The European Union’s General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, gives 1.9 billion users more power over their personal data. For weeks, Facebook has been scrambling to become GDPR compliant so it won’t lose out on the $1 billion per quarter in advertising revenue. Turns out, Facebook is planning to try and exempt all users outside the US and Canada (who are currently subject to regulations that may apply to the company’s foreign headquarters in Ireland) to make an end-run around the privacy regulations and dodge potential fines.
Facebook is moving to exempt more than 70 percent of its users worldwide from its terms of services as dictated under the GDPR. This means Facebook will no longer have to seek explicit opt-in consent to collect data on users.
Essentially, if you’re a Facebook user outside Canada, Europe, and United States you won’t be able to file a complaint in Ireland’s courts. This would also allow the social media company to continue collecting data via “Like” and “Share” buttons embedded on innumerable websites.
According to Reuters, the social media platform had 239 million members in the U.S. and Canada, 370 million in Europe and 1.52 billion users in other parts of the world. The reported move will remove a huge potential liability for Facebook, as the new regulation allows European regulators to fines of up to 4 percent of global annual revenue for violations. In Facebook’s case, it could mean billions of dollars.
The GDPR rule comes as Facebook is under scrutiny from regulators and lawmakers around the world since disclosing last month that the personal information of 87 million users ended up in the hands of political consultancy Cambridge Analytica.
Facebook, like many other tech companies, established an Irish subsidiary in 2008 which resulted in a reduction of tens of millions in tax collected by the State. It is subject to regulations applied by the 28-nation European Union.
In a statement to Reuters, a Facebook spokesperson whitewashed the changes to the terms of service, saying that Facebook will “apply the same privacy protections everywhere, regardless of whether you argument is with Facebook Inc. or Facebook Ireland.”
The chilling truth of Facebook’s business is that it relies on surveillance to function. So far, the only GDPR-related change is the clamping down of a feature called Partner Categories, in which it set new limitations on the volume and type of data third-party apps are given through APIs like Facebook login.