Facebook and its virtual reality subsidiary Oculus both tweaked their privacy tools this week to get ready for the European Union’s new privacy regulations, which are set to take effect next month. And while those changes affect users around thew world, Facebook also quietly separated its privacy regimen to make sure that users outside of the E.U. aren’t covered by European regulations.
The European Union’s General Data Protection Regulation (GDPR) goes in effect on May 25. It requires companies to obtain consent before collecting data from consumers, and gives consumers the right to learn what companies know about them. Finally, consumers can request that companies delete any data they have stored on them.
To prepare for this, Facebook announced a number of changes this week. The company will ask users to review some of its privacy settings, including whether they consent to Facebook using third-party data to personalize ads on the platform. The company also promised special protections for users under 18, which include not enabling facial recognition for any photos uploaded to Facebook.
It’s worth noting that not everything Facebook announced is exactly new. The company has offered users tools to download their data for some time. Similarly, Oculus announced Thursday that it would add a code of conduct to its terms of service. However, that code of conduct had already been in place separately from its terms of service in the past.
In addition to these announcements, Facebook is also changing how it governs the data of its users to exempt the vast majority of them from the reach of GDPR regulations, according to a Reuters report. Up until now, Facebook’s members had been governed under terms of service agreed upon with the company’s international subsidiary in Ireland, which could force the company to give these users the same legal rights as E.U. citizens.
Now, Facebook is set to legally separate European users from those outside of Europe. That’s especially relevant if Facebook was ever found to violate any GDPR provisions. Europe’s new privacy laws come with stiff penalties, and could cost violators as much as 4 percent of their global annual revenue.
Facebook CEO Mark Zuckerberg, who has been in the hot seat over his company’s handling of consumer data, had in recent weeks committed to bringing GDPR-compliant tools to all of the company’s users. “We intend to make all the controls and settings available everywhere, not just in Europe,” Zuckerberg said during a briefing with reporters earlier this month. “Overall, regulations like the GDPR are very positive.”