Facebook refuses to promise GDPR-style privacy protection for US users

Firm working on version of EU data protection law but Mark Zuckerberg stops short of confirming all changes will apply to US users

Facebook is rolling out stronger privacy protections to users ahead of the introduction of Europe’s General Data Protection Regulation (GDPR), but Mark Zuckerberg will not promise all future changes will apply to the company’s American users.

Although the initial tranche of changes, announced last week, will be available worldwide, Zuckerberg refused to commit to GDPR becoming the standard for the social network across the world.

The General Data Protection Regulation (GDPR), which came into force on 25 May 2018, replaced the patchwork of national data protection laws across the EU with a unified system that greatly increased the fines regulators could issue, strengthened the requirements for consent to data processing, and created a new pan-European data regulator called the European Data Protection Board.

The regulation governs the processing and storage of EU citizens' data whether or not the company has operations in the EU. To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m, or 4% of annual global turnover. In the UK, the previous maximum fine was £500,000; the post-GDPR record currently stands at more than £180m, for a data breach reported by British Airways in 2018. 

Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable. Fines can also be levied against companies that act on data without explicit and informed user consent, or who fail to ensure that consent can be withdrawn at any time.

GDPR also refined and enshrined in law the concept of the "right to be forgotten", renaming it as the "right to erasure", and gave EU citizens the right to data portability, allowing them to take data from one organisation and give it to another.

He told Reuters that Facebook was working on a version of the data protection law that would work globally, bringing some European privacy guarantees worldwide, but the 33-year-old billionaire demurred when asked what parts of the law he would not extend worldwide.

“We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” Zuckerberg said. He did not elaborate.

His comments suggest that in some ways, American users will continue to find themselves with weaker privacy protections than their European counterparts.

Privacy advocacy groups have been urging Facebook and its Silicon Valley competitors such as Alphabet Inc’s Google to apply EU data laws worldwide, largely without success.

“We want Facebook and Google and all the other companies to immediately adopt in the United States and worldwide any new protections that they implement in Europe,” said Jeff Chester, executive director of the Center for Digital Democracy, in Washington.

Zuckerberg has agreed to testify in front of Congress, the first of several such hearings he is expected to appear before, on Wednesday 11 April. Representatives Greg Walden and Frank Pallone, the ranking members of the House Energy and Commerce committee, said the hearing will focus on the Facebook’s “use and protection of user data”.

Even while Facebook introduces its long-planned tweaks to comply with GDPR, the social network is also rushing to introduce a second set of privacy tools following the Cambridge Analytica files, which revealed the company’s historical lack of clarity over how and why user data was shared with third parties.

The latest post-scandal change offers users the ability to remove applications from the Facebook platform in bulk quantities. Integrations with external developers were responsible for the initial removal of data from Facebook’s platform that eventually found its way into the hands of Cambridge Analytica, an election consultancy. But it has always been hard for users to manage the settings related to how much data gets shared with external providers, particularly if those users have been on the site for many years.

Now, alongside a tool that was previously promised, which deactivates an app if the user hasn’t accessed it in three months, Facebook allows users to remove apps in large numbers, making it easier to clean up their privacy settings.

The new settings can be accessed by visiting the main settings, then clicking on “apps”, and checking multiple apps that should be removed.


Alex Hern

The GuardianTramp

Related Content

Article image
Facebook apologises for storing draft videos users thought they had deleted
Facebook says ‘bug’ resulted in videos being kept, while CEO Mark Zuckerberg hits back at Apple chief Tim Cook’s ‘extremely glib’ attack

Alex Hern

03, Apr, 2018 @3:03 PM

Article image
Apple launches iOS 11.3 with raft of privacy features
Sensing opportunity – and GDPR – the Silicon Valley company launches major data protection push across devices

Alex Hern

29, Mar, 2018 @5:00 PM

Article image
Facebook among 30 organisations in UK political data inquiry
Information commissioner is investigating use of personal information in political campaigns

Alex Hern

05, Apr, 2018 @4:28 PM

Article image
WhatsApp, Facebook and Google face tough new privacy rules under EC proposal
European ePrivacy directive revision looks to protect communication confidentiality, block nonconsensual tracking and lessen cookie warnings

Samuel Gibbs and agencies

10, Jan, 2017 @3:54 PM

Article image
Facebook to start asking permission for facial recognition in GDPR push
Users will be asked to review information about targeted advertising but some say opting out is deliberately difficult

Alex Hern

18, Apr, 2018 @11:12 AM

Article image
Facebook and Google targeted as first GDPR complaints filed
Users have been forced into agreeing new terms of service, says EU consumer rights body

Alex Hern

25, May, 2018 @12:57 PM

Article image
WhatsApp raises minimum age to 16 for Europeans ahead of GDPR
Facebook-owned messaging service will demand users confirm they are old enough to use app after raising age limit from 13

Samuel Gibbs

25, Apr, 2018 @9:02 AM

Article image
MPs threaten Mark Zuckerberg with summons over Facebook data
Parliament may formally call CEO to face Cambridge Analytica questions next time he is in UK

Jim Waterson Media editor

01, May, 2018 @6:42 PM

Article image
European parliament approves tougher data privacy rules
‘Groundbreaking’ changes strengthen EU privacy protections, enshrine right to be forgotten and give regulators wide-reaching powers

Samuel Gibbs

14, Apr, 2016 @12:22 PM

Article image
Privacy policies of tech giants 'still not GDPR-compliant'
Consumer group says policies of Facebook, Amazon and Google are vague and unclear

Alex Hern

04, Jul, 2018 @11:01 PM