Facebook Inc Chief Executive Mark Zuckerberg said on Tuesday the social network had no immediate plans to apply a strict new European Union law on data privacy in its entirety to the rest of the world, as the company reels from a scandal over its handling of personal information of millions of its users.
Zuckerberg told Reuters in a phone interview that Facebook already complies with many parts of the law ahead of its implementation in May.
He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions, which he declined to describe. His comments signals that U.S. Facebook users, many of them still angry over the company’s handling of personal information, may soon find themselves in a worse position than Europeans.
Last month, Facebook acknowledged that personal information about more than 50 million users wrongly ended up in the hands of consultancy Cambridge Analytica, which worked on U.S. President Donald Trump’s 2016 campaign.
The European law, called the General Data Protection Regulation (GDPR), is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted.
Apple Inc and some other tech firms have said they do plan to give people in the United States and elsewhere the same protections and rights that Europeans will gain.
Asked what parts of the EU law he would not extend worldwide, Zuckerberg said: “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing.” He did not elaborate.
Shares of Facebook closed up 0.5 percent on Tuesday at $156.11. They are down more than 15 percent since the Cambridge Analytica scandal broke on March 16.
Push for data privacy
Privacy advocacy groups have been urging Facebook and its Silicon Valley competitors such as Alphabet Inc’s Google to apply EU data laws worldwide, largely without success.
“We want Facebook and Google and all the other companies to immediately adopt in the United States and worldwide any new protections that they implement in Europe,” said Jeff Chester, executive director of the Center for Digital Democracy, an advocacy group in Washington.
Google and Facebook are the global leaders in internet ad revenue.
Both based in California, they possess enormous amounts of data on billions of people.
Google has declined to comment on its plans.
Zuckerberg said many of the tools that are part of the law, such as the ability of users to delete all their data, are already available for people on Facebook.
“We think that this is a good opportunity to take that moment across the rest of the world,” he said.
When GDPR takes effect on May 25, people in EU countries will gain the right to transfer their data to other social networks, for example.
Facebook and its competitors will also need to be much more specific about how they plan to use people’s data, and they will need to get explicit consent.
GDPR is likely to hurt profit at Facebook because it could reduce the value of ads if the company cannot use personal information as freely and the added expense of hiring lawyers to ensure compliance with the new law.
Failure to comply with the law carries a maximum penalty of up to 4 percent of annual revenue.