Facebook CEO Says Not Planning To Extend European Privacy Law Globally

Facebook CEO Mark Zuckerberg said on Tuesday that the social network had no immediate plans to apply a strict new European Union law on data privacy in its entirety to the rest of the world. The news comes as Facebook reels from a scandal over its handling of personal information of millions of its users. Reuters reports: Zuckerberg told Reuters in a phone interview that Facebook already complies with many parts of the law ahead of its implementation in May. He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions, which he declined to describe. His comments signals that U.S. Facebook users, many of them still angry over the company's handling of personal information, may soon find themselves in a worse position than Europeans. The European law, called the General Data Protection Regulation (GDPR), is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted. Asked what parts of the EU law he would not extend worldwide, Zuckerberg said: "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing." He did not elaborate.

False dichotomy

[rsilvergun]

if the law's broke the solution isn't to say to devil with regulations and let everyone have as much info on you as they can claw out before you die. The solution is to fix the law. It's not that hard to carve out an exception for sending emails back and forth. You're giving up way, way too easy in that regard.

Also I take the same kind of training every year too. Yours is way off base. Yes, people can email you. Now, what you _can't_ do is use those emails for a purpose other than the one you told people you gathered them for. And even in the States you'll get hit with CAN-SPAM if you try that sort of nonsense.

Re:Of course

All such companies are built on a model where they make money by inserting themselves in a system and positioning as the broker bringing value to two entities: the end user (facebook social media as we know it), and their customers (advertisement agencies). There is no "decent chap" altruism here IMHO except may be the usual billionaire wants to get remembered for the good he did. Nothing wrong, but nothing new. If Facebook can avoid the Privacy Laws it will. Because it hurts its bottom-line. Not for any other reason. And so does any other company. Atruistic messages such as "Do no evil" are marketing slogans wanting to reflect a moral facade that gets tossed when interest is in play.

Good luck with that Zuck...

GDPR effectively applies to the whole world, unless a company decides they do not want to operate in the EU. For Facebook, not operating in the EU would probably mean blocking all EU IP addresses (and probably email addresses by domain as well) and warning all new users that they are not allowed to use FB from the EU. Thatâ(TM)s not going to happen, so FB will need to comply.

If a US citizen is traveling in the EU for 10 days or more, GDPR applies. There are a number of other cases like this where it becomes impractical to try to treat EU and non-EU users differently.

There are many different ways a company can end up in violation of GDPR. Penalties are 4% of annual global turnover or â20 Million which ever is greater. For FB, Iâ(TM)m pretty sure it would be the 4%. Ouch!

The fact that Zuck is making statements like this now means that he is either stupid and didnâ(TM)t talk to his legal team first or more likely FB has been ignoring this issue and will be caught with their pants down shortly.

There is no excuse for FB being so clueless about GDPR this late in the game. The rest of the industry has been frantically prepairing for many months.

Re:Multinationals Only Ones With Your Data

[Xest]

"After taking my corporate training on the European privacy law"

Oh dear, it sounds awfully like your employer bought the services of one of those parasite companies that has been fear mongering over GDPR in their training sessions so that they can sell you their other services to help you be GDPR compliant.

I had the misfortune of trying to find out what our obligations were in a few areas under GDPR, I read various articles online all contradicting each other, then I went and just read the legislation. Turns out my obligations are minimal compared to what the shit peddlers are trying to flog with their fear mongering.

If you're not collecting any PII you don't need a dedicated privacy officer. If people send you personal info all you have to do is make sure you delete it after an appropriate amount of time (which most major mail clients support), store it securely, such as in an encrypted mail store (which most major mail clients support), provide people the data you have on them whilst being able to charge them for the privilege and can be as simple as forwarding their e-mails with PII in right back at them whilst making a profit on the effort, and being able to tell people their data has been stolen if you are hacked, which is just a case of loading up your mailbox backup after the fact and bulk mailing everyone in your PII folder to let them know.

This is hardly a burden, this isn't far removed from how the vast majority of people manage their e-mail day to day anyway.

If you're only making $100 a year in Europe it doesn't sound like you actually have a European presence anyway, so if it's that much of a burden it's hardly a loss anyway, so I don't really see the problem. The cost of complying with GDPR for small businesses is clearly negligible though either way beyond the negligible time cost of setting up a few filters and automatic backup in Outlook or whatever - again, something any sane business owner is likely to be doing anyway.