Zuckerberg went to Congress and told them Facebook would support GDPR, as if the only thing GDPR is are just some controls you'd do at the user interface level (and as we learned today, that they're attempting to get around with dark pattern designs [1]).<p>GDPR is much more comprehensive than that, but most importantly it gives data privacy regulators real teeth to enforce with (fines up to 4% of global revenue).<p>The only way Americans (or anyone else besides EU citizens) will get GDPR protection is if GDPR-style regulation is enacted into law.<p>[1] <a href="https://twitter.com/zeynep/status/986591125262749696" rel="nofollow">https://twitter.com/zeynep/status/986591125262749696</a>
This article is really confusing. Basically the point is that under the current terms of service they tell you that if you are outside of the US then you are doing business with their Ireland office. Since the Ireland office is in the EU, it is subject to the GDPR. So that means that everybody outside of the US will be covered by the GDPR (because they are doing business with an EU company).<p>They are changing their terms of agreement to now say that people outside of the US are doing business with the US company. This means that only people in the EU will be covered by the GDPR. Probably that's what they should have been doing all along, but there were probably massive tax advantages to running their international company in Ireland.<p>For what it's worth, I'm a huge proponent of GDPR and I would probably do the same thing -- at least initially. They have a <i>lot</i> of users and GDPR is <i>really tricky</i> to implement when dealing with any manual processes. Limiting your exposure is common sense.<p>I'm looking forward to seeing what actually happens to Facebook when GDPR comes into force. You <i>know</i> people are going to exercise their rights and I just can't imagine they are prepared. As I've been going through this stuff in my job I can't see any easy ways to sweep this under the carpet -- you not only need to inform the user about what's going on, you actually need to record the lawful basis that you've told them you are using. If you just say, "Oh I have consent" then the user can withdraw consent. If you actually needed that information (like the user's name!) then you are absolutely screwed.<p>I fully expect some thoughtful users to nail them to the wall. And when that happens, I expect them to implement everything world wide because it will be a lot easier/cheaper than maintaining different processes all over the place.
> But the fact that the button to reject the new Terms of Service isn’t even a button, it’s a tiny “see your options” hyperlink, shows how badly Facebook wants to avoid you closing your account.<p>> <i>When Facebook’s product designer for the GDPR flow was asked if she thought this hyperlink was the best way to present the alternative to the big “I Accept” button, she disingenuously said yes, eliciting scoffs from the room of reporters.</i><p>I wonder if I could live with myself if this was my job. Although I guess if I got paid really well I would end up justifying it to myself somehow.
> Earlier this month, Facebook Chief Executive Mark Zuckerberg told Reuters in an interview that his company would apply the EU law globally “in spirit,”<p>How would they apply the law? They can't be prosecuted if they fail to uphold the same law. Saying "we'll apply the law in spirit" is just moral posturing IMO.
I don't use Facebook, but could one build a service that automatically sets Facebook's privacy settings to sensible options? A large part of the problem is that changing these through the web site is painful in the extreme.<p>I suppose I'm asking if their API provides read/write access to privacy settings. If so, there's a big opportunity here.<p>More generally, I'd like to see governments mandate that all FB user's privacy settings be reset to the max, and force Facebook to realistically inform users who want to loosen them about why they might want to do so.
So it's a weasel move. Let the record show that Facebook and Mark Zuckerberg weaseled out of GDPR to the greatest degree possible given the opportunity. It's all perfectly legal, but decidedly non-excellent and non-exemplary.
> Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company’s international headquarters in Ireland.<p>So would the GDPR have any protection for an Facebook-expatriate in the US who does not agree to the new terms, or would they still have no standing in European court as they are not citizen / residents?
> <i>Facebook to change user terms, limiting effect of EU privacy law</i><p>Ironically, EULAs ar not really enforceable in the EU. So had this been the other way EU citizens would also have been protected.
So, does GDPR applies to ?:<p>- European citizens only currently living in the EU ?<p>- European citizens worldwide ?<p>- Everyone currently living in the EU ?<p>As a European living in the US, I'm wondering.
User's generally won't care about privacy, but they will care about money. What this essentially boils down to is Facebook is charging users by taking their data, which is worth some amount of money.
On May 26th I would like to log into FB one last time and say “permanently really-delete all my data and never gather any on me ever again”. Will that be possible?
How do they manage the "no tax implications"?<p>If the Irish entity has a licence for the IP, and 70% of the value of their licence is transferred elsewhere, than how does this not realise that value to the Irish entity and not be taxable?<p>I am obviously not learned in this area, but the sleight of hand to move such a huge amount of value from one entity to another seems to me to create a huge tax liability now that the value would be leaving the tax domain.
Is this news? Facebook had already stated that it wasn’t applying GDPR to non-Europeans.<p>Also, the headline is misleading: it makes it sound like FB is trying to get around laws. Really, all it’s doing is applying laws in the required jurisdictions, which is how things always work. Where’s the controversy?