Facebook to follow strict new European privacy law -- everywhere

The company says it will extend new privacy protections to all users, even those who live outside the EU.

Katie Collins Senior European Correspondent
Katie a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read

Facebook will present all users with privacy permission screens.


Facebook will comply with tough European data privacy regulation that will kick in next month, the company says, but it will also continue to serve up targeted ads based on user data.

The social network will first roll out changes within Europe and will later extend the same protections to all users worldwide, the company said late Tuesday in a blog post.

Facebook's latest move to tighten privacy follows a month of revelations about the company's activities in recent years that enabled the misuse of personal user data by third parties, including the now-infamous Cambridge Analytica in the 2016 US presidential election. In recent weeks, Facebook updated its data policy, and CEO Mark Zuckerberg issued an apology and testified to Congress about what he acknowledged were the company's failures.

Even without this major scandal, Facebook would have been obligated to make changes in European Union countries under the upcoming law. Known as the General Data Protection Regulation (GDPR), the EU law is creating one of the biggest upheavals in online privacy in the still-short history of the internet.

GDPR comes into force on May 25 and will compel companies operating online in Europe to overhaul the way they treat people's personal data. Companies that don't comply face huge fines.

"As soon as GDPR was finalized, we realized it was an opportunity to invest even more heavily in privacy," Facebook said in its blog post. "We've also sought input from people outside Facebook with different perspectives on privacy, including people who use our services, regulators and government officials, privacy experts, and designers."

Regulators, other internet companies and the wider tech industry have been closely watching Facebook to see how the tech giant, which has long used personal data to target ads at users, will interpret the law.

Starting this week, Facebook users in Europe will start to see a pop-up asking them to make choices about their privacy and how the platform handles their data. Later, the same options will show up for Facebook users globally. All users will also be asked to agree to Facebook's updated terms of service and data policy.

Included in the choices will be the option to enable facial recognition, a feature that wasn't previously available to Facebook users in the EU and Canada.

Facebook is also building in special protections for teenagers, such as limiting the personal information that advertisers can use to target them and getting rid of the default option for new posts to be set to public.

In some countries, parental permission is required under GDPR to allow children to access certain features, which will mean some teenagers may see a restricted version of Facebook until their parents say otherwise.

Later this year, the company will introduce a global online resource center specifically for teens with answers to common privacy questions.

Cambridge Analytica: Everything you need to know about Facebook's data mining scandal.

Tech Enabled: CNET chronicles tech's role in providing new kinds of accessibility.