Mark Zuckerberg refuted a Reuters story yesterday that said Facebook would not bring Europe’s General Data Protection Regulation privacy safeguards around the world. “Overall I think regulations like this are very positive” Zuckerberg said on a conference call with reporters today. “We intend to make all the same controls available everywhere, not just in Europe.”
Zuckerberg noted that “Is it going to be exactly the same format? Probably not. We’ll need to figure out what makes sense in different markets with different laws in different places. But let me repeat this, we’re going to make all the same controls and settings available everywhere, not just in Europe.”
GDPR goes into effect on May 25th, and places requirements on data controllers, forcing them to explain to people what personal data they intend to collect and why. It’s focused around consent. Facebook has made its own moves to boost consent for ad targeting. TechCrunch reported that Facebook plans to implement a Custom Audiences Certification Tool that will require businesses to pledge that they had the consent to collect user email addresses and phone numbers that they’re uploading to Facebook for ad targeting.
GDPR also lets users request a copy of their personal information free-of-charge and get a response within a month. It gives people the right to not be subject to significant decisions by businesses that impact their privacy. Users also have some rights to erase their personal data if they withdraw consent or it’s no longer necessary for the reason it was collected. Violations can trigger hefty fines.
Zuckerberg’s statements indicate that the progressive, privacy-first legislation passed in the European Union will benefit everyone. The inability to make unilateral changes to people’s privacy and the right to erasure could hamper some of Facebook’s ability to roll out new products and require it to build stronger systems to comply with user requests. But given how much Facebook earns from our data, making it jump through some hoops to give users more agency seems like a reasonable tradeoff.
For more on GDPR, check out our explainer: