Bid to cut exposure to EU ‘privacy law’
Facebook under pressure
SAN FRANCISCO, April 19, (RTRS): If a new European law restricting what companies can do with people’s online data went into effect tomorrow, almost 1.9 billion Facebook Inc users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller.
Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company’s international headquarters in Ireland.
Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25.
The previously unreported move, which Facebook confirmed to Reuters on Tuesday, shows the world’s largest online social network is keen to reduce its exposure to GDPR, which allows European regulators to fine companies for collecting or using personal data without users’ consent.
That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook’s case could mean billions of dollars.
The change comes as Facebook is under scrutiny from regulators and lawmakers around the world since disclosing last month that the personal information of millions of users wrongly ended up in the hands of political consultancy Cambridge Analytica, setting off wider concerns about how it handles user data.
Change
The change affects more than 70 percent of Facebook’s 2 billion-plus members. As of December, Facebook had 239 million users in the United States and Canada, 370 million in Europe and 1.52 billion users elsewhere.
Facebook, like many other US technology companies, established an Irish subsidiary in 2008 and took advantage of the country’s low corporate tax rates, routing through it revenue from some advertisers outside North America. The unit is subject to regulations applied by the 28-nation European Union.
Facebook said the latest change does not have tax implications.
In a statement given to Reuters, Facebook played down the importance of the terms of service change, saying it plans to make the privacy controls and settings that Europe will get under GDPR available to the rest of the world.
“We apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland,” the company said.
Earlier this month, Facebook Chief Executive Mark Zuckerberg told Reuters in an interview that his company would apply the EU law globally “in spirit,” but stopped short of committing to it as the standard for the social network across the world.
In practice, the change means the 1.5 billion affected users will not be able to file complaints with Ireland’s Data Protection Commissioner or in Irish courts. Instead they will be governed by more lenient US privacy laws, said Michael Veale, a technology policy researcher at University College London.
Facebook will have more leeway in how it handles data about those users, Veale said. Certain types of data such as browsing history, for instance, are considered personal data under EU law but are not as protected in the United States, he said.
The company said its rationale for the change was related to the European Union’s mandated privacy notices, “because EU law requires specific language.” For example, the company said, the new EU law requires specific legal terminology about the legal basis for processing data which does not exist in US law.
Ireland was unaware of the change. One Irish official, speaking on condition of anonymity, said he did not know of any plans by Facebook to transfer responsibilities wholesale to the United States or to decrease Facebook’s presence in Ireland, where the social network is seeking to recruit more than 100 new staff.
Facebook released a revised terms of service in draft form two weeks ago, and they are scheduled to take effect next month.
Other multinational companies are also planning changes. LinkedIn, a unit of Microsoft Corp, tells users in its existing terms of service that if they are outside the United States, they have a contract with LinkedIn Ireland. New terms that take effect May 8 move nonEuropeans to contracts with US-based LinkedIn Corp.
LinkedIn said in a statement on Wednesday that all users are entitled to the same privacy protections. “We’ve
simply streamlined the contract location to ensure all members understand the LinkedIn entity responsible for their personal data,” the company said.
Meanwhile, Facebook Inc’s Chief Executive Mark Zuckerberg came under pressure from EU lawmakers on Wednesday to come to Europe and shed light on the data breach involving Cambridge Analytica that affected nearly three million Europeans.
The world’s largest social network is under fire worldwide after information about nearly 87 million users wrongly ended up in the hands of the British political consultancy, a firm hired by Donald Trump for his 2016 US presidential election campaign.
European Parliament President Antonio Tajani last week repeated his request to Zuckerberg to appear before the assembly, saying that sending a junior executive would not suffice.
EU Justice Commissioner Vera Jourova, who recently spoke to Facebook Chief Operating Officer Sheryl Sandberg, said Zuckerberg should heed the lawmakers’ call.
“This case is too important to treat as business as usual,” Jourova told an assembly of lawmakers.
“I advised Sheryl Sandberg that Zuckerberg should accept the invitation from the European Parliament. (EU digital chief Andrius) Ansip refers to the invitation as a measure of rebuilding trust,” she said.
Facebook did not respond to a request for comment. Zuckerberg fielded 10 hours of questions over two days from nearly 100 US lawmakers last week and emerged largely unscathed. He will meet Ansip in San Francisco on Tuesday.
Another European lawmaker Sophia in’t Veld echoed the call from her colleagues, saying that the Facebook CEO should do them the same courtesy.
“I think Zuckerberg would be well advised to appear at the Parliament out of respect for Europeans,” she said.
Lawmaker Viviane Reding, the architect of the EU’s landmark privacy law which will come into effect on May 25, giving Europeans more control over their online data, said the right laws would bring back trust among users.