Social Media

A New EU Privacy Rule Is Changing How Facebook, Google Treat Your Data

The General Data Protection Regulation requires companies that collect user data to guarantee some of that data is secure and protected.

A New EU Privacy Rule Is Changing How Facebook, Google Treat Your Data
Getty Images / Chris Jackson
SMS

So far, Facebook has escaped regulation in the U.S., but that's not the case in the European Union. The EU is set to adopt a new rule on how companies handle people's personal data, so Facebook CEO Mark Zuckerberg appeared in front of the EU Parliament to discuss what those changes would look like for Facebook users worldwide. 

"Starting on May 25, we will start requiring people to go through the flows before they can resume using our services," Zuckerberg said. 

Those "flows" are new security features required by a new EU rule called General Data Protection Regulation. It requires any company that handles the personal data of EU citizens to protect any of that data that could be used to identify someone, like names, photos or email addresses. Companies that fail to meet these requirements can be fined up to 4 percent of their total global income. For Facebook, that's an estimated $1.5 billion.

The rule also grants new privacy rights to EU citizens, including the right to be forgotten, which allows people to ask companies like Google to delete any identifiable information about them. EU citizens will also be able to see the data that's been collected on them through a "data subject request."

Congress Doesn't Know How To Talk About Facebook's Data Collection
Congress Doesn't Know How To Talk About Facebook's Data Collection

Congress Doesn't Know How To Talk About Facebook's Data Collection

Facebook's data collection practices are so complicated that some members of Congress had a hard time framing questions on how it works.

LEARN MORE

These new rules may also affect Americans, like the ban on opt-out data collection practices. Now, if companies want to track users' personal data, they will have to explicitly ask for consent. 

Some American companies, like Facebook, have already started reaching out to users to let them know about the new standard. Zuckerberg has said in the past that he plans on recognizing GDPR for his own company and reiterated those claims to the EU Parliament.

"If you're coming to Facebook because you want to share something, the last thing that we want is for someone to go through the flows quicker than they need to and just click 'OK' or 'no' on a bunch of stuff," Zuckerberg said. "So we've actually been rolling out the GDPR settings and flows for a while now."

Many of Zuckerberg's data collection talking points also echoed promises he made to the U.S. Congress during his recent testimony — including holding his company to higher standards to stop the spread of fake news and data misuse. 

"We want to work with third-party fact checkers," Zuckerberg said. "If a number of third-party fact checkers all identify that a piece of news is provably false, then we'll append something to the story.”