Facebook is putting privacy settings users may have forgotten about or failed to opt out of front and center, as the start of the General Data Protection Regulation nears. This week, Facebook shared a post stating that upon logging in, users worldwide will start seeing a list of privacy settings prompting them to review or change current settings.
True to CEO Mark Zuckerberg’s statement to the U.S. Senate that GDPR protections would be rolled out to all users, a majority of the changes aren’t just coming to the European Union, where the new privacy law applies. Facebook says that all users will be asked to review privacy settings and all users will have access to an updated Privacy Center that complies with GDPR.
The difference, according to Facebook’s announcement, is that European Union users will see these changes first. Inside the updated privacy policy, EU users will see some information only relevant to a geographic area, such as the contact information for the GDPR-required Data Protection Officer. In addition, some Facebook features for users between 13 and 15 years old will require parental consent, a change that Facebook says applies to some EU countries.
While the terms and tools will be similar, Facebook users worldwide won’t fall under the law’s protections outside the EU. According to Reuters, Facebook is moving the agreement for users outside the EU from the current Ireland international headquarters. The move means that, while Facebook insists the privacy settings and policies are similar, Facebook can’t be fined under GDPR laws for policies affecting users who don’t reside in the EU.
After logging in, Facebook users will soon be asked to confirm their privacy settings in three different areas. The first is for ad data, allowing users to review ad data and to choose whether or not to use “data from partners” to display ads on Facebook. Another screen will ask users if they’d like to continue sharing the information they filled in on their bio, including data related to religion, political views, and relationship status.
Facebook will also be asking whether or not to turn on facial recognition. Earlier this week, a judge denied Facebook’s request to toss out a lawsuit claiming the social network’s tagging suggestions violate an Illinois state law called the Biometric Information Privacy Act. Explicitly asking permission for facial recognition could be one method to protect Facebook from increasing the number of potential users in that lawsuit.
Facebook’s younger users worldwide will also see some changes under GDPR. Facial recognition will default to off for users under 18, ad categories will be limited, and public settings will be left out of the default privacy options when sharing a new post. Where the law requires, the religious, political, and “interested in” fields will be unavailable without parental consent, while Facebook will ask users in other geographic areas to choose whether or not to include the information.
Facebook users in the European Union will see this privacy review first, while the prompts will also ask users to agree to Facebook’s updated privacy policy. The new policy, Facebook says, doesn’t ask for new permissions, but attempts to be more clear on the information the network already accesses.
Facebook says users outside the European Union will see the changes “on a slightly later schedule.”
The announcement also comes as the previously shared privacy settings shortcuts roll out this week. Some privacy settings were already planned because of GDPR, but the recent Cambridge Analytica scandal influenced at minimum the timeline of implementing those changes.
Updated on April 19 to include clarification that while tools and terms are similar, the protections and fines under GDPR will not be worldwide.
