All 2.2 billion people who use Facebook soon will see changes to their privacy settings, in response to a sweeping new privacy law in Europe. But American users won’t see exactly the same thing as their European counterparts.
The social network has been under heavy scrutiny for not clearly explaining how it shares, uses and protects data after the Cambridge Analytica revelations, as last week’s congressional hearings with CEO Mark Zuckerberg illustrated.
These new changes, in the works for months, are supposed to make the why and how of Facebook’s data collection clearer. People using Facebook will start seeing the new designs appropriate to their region next week.
The new law, the General Data Protection Regulation or GDPR, takes effect on May 25. The law is incredibly complex, but has two main data goals — to give people control over what data they hand over to companies, and to require companies to be more open about how they use that data.
The United States has no similar law, but a couple politicians in the hearings asked Zuckerberg to commit to giving Americans the same protections as Europeans under the GDPR. He did.
Facebook confirmed that it’s intention is to extend the spirit of the European standard to all its users.
“The GDPR and EU consumer law set out specific rules for terms and data policies which we have incorporated for EU users,” said Stephen Deadman, Facebook’s deputy chief global privacy officer. “We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that.”
As a result of the law, Facebook is overhauling the look of three settings, and asking users to re-evaluate them:
l Facial recognition data
l Specific profile information such as political affiliation or religious views
l Data shared with outside companies so that Facebook can serve ads.
While Facebook is making those changes, those privacy protections don’t have the same weight of the law behind them in the United States as they do in Europe. Here, they’re backed by Facebook’s promise.
That difference between the EU law and Facebook’s agreement for U.S. users manifests itself in a couple ways. The most notable of these are policies that apply to children between 13 and 15.
No one technically under 13 is supposed to have a full Facebook account.
Under GDPR, parents or guardians have to give their explicit approval before teens of that age can see ads based on their interests on Facebook or its sister network Instagram.
In the United States, as there is no comparable GDPR law, Facebook is going to give teens the option not to be served ads based on their interests, but it won’t ask for parental consent.
Other differences are more subtle. Facebook’s facial recognition wasn’t previously turned on in Europe or Canada, after regulators questioned whether Facebook was properly getting permission to collect that information.
Now, all European users will see a new option to flip facial recognition on — both for security reasons such as identifying faked accounts and for Facebook to use the data itself.
Some U.S. users will see this, others won’t. Facebook has this option turned on by default in the United States.
Americans who’ve already turned off this feature shouldn’t see this screen again. Facebook simply will keep the feature off.