Facebook CEO Says Not Planning To Extend European Privacy Law Globally

Facebook CEO Mark Zuckerberg said on Tuesday that the social network had no immediate plans to apply a strict new European Union law on data privacy in its entirety to the rest of the world. The news comes as Facebook reels from a scandal over its handling of personal information of millions of its users. Reuters reports: Zuckerberg told Reuters in a phone interview that Facebook already complies with many parts of the law ahead of its implementation in May. He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions, which he declined to describe. His comments signals that U.S. Facebook users, many of them still angry over the company's handling of personal information, may soon find themselves in a worse position than Europeans. The European law, called the General Data Protection Regulation (GDPR), is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted. Asked what parts of the EU law he would not extend worldwide, Zuckerberg said: "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing." He did not elaborate.

Zuck my dick

[PopeRatzo]

Facebook must die.

Of course

[uvajed_ekil]

"Facebook CEO Says Not Planning To Extend European Privacy Law Globally"
Business as usual. Zuckerberg likes to come out and talk about how FB cares and wants the best for humanity, but in reality they consistently put the company's survival first and do the bare minimum for the rest of us. That's how huge companies become huge companies and stay in business, so this shouldn't come as a shock.

Zuckerberg seems like a decent enough chap but he's out of his depth running such a big, pervasive company, and he doesn't even realize it. Hard to fault him, but hard to trust him.

No shit Sherlock

[rsilvergun]

if you want these kinds of protections in the States you're gonna have to start voting people in who believe in government regulation. As it stands the party in charge of our 3 branches of government has opposing government regulation as a central plank of it's party platform.

That said, a lot of folks don't care for the regulations; since after all they either don't use Facebook or feel confident they can control their data themselves. e.g. let the free market sort it out.

Multinationals Only Ones With Your Data

[glennrrr]

After taking my corporate training on the European privacy law, I can say that only multinationals will have the legal departments and resources able to so much as keep a copy of their user's email addresses. I am concerned that I'm going to have to suspend email support for my side apps. I really really can't pay a 10M Euro fine for the $100 a year I make in app sales to Europe. I don't have a dedicated privacy officer; there's only me writing apps. My apps don't even collect any data, but I do give out my email address so people do write me. If that's what you want. Only large multinationals able to make software that keeps track of a user's private data; that's what you are getting in Europe.

Re:Multinationals Only Ones With Your Data

EU authorities are not interested in imposing large fines for single developers or even SMEs unless you're doing something really large scale or incredibly stupid. Those big fines are intended for the Facebooks and the Equifaxes of the world given the large scope of data that they collect and the harm that may be caused as a result of their (mal)practices.

It'd be worth learning directly from the regulators themselves on what they're looking for from small businesses:
http://ec.europa.eu/justice/smedataprotect/index_en.htm

Re:Multinationals Only Ones With Your Data

[Xest]

"After taking my corporate training on the European privacy law"

Oh dear, it sounds awfully like your employer bought the services of one of those parasite companies that has been fear mongering over GDPR in their training sessions so that they can sell you their other services to help you be GDPR compliant.

I had the misfortune of trying to find out what our obligations were in a few areas under GDPR, I read various articles online all contradicting each other, then I went and just read the legislation. Turns out my obligations are minimal compared to what the shit peddlers are trying to flog with their fear mongering.

If you're not collecting any PII you don't need a dedicated privacy officer. If people send you personal info all you have to do is make sure you delete it after an appropriate amount of time (which most major mail clients support), store it securely, such as in an encrypted mail store (which most major mail clients support), provide people the data you have on them whilst being able to charge them for the privilege and can be as simple as forwarding their e-mails with PII in right back at them whilst making a profit on the effort, and being able to tell people their data has been stolen if you are hacked, which is just a case of loading up your mailbox backup after the fact and bulk mailing everyone in your PII folder to let them know.

This is hardly a burden, this isn't far removed from how the vast majority of people manage their e-mail day to day anyway.

If you're only making $100 a year in Europe it doesn't sound like you actually have a European presence anyway, so if it's that much of a burden it's hardly a loss anyway, so I don't really see the problem. The cost of complying with GDPR for small businesses is clearly negligible though either way beyond the negligible time cost of setting up a few filters and automatic backup in Outlook or whatever - again, something any sane business owner is likely to be doing anyway.