×

Facebook CEO Mark Zuckerberg told reporters during a conference call Wednesday that the company intends to make the same privacy protections that it has to implement in Europe available to all of its users. “We intend to make all the controls and settings available everywhere, not just in Europe,” Zuckerberg said. “Overall, regulations like the GDPR are very positive.”

With these comments, Zuckerberg specifically denied a Reuters story from Tuesday that stated that the company was not going to comply with new European privacy regulations outside of Europe.

Companies like Facebook have to tighten their data protections within the European Union due to a new set of regulations called the General Data Protection Regulation (GDPR). The GDPR, which goes in effect on May 25, requires companies to obtain consent before collecting data from consumers. It also gives consumers the right to learn what companies know about them and even ask a company like Facebook to delete photos or any other data they may have.

Non-compliance can be expensive: The maximum fine is up to 4% of a company’s global revenue, which would be $1.6 billion for Facebook, based on the company’s 2017 results.

Experts believe that Facebook’s previous lax treatment of consumer data, which allowed Trump campaign-linked Cambridge Analytica to access personal data from tens of millions of users of the service, almost certainly would have been a violation of these regulations.

“If the GDPR had been in effect when all this happened, Facebook would have been in deep trouble, thanks to those huge fines,” said David Meyer, a Berlin-based privacy expert who recently published a book titled “Control Shift” about digital rights. “The Cambridge Analytica episode is absolutely the sort of thing that the new law aims to stop.”

However, Zuckerberg said Wednesday that the company had long followed many of the same guidelines. “We’ve had most of what’s in there implemented around the world for years, not just in Europe,” he said.

Zuckerberg also used the call to once again issue an apology for the way it treated data protection in the past. “We didn’t take a broad enough view of what our responsibility is. And that was a huge mistake,” he said. “It is my mistake.”

Zuckerberg was also asked whether he should step aside, and whether Facebook’s board had been discussing any possible replacements. “Not to my knowledge,” he responded, adding that he still thought he was best equipped to lead the company, while also committing to take full responsibility: “I started this place, I run it, I’m responsible for what happens here. I’m not looking to throw anyone else under the bus.”

Zuckerberg’s call with reporters was part of a publicity offensive by the company, which also included publishing a draft version of a new privacy policy, as well as a post about a series of changes that Facebook is implementing to address privacy and security issues.

That post, which was pinned by the company’s chief technology officer Mike Schroepfer, also disclosed that Cambridge Analytica could have accessed data from as many as 87 million U.S. Facebook users, a number that was previously pegged at 50 million.

Asked about the discrepancy, Zuckerberg said Wednesday that the 50 million estimate was coming from news organizations, and that the company didn’t have full records on the accounts impacted by the data leak. That’s why it did calculations based on the maximum number of possibly impacted accounts. “It very well could be less,” he said.