result in massive fines of up $20 million or 4 percent of a company’s global turnover, whichever results in the larger sum. Although the GDPR only applies to citizens of the EU, it is having a drastic effect on how US companies do business overseas, specifically how those companies handle EU citizens’ data even when it is not stored in EU-based servers.