GDPR represents stronger, unified data protection laws across the EU. Under the regulation, organizations are held to account for the personal data they hold and collect from people, and it enshrines the "right to be forgotten" laws as the "right to erasure." Individuals can request a copy of the personal information any company keeps on them, and find out what data is being processed and for what purpose. They'll also get the right to data portability, which means they can take data from one company and give it to another. The law, which is largely focused on data consent, is designed to be a "one-stop-shop" for companies operating across the EU, and those in breach of the legislation can be fined up to €20 million, or four percent of annual global turnover.
The implication was that North American Facebook users would get a lower standard of data protection than their European counterparts -- which naturally set the internet alight -- but Zuckerberg was quick to refute Reuters' claims. In a later conference call with reporters, he made it crystal clear that Facebook will "make all controls and settings the same everywhere, not just in Europe."
The problem is, implementing a raft of GDPR-friendly "controls and settings" is not necessarily the same as adhering to GDPR's actual principles of data control, consent, portability and erasure, leading some to question whether Zuckerberg is simply using careful wording to skirt around the issue of global GDPR compliance. Engadget reached out to Facebook for clarity on this and was repeatedly directed to a transcript of the recent call where Zuckerberg ambiguously stated, "We need to figure out what makes sense in different markets with the different laws and different places."
And in fairness, this statement holds some truth. While Facebook has now confirmed its intention to roll out GDPR benchmarks (not just "controls and settings") globally, some existing laws around the world do conflict with the upcoming EU legislation. How Facebook handles this remains to be seen. It's more important than ever before that the company is completely transparent with its privacy and data policies. Muddying the waters with vague statements and ambiguous announcements only jeopardises what little faith its user base has left in it.