Facebook wants to exclude 1.5 billion users from new European laws protecting data privacy.
This is despite Mark Zuckerberg’s promise earlier this month that all users will benefit from the changes.
‘Overall I think regulations like this are very positive. We intend to make all the same controls available everywhere, not just in Europe,’ he said.
The European regulations, coming into force on May 25, aim to crack down on how companies like Facebook use and sell the data they collect on users.
The require companies to seek explicit opt-in consent before collecting data, and promptly disclose breaches to users.
Currently, the law would require Facebook to apply these changes to 1.9 billion users.
But a draft change in Facebook’s terms of service – which comes as the firm faces increasing scrutiny from lawmakers – would make that number much smaller.
Facebook is hoping to exclude 1.5 billion of its worldwide users from new European laws protecting data privacy, it has emerged. A change in the site’s terms of service (pictured) seeks to ensure that the number of people protected will be much smaller than anticipated
The changes to the terms of service were uncovered by a Reuters investigation.
Facebook users outside the US and Canada are currently subject to any regulations with the company’s international headquarters in Dublin.
But the company is planning to try and exempt all of those users outside the EU including members in Africa, Asia, Australia and Latin America, Reuters said.
In practice, the change means the 1.5 billion affected users will not be able to file complaints with Ireland’s Data Protection Commissioner or in Irish courts.
Instead they will be governed by more lenient US privacy laws, said Michael Veale, a technology policy researcher at University College London.
Facebook will have more leeway in how it handles data about those users, Dr Veale said.
Certain types of data such as browsing history, for instance, are considered personal data under EU law but are not as protected in the United States, he said.
The company said its rationale for the change was related to the European Union’s mandated privacy notices, ‘because EU law requires specific language.’
For example, the company said, the new EU law requires specific terminology about the legal basis for processing data which does not exist in US law.
In a statement given to Reuters, Facebook says it plans to make similar privacy controls and settings that Europe will get under GDPR available to the rest of the world.
However, it has yet to reveal how it will do this.
The Menlo Park, California, firm released a revised terms of service in draft form two weeks ago, which is scheduled to take effect next month.
Exempting users outside of the EU that would normally have protection removes a huge potential liability for Facebook, as the new EU GDPR law allows for fines of up to four per cent of global annual revenue for infractions, which in Facebook’s case could cost billions.
Founder Mark Zuckerberg previously told congressional panels Facebook intends to offer the same privacy protections embodied in the EU’s General Data Protection Regulation (GDPR) for its worldwide users, but the new changes suggest this might not be the case
The current changes to the terms of service appear to be a U-turn for the company.
Earlier this month, following the shocking revelation that the firm shared the data of up to 87 million users with the political consultancy firm Cambridge Analytica, Mark Zuckerberg said European-style privacy protection will be given to all users.
‘We’re going to make all the same controls and settings available everywhere, not just in Europe, he said.
European Union regulations coming into force next month will crack down on how companies like Facebook use and sell the data they collect on users. A suite of new tools is designed to inform users how the firm uses their data, including to provide targeted adverts (pictured)
Other multinational companies are also planning changes.
Almost 1.9 billion non-EU international users, outside of the US and Canada, would be protected by GDPR under current rules. This image shows privacy (left) and ad preference (right)menus added to Facebook
Facebook is planning to make that the case that only European fall under GDPR, which takes effect on May 25, excluding users in Africa, Asia, Australia and Latin America. This image shows data setting review (left) and teen protection (right) menus added to Facebook
LinkedIn, a unit of Microsoft, tells users in its existing terms of service that if they are outside the United States, they have a contract with LinkedIn Ireland.
New terms that take effect May 8 move non-Europeans to contracts with U.S.-based LinkedIn.
LinkedIn said in a statement on Wednesday that all users are entitled to the same privacy protections.
‘We’ve simply streamlined the contract location to ensure all members understand the LinkedIn entity responsible for their personal data,’ the company said.
