UPDATED 05/04/18: Zuckerberg has since refuted this story in a call with reporters. As quoted by TechCrunch:
Overall I think regulations like this are very positive. We intend to make all the same controls available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in different markets with different laws in different places. But let me repeat this, we’re going to make all the same controls and settings available everywhere, not just in Europe.
Mark Zuckerberg doesn’t plan on extending the European Union’s General Data Protection Regulation (GDPR) to all Facebook users.
On 3 April, Facebook’s chief executive told Reuters in a phone interview that the social networking platform was working on applying a version of the Regulation to users worldwide. When asked what parts of the framework would be omitted for non-European users, he declined to provide any specifics.
“We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he said.
His comments no doubt disappoint many privacy advocates who are hoping Facebook along with other tech giants will implement the European Union’s privacy directive worldwide. Jeff Chester, executive director of the Center for Digital Democracy, is among them. As he made clear to Reuters:
We want Facebook and Google and all the other companies to immediately adopt in the United States and worldwide any new protections that they implement in Europe.
Zuckerberg’s hesitation on extending the GDPR worldwide comes at a time when Facebook is still in hot water for allowing a third-party app developer to scrape the data of 50 million users. In the name of damage control, the social media company revised the terms of its bug bounty program to now include instances of data misuse by app developers. It also pledged to review apps capable of accessing large amounts of users’ information and make all applications request permission to scrape users’ friends’ data.
The GDPR is set to take full effect on 25 May 2018. If companies fail to live up to the standard’s terms, they could face a fine of 20 million Euros or four percent of global annual turnover, whichever is greater.
Given those penalties, organizations need to make sure they’re compliant with the Regulation before it takes effect. Tripwire can help enterprises get there. Learn more here.