SAN FRANCISCO (Reuters) – If tomorrow's new European law restricts what companies can do with people's online data, nearly 1.9 billion Facebook Inc users would be protected worldwide. The online social network is making changes to make sure the number gets much smaller.
Next month, Facebook plans to do so only for European users, ie 1.5 billion members in Africa, Asia, Australia and Latin America are not covered by the General Data Protection Regulation of the European Union (DSGVO), which enters into force on 25. May.
The unreported move that Facebook Reuters confirmed on Tuesday shows that the world's largest online social network wants to reduce its influence on the GDPR, allowing European regulators to collect or use companies without personal information the user
This removes a large potential liability for Facebook, as the new EU law allows fines of up to four percent of global annual revenue for violations, which could mean billions of dollars in the case of Facebook.
The change comes as Facebook deals with regulators and legislators around the world since unveiling last month that the personal information of millions of users mistakenly ended up in the hands of Cambridge Analytica's policy advice, broader concerns about how it handles user data ,
The change affects more than 70 percent of over 2 billion Facebook members. In December, Facebook had 239 million users in the US and Canada, 370 million in Europe, and 1
Facebook, like many other US technology companies, founded an Irish subsidiary in 2008, capitalizing on the country's low corporate tax rates, while providing revenue to some advertisers outside of North America. The device is subject to the provisions of the 28-country European Union.
Facebook said the latest change has no tax implications.
"We apply the same privacy everywhere, whether you agree with Facebook Inc. or Facebook Ireland," the company said.
Earlier this month, Facebook boss Mark Zuckerberg told Reuters in an interview that his company would apply EU law globally "in spirit" but was not set as the default for the social network around the world.
In practice, the change means that the 1.5 billion affected users can not file a complaint with the Irish Data Protection Supervisor or the Irish courts. Instead, they are governed by less stringent US privacy laws, said Michael Veale, a technology policy professor at University College London.
Facebook will have more leeway as it handles data about these users, Veale said. Certain types of data, such as browsing history, are considered personal data under EU law but are not as protected in the United States, he said.
The company stated that its rationale for the change concerns the data protection advice commissioned by the European Union "because EU law requires a specific language". For example, the new EU law requires a specific legal terminology on the legal basis for processing data that does not exist in US law.
Ireland was unaware of the change. An Irish official speaking on the condition of anonymity said he knew nothing about Facebook's plans to transfer responsibility to the United States or reduce Facebook's presence in Ireland, where the social network plans to recruit more than 100 new employees.
David Ingram reporting in San Francisco; Additional reporting by Joseph Menn of San Francisco, Padraic Halpin and Conor Humphries of Dublin and Douglas Busvine of Frankfurt; Adaptation by Greg Mitchell and Bill Rigby