Why Facebook Fears the EU's New Privacy Rules

Facebook Chief Executive Officer Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg have apologized (again and again) for the company's handling of user data. The best indication that they aren't actually sorry, however, is the social network's intention to change its terms of service to put all non-European users under the jurisdiction of its U.S. headquarters rather than the international headquarters in Dublin, Ireland. That means users in Africa, Asia, Australasia, and Latin America won't be covered by the European Union's General Data Protection Directive, which goes into effect on May 25. The U.K. may also get a carve-out after Brexit.

Facebook's admission of the planned change comes immediately after the company effectively promised to apply GDPR protections to the entire world. "Today we're introducing new privacy experiences for everyone on Facebook as part of the EU's General Data Protection Regulation (GDPR), including updates to our terms and data policy," the company wrote in a blog post on Wednesday. "Everyone — no matter where they live — will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook." But once non-European users' agreements are no longer with Facebook Ireland, now responsible for all of the company's activities outside North America, they won't be able to hold the company legally responsible for GDPR violations. In effect, they'll be subject to toothless U.S. privacy laws.