Here’s what we learned from Mark Zuckerberg’s EU hearing on privacy

After being grilled by the United States Congress last month, Mark Zuckerberg again found himself testifying before a governmental body — this time the European Parliament. In addition to the Cambridge Analytica scandal, Zuckerberg addressed issues related to the GDPR, or General Data Protection Regulation, a law going into effect in the EU on Friday, May 25.

“We haven’t done enough to prevent [Facebook] from being used for harm. We didn’t take a broad enough view of our responsibility. That was a mistake and I am sorry for it,” Zuckerberg said in his opening remarks.

Overall, Zuckerberg’s testimony before the European Parliament was very similar to his testimony before Congress. Lawmakers got a direct shot at Zuckerberg, and he delivered a set of highly practiced remarks to assuage their fears. However, he did also go into details on how Facebook intends to comply with the GDPR, an issue he didn’t have to broach with U.S. lawmakers.

“We do expect to be fully compliant on May 25, so in three days,” Zuckerberg continued, but pointed out that he’s still critical of overly strict regulations. “I don’t think the question here is whether or not there should be regulation, I think the question is what is the right regulation.”

The GDPR presents a complication for Facebook, and its stated mission of “making the world more open” so it will be interesting to see how Zuckerberg reacts to European lawmakers’ inquiries. The GDPR itself would require companies like Facebook to default to the highest privacy settings available on the platform, which is in stark contrast to Facebook’s current way of doing business, which starts users out with all the privacy settings flung wide open.

“The GDPR has more prescriptive standards and substantial fines [than previous regulations]. For example, it requires a higher standard of consent for using some types of data, and broadens the rights individuals have for accessing and transferring their data,” Facebook’s statement on its GDPR compliance reads. “Failure to comply with the GDPR can result in significant fines — up to 4 percent of global annual revenue for certain violations.”

The regulation does only cover European users, so Facebook will likely keep its current privacy defaults for anyone not in the EU. European users however, will likely end up seeing their settings change once the law goes into effect. The GDPR would also require companies like Facebook to give users the power to opt out of any data collection, and allow users to see exactly what data is being collected, why it’s being collected, how long it will be retained, and whether or not it will be shared with third parties.

It’s a massive peek behind the curtain for companies like Facebook, which profit directly from the collection and sale of user information.