Facebook CEO Says Not Planning To Extend European Privacy Law Globally

Facebook CEO Mark Zuckerberg said on Tuesday that the social network had no immediate plans to apply a strict new European Union law on data privacy in its entirety to the rest of the world. The news comes as Facebook reels from a scandal over its handling of personal information of millions of its users. Reuters reports: Zuckerberg told Reuters in a phone interview that Facebook already complies with many parts of the law ahead of its implementation in May. He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions, which he declined to describe. His comments signals that U.S. Facebook users, many of them still angry over the company's handling of personal information, may soon find themselves in a worse position than Europeans. The European law, called the General Data Protection Regulation (GDPR), is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted. Asked what parts of the EU law he would not extend worldwide, Zuckerberg said: "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing." He did not elaborate.

Re:Multinationals Only Ones With Your Data

EU authorities are not interested in imposing large fines for single developers or even SMEs unless you're doing something really large scale or incredibly stupid. Those big fines are intended for the Facebooks and the Equifaxes of the world given the large scope of data that they collect and the harm that may be caused as a result of their (mal)practices.

It'd be worth learning directly from the regulators themselves on what they're looking for from small businesses:
http://ec.europa.eu/justice/smedataprotect/index_en.htm