In 2008 Facebook set up its international headquarters in Ireland to benefit from the low corporate tax. This meant that all users outside of the US and Canada were protected by European regulations.
Facebooks involvement in the recent Cambridge Analytica scandal and its scrutiny from governments, legal entities and regulators, across the globe, has put Facebook in the spotlight with regards to how Facebook handles their member’s privacy and personal data, leaving many extremely concerned and anxious.
In his answers to Congress over Facebook’s involvement in the scandal, Mark Zuckerberg said that GDPR was “going to be a very positive step for the internet”.
However, with effect from next month, Facebook will change its terms of service so that users outside of the EU, previously governed by Facebook Ireland, will no longer be governed by EU regulations.
From May (days before the GDPR is enforced) the new terms of service will take effect so that those users are governed by Facebook Inc. in the US instead of Facebook Ireland. Facebook will have more leeway in how it handles data about those users.
By doing this more than 70% of Facebook’s members will be excluded from the GDPR privacy laws and will not be afforded the same level of data privacy as those within the EU but will rather be governed by more lenient U.S. privacy laws.
In Congress, when asked whether the regulations should be applied in the US, Mark Zuckerberg replied: “I think everyone in the world deserves good privacy protection.”
This change will affect 1.5 billion members living in Africa, Asia, Australia and Latin America.
The move is seen as a way of Facebook avoiding the need to apply the GDPR to countries outside of the EU and to reduce its exposure to the GDPR. Thus, to remove enormous potential liability for Facebook as a breach could mean a fine of billions of dollars.
Users in the US and Canada have never been subject to European regulation and those user’s terms remain unchanged.
Facebook played down the significance of the terms of service amendment, saying it plans to make the privacy controls and settings that Europe will get under GDPR available to the rest of the world.
With the recent happenings regarding Facebook and data privacy, this move is likely to not sit well with many of its users.