Facebook applies US terms to users outside the EU, US and Canada

Facebook is changing its terms and conditions whereby users outside the EU, US and Canada will no longer have an agreement with Facebook Ireland, but with the company’s US office. As a result, US law applies instead of EU law.

Reuters writes that Facebook wants to prevent a large group of users, the news agency estimates at about 1.5 billion, from falling under the regime of the General Data Protection Regulation, which applies in the EU from 25 May. Facebook confirms to Reuters that it is making the change, but claims it is related to “EU law requires specific language” in its privacy policy. For example, the GDPR would require certain legal terminology that does not exist in the US. For US and Canada users will change and nothing and EU users will continue to have an agreement with Facebook Ireland.

According to the news agency, Facebook opened an Irish branch in 2008 to take advantage of the local tax climate. This is a practice that is also used by many other tech companies. Users within the EU will continue to have an agreement with that Irish branch, which will make them subject to EU rules. Users outside the EU, the US and Canada also had an agreement with Facebook Ireland until now, but that is about to change. As a result, they fall under US law, which offers a different level of protection.

Privacy researcher Lukasz Olejnik told The Guardian: “This is a major and unprecedented change in privacy. The change will lead to a reduction in privacy safeguards and users’ rights, with a number of implications, especially on consent requirements. It is clear that users will lose some existing rights as the standards in the US are lower than those in Europe.”

Facebook tells Reuters it plans to give all of its users worldwide the same privacy settings and controls. That corresponds with the message that the social network brought out on Wednesday in the announcement of its privacy menu. That menu it developed in response to the upcoming privacy regulation. Michael Veale, a researcher at University College London who criticized Facebook’s action to Reuters, notices that the measures are just Facebook’s interpretation of the rules.

In an earlier interview with Reuters, Facebook CEO Mark Zuckerberg said he would only apply the GDPR protections globally “in spirit” i.e. only “the spirit” of the legislation. While Facebook is currently at the center of attention due to the Cambridge Analytica scandal, other companies are taking similar actions, according to Reuters. It cites LinkedIn as an example. That company responds: “We simply streamlined the contract location so that users understand which LinkedIn location is responsible for processing their data.”