It didn't take long for Facebook to secretly exploit a loophole in huge new privacy laws - which it claims is actually in users' best interests
- Facebook quietly moved 1.5 billion of its users out of reach of important new EU privacy regulations.
- It says the tweak is better for users outside the US, Canada, and the EU, and gives them more power to deal with data breaches.
- Users will hope Facebook is genuinely prioritising their interests - and not just minimising its risk to huge financial penalties from the EU.
Facebook has quietly moved 1.5 billion of its users out of reach of sweeping new privacy regulations before they have even come into force - and claims that the move is actually in their best interests.
Reuters spotted Facebook's tweak to its terms and conditions, which will mean that users outside the US, Canada, and the EU will not be protected by Europe's new General Data Protection Regulation (GDPR) laws, due to come into force on May 25.The timing of the story is unhelpful for Facebook. With data protection in the spotlight following Cambridge Analytica harvesting information from 87 million US Facebook users, the company has admitted it must learn from its mistakes. GDPR, by sheer coincidence, offers an opportunity for the firm to put its house in order.
Facebook has already started to implement GDPR changes - and it is doing so for users across the world. But by moving 1.5 billion users in Africa, Asia, Australia, and Latin America out from under the regulation, it suggests that for these people Facebook intends to follow the spirit of the law, but not the letter.
Indeed, CEO Mark Zuckerberg admitted as much in his hearings in front of US Congress last week. "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing," he said.
The change to terms and conditions Facebook is making - which moves responsibility for users not in the US, Canada, or the EU users from its Ireland to California -niftily means that the company won't have to pay fines of up to 4% of its global turnover for data breaches in countries that aren't sheltered by the rules.
But Facebook says this in the best interests of these users.
The company believes that some of the EU rules are not totally relevant all territories and it wants to give users in Africa, Asia, Australia, and Latin America the power to deal with issues through their own jurisdictions.For example, an Australian user may wish to report a data breach to their local regulator, rather than go through EU authorities.
Facebook also thinks that the change will help it become more responsive to new online regulation outside of the US, Canada, and the EU.
Responding to the Reuters story, Facebook's Deputy Chief Global Privacy Officer Stephen Deadman said: "The GDPR and EU consumer law set out specific rules for terms and data policies which we have incorporated for EU users.
"We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that."
With trust in Facebook plummeting, users will hope that the social network is genuinely prioritising their interests - and not just minimising its risk to huge financial penalties from lawmakers in Brussels.