The social media giant is attempting to circumvent GDPR by shifting users outside the EU who would now be governed by Facebook Inc. in the US rather than Facebook Ireland.
As a result of the new change in the terms of service of Facebook, its existing 1.5 billion users won’t be safeguarded under the new data protection laws of Europe (GDPR). This comes in the wake of Facebook being at the center of a controversy about its handling of personal data, allegations of leaking data for profit, and the mounting criticism from different quarters.
The new policy depends on the users who will be regulated via the European headquarters of Facebook in Ireland. Facebook is maintaining that it has planned transparent privacy rules worldwide and would soon act upon it.
By the new move, Facebook users outside the EU would be governed by Facebook Inc. in the US rather than Facebook Ireland. It is seen as a way of circumventing the stringent General Data Protection Regulation (GDPR) by shifting user base outside the EU. More than 70% of its 2 billion members would be impacted by this change. As of December last year, Facebook had 239 million users in the US and Canada and 370 million in Europe.
Billions under the impact
The social media giant also had 1.5 billion members in Africa, Asia, Australia and Latin America — and they are the ones affected by the change. Users in the US and Canada were never subject to European jurisdictions.
Stephen Deadman, Deputy Chief Global Privacy Officer, Facebook had said, “The GDPR and EU consumer law set out specific rules for terms and data policies which we have incorporated for EU users. We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live,”
According to Sylvia Kingsmill, Digital Privacy Expert at Consultancy, KPMG said such moves would enable the tech firms to look for loopholes and find the ways to avoid the new regulations. “I think that the public expectation is that their data, which they freely give up to corporate giants, is protected and I think this kind of move will catch up with the firms that make it,” said Kingsmill
Kingsmill further added that regulators and lawmakers in the US and Canada are working on their own version of the GDPR.
Facebook’s next move
Facebook, just like many other tech giants, established its international headquarters in Ireland, in 2008, because of the low corporate tax rate in the country. This shift also meant that consumers outside of USA and Canada would be subject to European laws and regulations.
With the new change, users outside Europe will no longer be able to lodge complaints with the Irish data protection commissioner or in the Irish courts. GDPR offers greater control to users and the penalties for data breach are very high — up to 4% of the company’s global revenue.
The Cambridge Analytica scandal rocked Facebook and it received much flak due to its negligence in handling user data and allowing companies to harvest user profiles for political purposes. Facebook CEO Mark Zuckerberg had publicly tendered an apology for the data breach.
It remains to be seen whether Zuckerberg is ready to walk the talk on data privacy following the recent controversies and actively takes up measures to boost user confidence and prevent future data breach. Meanwhile, before Facebook implements similar laws, the consumers outside Europe and US would be in a limbo.
What’s at stake here concerns not just Facebook but expresses the dire need of instituting data privacy laws worldwide and recognizing the privacy rights of the netizens. There is already a cat-and-mouse chase between cybercriminals and authorities and in the absence of proper regulatory mechanisms, legal frameworks and punitive measures. The risks of data breach are enormous and in a rapidly evolving, fast-changing, and interconnected world no one can afford to take data privacy lightly.