clock menu more-arrow no yes mobile

Filed under:

Facebook is taking its first steps to comply with Europe’s strict data privacy rules

The EU’s data privacy rules — the GDPR — kick in on May 25. Since the U.S. Congress is unlikely to act, the EU rules will become the prevailing standard.

Facebook CEO Mark Zuckerberg
Facebook CEO Mark Zuckerberg
Chip Somodevilla / Getty

Facebook is taking its first formal steps this week toward complying with the European Union’s new data privacy regulations, known as the GDPR, which are set to go into effect on May 25.

As part of the new rules, tech companies like Facebook will be required to add more privacy controls and better explain how and why it collects user data. It’s one of the main reasons Facebook recently rewrote its terms of service and data policies.

Starting this week, the social giant will ask users to actually agree to those new terms, and in the EU it will finally prompt users to opt in to the company’s use of facial recognition software, which Facebook hasn’t used in Europe because of regulations.

Facebook’s new prompt for users in the EU will ask for their permission to use facial recognition software.

Facebook announced these next steps in a blog post late Tuesday (early morning Wednesday in Europe). The post included an outline of different things Facebook claims it will do in order to start “complying with new privacy laws.” Most of what Facebook plans to do is to just alert people to features the company already offers.

For example, it will prompt users to review information they’ve shared on their public profile, including religious affiliation or relationship status. It will also ask users to review their ad preferences — mainly whether or not they can be targeted with ads using data from organizations other than Facebook, like a user’s browsing history or activity on other websites or apps.

Facebook already offers ways for people to edit their profiles, or opt out of these types of targeted ads, according to a spokesperson. Instead, the update announced Tuesday is that Facebook will simply be reminding people to review this information.

It will eventually prompt users in other parts of the world, including the U.S., to do the same, but it will start this week with those in Europe.

Facebook’s compliance with GDPR is important, and not just for those in the EU. Despite Mark Zuckerberg’s 10-hour, multi-day public testimony last week before Congress to answer for the Cambridge Analytica scandal, it’s unclear how and when U.S. lawmakers will actually regulate Facebook and its data collection practices. At this point it’s unlikely the U.S. will pass new regulations.

But Zuckerberg has promised to make the GDPR regulations standard for all of Facebook users, not just those in Europe. During his testimony last week, he said, “I think the GDPR in general is going to be a very positive step for the internet.”

Facebook will require some younger users to get parental approval to use the service, as required by GDPR regulations.

That’s not entirely true, though, as the requirements won’t be identical for everyone.

In the EU, for example, some countries will require teens under 15 to get parental consent to use Facebook, so the company has slightly different terms to accommodate. And while it will ask EU citizens to opt in to Facebook’s facial recognition technology, that technology was already in use in the U.S., and will remain opt out, which means it will be used by default, a spokesperson confirmed.

The updates come at an interesting time for the company. Not only is it trying to comply with GDPR, but it’s also dealing with the negative backlash from users and media following revelations that its data policies allowed the personal information of as many as 87 million unknowing users to end up in the hands of an outside data firm that worked with U.S. President Donald Trump during the 2016 election.

That is to say, these regulations are killing two bids with one stone: Appeasing EU regulators and, hopefully for Facebook, appeasing other angry lawmakers around the world who can’t get their own regulations in place.

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.