By making a minor change in its terms and conditions of use, Facebook is moving the data of all users outside of the US, Canada and the European Union from its Ireland headquarters to its offices in California, effectively escaping the EU’s new privacy protection law.
The move will be completed before the EU’s General Data Protection Regulation (GDPR) law goes into effect on May 25, and will affect users from Africa, Asia, Australia and Latin America. That’s about 70% of all Facebook users.
Under the EU’s new law, Facebook, or any company, becomes liable to fines of up to 4% of their global turnover in case of a data breach. For Facebook, that could amount to around US$1.6 billion.
In a statement to Reuters (opens in new tab), Facebook downplayed the significance of the changes made to the terms and conditions, saying, “We apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland.”
Yet, when questioned by the US Senate whether the social media giant would adhere to the GDPR, Mark Zuckerberg said yes but noncommittally referred to the GDPR “controls” as opposed to its “protections”.
Once the jurisdiction moves away from Ireland, Facebook will be governed by the more lenient laws of the US, giving the company some freedom on how it handles user data.