Advertisement

Facebook has moved billions of accounts out of reach of new European privacy rule

Facebook has moved billions of accounts out of reach of the new regulation.

Facebook chief Mark Zuckerberg (L) is welcome by the President of the European Parliament Antonio Tajani (R) prior to their meeting on May 22, 2018 in London, England. (Photo by Thierry Monasse/Corbis via Getty Images)
Facebook chief Mark Zuckerberg (L) is welcome by the President of the European Parliament Antonio Tajani (R) prior to their meeting on May 22, 2018 in London, England. (Photo by Thierry Monasse/Corbis via Getty Images)

Facebook CEO Mark Zuckerberg held the next step of his worldwide apology tour on Tuesday, when he met with lawmakers at the European Parliament in Brussels to discuss privacy and personal data concerns in wake of the Cambridge Analytica scandal.

Although the meeting was markedly shorter than the marathon session Zuckerberg endured at the hands of U.S. lawmakers, he still stuck to the same conciliatory style. He apologized for mishandling user information and pointed to the steps Facebook had taken to improve its platform, including deploying advanced Artificial Intelligence tools ahead of the French and German election, and recently shutting down over 250 inauthentic accounts.

Crucially, Zuckerberg also voiced support for a major piece of European legislation set to come into place this Friday, called the General Data Protection Regulation. (GDPR). The GDPR gives individuals the right to ask corporations to reveal or delete information they have on them, and requires consent before data companies gather information about individuals. Crucially, the GDPR allows regulators to fine companies up to 4 percent of their global revenue for privacy violations — which amounts to around $1.6 billion for Facebook.

“At the heart of Europe’s new data protection law, the GDPR, are three important principles; control, transparency and accountability,” Zuckerberg told the European Parliament. “We’ve always shared these values … now, we’re going even further to comply with these strong new rules. We’re making these same controls and settings available to people who use Facebook around the world.” Zuckerberg also previously told Reuters that he supported the act “in spirit.”

Advertisement

But while Zuckerberg’s rhetoric may seem to voice support for the GDPR, the actions of Facebook tell a different story. In April, it emerged that Facebook moved the responsibility for all non-U.S. and Canadian accounts — which total 1.5 billion — from Ireland, where the GDPR has jurisdiction, to California, where it does not. An email sent by Facebook right before Zuckerberg’s Congressional hearings, obtained by Politico, showed the company asking for help from conservative and libertarians in coming up with ideas to help resist GDPR-style rules.

What’s more, Zuckerberg’s comments to European lawmakers about the GDPR — expressing his support, while rolling out the tools necessary to comply in order to appear ahead of the game — bear a striking similarity to something Zuckerberg told CNN’s Laurie Seagall in March.

“I’m actually not sure we shouldn’t be regulated,” Zuckerberg said, before explaining that Facebook “has already started rolling out ad transparency tools that accomplish most of the things that are in all the bills that people are talking about today.” In essence, Zuckerberg is perfectly fine with regulation — so long as he gets to dictate what type of regulation it is.

Zuckerberg’s double standard was called out at the European Parliament by Belgium politician Guy Verhofstadt, who grilled Zuckerberg as to whether Facebook moving the responsibility of users back to California was legal, as well as whether Facebook would compensate users whose data was stolen, and whether Zuckerberg would consider splitting his company up. Zuckerberg didn’t answer Verhofstadt’s questions.

Advertisement

“The only way [to solve this] in my opinion … is to have public regulation to do so,” Verhofstadt said. “It’s a little bit like the banks in 2006 through 2008. They said ‘oh we’ll do self-regulation, don’t bother, we’re gonna do it ourselves’. The reality is that they didn’t do it themselves.”