Facebook excludes billions of non-EU users from GDPR (but adds opt-in feature)


Facebook users will have to opt in to tracking to keep using all of the social network’s features, and will not have an option to opt out of tracking all together, ahead of the new GDPR European privacy laws.


The move comes as Facebook users outside the EU will be governed by Facebook Inc in the US rather than Facebook Ireland.

Facebook will use what are known as “permission screens” – pages filled with text that require pressing a button to advance to notify and obtain approval.

"The screens will show up on the Facebook website and smartphone app in Europe this week and globally in the coming months", Sherman said.

The screens will not give Facebook users the option to hit “decline.” Instead, they will guide users to either “accept and continue” or “manage data setting,” according to copies the company showed reporters on Tuesday.

However the site has warned that it will never be possible to turn off all ad tracking, but people will always have the option to leave entirely.

New privacy laws come into effect from the European Union this May, which apply to all companies who collect data on people within Europe.

The EU law known as the General Data Protection Regulation (GDPR), which takes effect next month, promises the biggest shakeup in online privacy since the birth of the internet. Companies face fines if they collect or use personal information without permission.

Change of operations to bypass GDPR rules

Facebook has changed its terms of service, meaning 1.5 billion members will not be protected under tough new privacy protections coming to Europe.

The move comes as the firm faces a series of questions from lawmakers and regulators around the world over its handling of personal data.

The change revolves around which users will be regulated via its European headquarters in Ireland.

Facebook said it planned clearer privacy rules worldwide.

The move, reported by Reuters, will see Facebook users outside the EU governed by Facebook Inc in the US rather than Facebook Ireland.

It is widely seen as a way of the social network avoiding having to apply the upcoming General Data Protection Regulation (GDPR) to countries outside the EU.

The change will affect more than 70% of its more than two billion members. As of December, Facebook had 239 million users in the US and Canada and 370 million in Europe.

It also had 1.5 billion members in Africa, Asia, Australia and Latin America, and they are the ones affected by the change.

Users in the US and Canada have never been subject to European rules.

"The GDPR and EU consumer law set out specific rules for terms and data policies which we have incorporated for EU users. We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live," said Stephen Deadman, deputy chief global privacy officer at Facebook.



Consumer protection has always been far stronger in the EU than the US, and GDPR raises that strength even further plus puts in place a much stronger dining mechanism for National government’s. By moving the jurisdiction for privacy to the US, Facebook escapes both the protections and the risk of fines.

This has echoes of the taxation scandals of the last few years where global brands like Google, Amazon and Starbucks were alleged to be choosing their tax locations based on lowest rates and using techniques such as transfer pricing agreements to move profits around their businesses.

Personal data breeches are now a mainstream conversation following the Cambridge Analytica harvesting of the likes, shares and interactions of 87m people. This greater awareness means people are more aware of the click data global brands have on them and how it could be used for unintended purposes - like political campaigning in the Trump election.

Facebook has clearly been frightened by the power of the EU and is pulling its legal framework back to a country with far less controls, and a far more favourable environment. Zuck rejected demands of the European Parliament to appear before them to answer questions the way he was forced to by US lawmakers.

Google, Twitter and other social networks will be contemplating the same but whether Facebook truly bypasses EU protections is unclear for several reasons:

  • The data subjects are still Europeans, even though they are being forced to switch their consent to the US.
  • Many brands advertising to them are European
  • The place of viewing of the content is largely in Europe
  • The European Commission is likely be aggressive in defending GDPR on a point of principle, in what we would expect to be a landmark legal case. With the topics of Facebook and personal data inextricably connected to election fraud and what some giving evidence to the British parliament described as the “weapons grade propaganda machine” of the Cambridge Analytica scandal, the Commission will see the regulation of data on Facebook as the protection of free and fair elections. At a time when national regulators like the Electoral Commission in Britain are seen as being analogue regulators in a digital age, European lawmakers will want to step-up and give the regulatory frameworks they had intended, rather than letting the most profitable companies choose their jurisdiction.

    << Back to today’s Digital Intelligence news

    Copyright ©2000-2019 Digital Strategy Consulting Limited | All rights reserved | This material is for your personal use only | Using this site constitutes acceptance of our user agreement and privacy policy