Facebook has quietly moved 1.5 billion of its users out of reach of sweeping new privacy regulations before they have even come into force — and claims that the move is actually in their best interests.
Reuters spotted Facebook's tweak to its terms and conditions, which will mean that users outside the US, Canada, and the EU will not be protected by Europe's new General Data Protection Regulation (GDPR) laws, due to come into force on May 25.
The timing of the story is unhelpful for Facebook. With data protection in the spotlight following Cambridge Analytica harvesting information from 87 million US Facebook users, the company has admitted it must learn from its mistakes. GDPR, by sheer coincidence, offers an opportunity for the firm to put its house in order.
Facebook has already started to implement GDPR changes — and it is doing so for users across the world. But by moving 1.5 billion users in Africa, Asia, Australia, and Latin America out from under the regulation, it suggests that for these people Facebook intends to follow the spirit of the law, but not the letter.
Indeed, CEO Mark Zuckerberg admitted as much in his hearings in front of US Congress last week. "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing," he said.
The change to terms and conditions Facebook is making — which moves responsibility for users not in the US, Canada, or the EU users from its Ireland to California —niftily means that the company won't have to pay fines of up to 4% of its global turnover for data breaches in countries that aren't sheltered by the rules.
But Facebook says this in the best interests of these users.