|
Exclusive: Facebook to put 1.5 billion
users out of reach of new EU privacy law
Send a link to a friend
 [April 19, 2018]
By David Ingram
SAN FRANCISCO (Reuters) - If a new European
law restricting what companies can do with people's online data went
into effect tomorrow, almost 1.9 billion Facebook Inc users around the
world would be protected by it. The online social network is making
changes that ensure the number will be much smaller.
Facebook members outside the United States and Canada, whether they know
it or not, are currently governed by terms of service agreed with the
company's international headquarters in Ireland.
Next month, Facebook is planning to make that the case for only European
users, meaning 1.5 billion members in Africa, Asia, Australia and Latin
America will not fall under the European Union's General Data Protection
Regulation (GDPR), which takes effect on May 25.
The previously unreported move, which Facebook confirmed to Reuters on
Tuesday, shows the world's largest online social network is keen to
reduce its exposure to GDPR, which allows European regulators to fine
companies for collecting or using personal data without users' consent.
That removes a huge potential liability for Facebook, as the new EU law
allows for fines of up to 4 percent of global annual revenue for
infractions, which in Facebook's case could mean billions of dollars.
The change comes as Facebook is under scrutiny from regulators and
lawmakers around the world since disclosing last month that the personal
information of millions of users wrongly ended up in the hands of
political consultancy Cambridge Analytica, setting off wider concerns
about how it handles user data.
The change affects more than 70 percent of Facebook's 2 billion-plus
members. As of December, Facebook had 239 million users in the United
States and Canada, 370 million in Europe and 1.52 billion users
elsewhere.
Facebook, like many other U.S. technology companies, established an
Irish subsidiary in 2008 and took advantage of the country's low
corporate tax rates, routing through it revenue from some advertisers
outside North America. The unit is subject to regulations applied by the
28-nation European Union.
Facebook said the latest change does not have tax implications.
'IN SPIRIT'
In a statement given to Reuters, Facebook played down the importance of
the terms of service change, saying it plans to make the privacy
controls and settings that Europe will get under GDPR available to the
rest of the world.
"We apply the same privacy protections everywhere, regardless of whether
your agreement is with Facebook Inc or Facebook Ireland," the company
said.
Earlier this month, Facebook Chief Executive Mark Zuckerberg told
Reuters in an interview that his company would apply the EU law globally
"in spirit," but stopped short of committing to it as the standard for
the social network across the world.
[to top of second column]
|
Silhouettes of mobile users are seen next to a screen projection of
Facebook logo in this picture illustration taken March 28, 2018.
REUTERS/Dado Ruvic/Illustration/File photo
In practice, the change means the 1.5 billion affected users will
not be able to file complaints with Ireland's Data Protection
Commissioner or in Irish courts. Instead they will be governed by
more lenient U.S. privacy laws, said Michael Veale, a technology
policy researcher at University College London.
Facebook will have more leeway in how it handles data about those
users, Veale said. Certain types of data such as browsing history,
for instance, are considered personal data under EU law but are not
as protected in the United States, he said.
The company said its rationale for the change was related to the
European Union's mandated privacy notices, "because EU law requires
specific language." For example, the company said, the new EU law
requires specific legal terminology about the legal basis for
processing data which does not exist in U.S. law.
NO WARNING
Ireland was unaware of the change. One Irish official, speaking on
condition of anonymity, said he did not know of any plans by
Facebook to transfer responsibilities wholesale to the United States
or to decrease Facebook's presence in Ireland, where the social
network is seeking to recruit more than 100 new staff.
Facebook released a revised terms of service in draft form two weeks
ago, and they are scheduled to take effect next month.
Other multinational companies are also planning changes. LinkedIn, a
unit of Microsoft Corp, tells users in its existing terms of service
that if they are outside the United States, they have a contract
with LinkedIn Ireland. New terms that take effect May 8 move
non-Europeans to contracts with U.S.-based LinkedIn Corp.
LinkedIn said in a statement on Wednesday that all users are
entitled to the same privacy protections. "We've simply streamlined
the contract location to ensure all members understand the LinkedIn
entity responsible for their personal data," the company said.
(Reporting by David Ingram in San Francisco; Additional reporting by
Joseph Menn in San Francisco, Padraic Halpin and Conor Humphries in
Dublin and Douglas Busvine in Frankfurt; Editing by Greg Mitchell
and Bill Rigby)
[© 2018 Thomson Reuters. All rights
reserved.]
Copyright 2018 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
