Facebook has further modified the work to reflect the strengthened data protection framework of the European Union – which sees its legal obligations under the GDPR shrink to scale.
Yesterday, Reuters reported a change to the Facebook terms that will be announced next month – meaning that all non-EU countries will process their data from Facebook Ireland to Facebook USA.
With this shift, Facebook ensures that privacy protection by the upcoming EU Data Protection Regulation (DSGVO) – which applies from 25 May – does not cover the international Facebook users who do not have EU Citizens are (but their data are currently being processed in the EU) EU, from Facebook Ireland)
There is no comparable data protection framework for the GDPR. While the EU legal framework significantly increases penalties for data breaches, this is a fairly logical step for Facebook lawyers as they think about how to reduce their DSGVO debt.
Facebook confirms the upcoming update of the terms and conditions of non-EU international users, even though the company has downplayed the importance ̵
Critics have formulated the T & Cs as a regressive reasoning a reduction in the level of data protection that would otherwise apply to international users thanks to the GDPR. Whether these EU data protection rights would have been really enforceable for non-Europeans is questionable .
A At the time of writing, Facebook had not responded to a request for comment on the change. Update: The following statement has now been sent to us – Stephen Deadman, Deputy Head of the Global Data Protection Officer: "The GDPR and EU Consumer Law contain specific rules on terms and data that we have introduced for EU users We knew that we would offer the same privacy policies, controls and attitudes to all who use Facebook wherever they live, and these updates will not change that. "
The company's general argument is that the EU Right pursues a prescriptive approach that may make certain elements irrelevant to international users outside the block. It also claims that it works to better respond to regional norms and local conditions. (Presumably this is music for the New Zealand Privacy Officer …)
According to Reuters, the T & C shift will affect more than 70 percent of 2BN + Facebook users. In December, Facebook had 239 million users in the US and Canada; 370 million in Europe; and 1.52BN users elsewhere.
The news agency also reports that Microsoft LinkedIn is one of several other multinational companies planning to move the same data processing to international users – with the new terms of LinkedIn being in effect on May 8 and non-Europeans in contracts with the US LinkedIn Corp. Relocate
In a statement to Reuters about the change, LinkedIn also downplayed it and said, "We simply streamlined the contract site to make sure all members understand the LinkedIn facility responsible for their personal information."
An interesting question is whether this type of data relocation could encourage regulators in international regions outside the EU to demand a similarly extraterritorial scope for their local privacy laws to place their citizens 'data between the jurisdictions' jurisdictions through processing that reduces corporate legal liabilities should.
Another interesting question is how Facebook (or any other) other multinationals that make the same shift) can be completely confident that they are not violating the fundamental rights of EU users – that is, when they mistakenly misinterpret a person as an international non-EU user and their data process via Facebook USA.
Keeping data processing processes that are properly segmented can be difficult. How can a user's legal responsibility be definitively identified based on his location (if available)? While Facebook's contract amendment for international users is largely aimed at reducing its regulatory obligations under the GDPR, it is possible that the amendment will open up a new front for strategic processes to citizens over the coming months.