Next month, the General Data Protection Regulation (GDPR) comes into effect in the European Union. This is probably the most comprehensive set of privacy protections for individuals and is accompanied by the strongest penalties on the planet. So, are we surprised that Facebook has reorganised things so 1.5 billion users, including Australians, will no longer be protected by these tougher regulations?
Facebook's company structure, like that of many companies, is designed to help the company minimise their taxes. That's not a new thing and has meant Facebook has had a presence in the United States and in Ireland. Data for Facebook users outside the US, Canada and EU is shifting from Ireland to California. That's data for 1.5 billion users according to reports and mainly affects users in Africa, Asia, Australia and Latin America.
Facebook first moved the business HQ to Ireland a decade ago to take advantage of more favourable tax rules. But, now that the GDPR is coming into play, those benefits seem to be less important. And while this might be seen by some as a pragmatic move, it seems pretty disingenuous given recent events and Mark Zuckerberg's recent testimony to the US Congress about wanting to protect user data.
It's very clearly a case of not putting their money where their mouth is. Breaches of the GDPR can result in fines of up to 4% of global revenue. In Facebook's case, that would be around US1.6B.
Even though most Australians are not also EU citizens, their data could be subject to the GDPR if their data is held in an EU country and is processed in some way there. I'm not a lawyer but this article, and others I've read, suggests strongly that non-EU citizen data held in the EU would be subject to the GDPR pretctions. Hence Facebook's move.