The revelations comes as news emerged about a controversial Facebook AI tool that could soon be making a return to Europe and Canada.
Facial recognition, launched in 2010, suggests names for people it identifies in photos uploaded by users.
A controversial AI tool could be soon be making a return to Europe and Canada, after it fell foul of privacy laws. Facial recognition, launched in 2010, suggests names for people it identifies in photos uploaded by users. This pop up will help users control its settings
It was suspended for users in Europe in 2012 over privacy concerns, but still lives on in the US and other regions worldwide.
Now the firm says it will make a comeback, using the new European data protection regulations as a chance to collect more information if users opt in.
Facebook will begin to ask users if they want to opt in or out of the facial recognition feature under GDPR this week.
Under the new policy, Facebook users will also be asked to review and make choices about ads they receive, including whether they want Facebook to use data from third parties.
They will also be asked to review and choose what to share about the political, religious, and relationship information on their profiles.
WHAT IS THE EU’S GENERAL DATA PROTECTION REGULATION?
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25, 2018.
It aims to strengthen and unify data protection for all individuals within the European Union (EU).
This means cracking down on how companies like Google and Facebook use and sell the data they collect on their users.
The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.
Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
The European Union’s General Data Protection Regulation (GDPR) is a new data protection law that will enter into force on May 25. It aims to crack down on how companies like Google and Facebook use and sell the data they collect on their users
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Further, the controller must provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
Under the right to be forgotten, also known as Data Erasure, are entitled to have the data controller erase their personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
The conditions for erasure include the data no longer being relevant to original purposes for processing, or a data subject withdrawing their consent.
This right requires controllers to compare the subjects’ rights to ‘the public interest in the availability of the data’ when considering such requests.
These are designed to ensure the firm complies with the forthcoming EU rules, with European residents seeing the measures first.
‘Everyone – no matter where they live – will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook,’ chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer said in a written statement.
The statement also said users will be told that facial recognition is optional, but that it could offer some benefit, such as being notified when someone is using an unauthorised picture.
‘We not only want to comply with the law, but also go beyond our obligations to build new and improved privacy experiences for everyone on Facebook,’ Ms Egan and Ms Beringer wrote.
GPDR aims to strengthen and unify data protection for all individuals within the European Union.
Facebook also announced that it will begin rolling out changes this week to how it handles private data (notification pictured). This is designed to ensure the firm complies with the forthcoming EU rules, with European residents the first to see the new measures
The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.
Under GDPR, companies will be required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
WHAT IS THE CAMBRIDGE ANALYTICA SCANDAL?
Communications firms Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia.
The company boasts it can ‘find your voters and move them to action’ through data-driven campaigns and a team that includes data scientists and behavioural psychologists.
‘Within the United States alone, we have played a pivotal role in winning presidential races as well as congressional and state elections,’ with data on more than 230 million American voters, Cambridge Analytica claims on its website.
The company profited from a feature that meant apps could ask for permission to access your own data as well as the data of all your Facebook friends.
The data firm suspended its chief executive, Alexander Nix (pictured), after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump
This meant the company was able to mine the information of 55 million Facebook users even though just 270,000 people gave them permission to do so.
This was designed to help them create software that can predict and influence voters’ choices at the ballot box.
The data firm suspended its chief executive, Alexander Nix, after recordings emerged of him making a series of controversial claims, including boasts that Cambridge Analytica had a pivotal role in the election of Donald Trump.
This information is said to have been used to help the Brexit campaign in the UK.
A US federal judge has ruled the Zuckerberg owned social network will face a class action law suit in the wake of its privacy scandal. Allegations of privacy violations emerged when it was revealed the app used a photo-scanning tool on users’ images without their explicit consent
Facebook’s facial recognition tool, launched in 2010, suggests names for people it identifies in photos uploaded by users. A judge has ruled this broke Illinois state law and people could be entitled to up to $5,000 (£3,500) in compensation for every image used