SAN FRANCISCO: Stringent new data privacy protections will be introduced by the European Union next month, yet Facebook was reported to be holding back from committing itself to applying them to all its users around the world.

But late yesterday, CEO Mark Zuckerberg told reporters that “We’re going to make all the same controls and settings available everywhere, not just in Europe”.

This follows an interview with Reuters in which Zuckerberg is reported to have agreed “in spirit” with the privacy guarantees contained within the EU’s General Data Protection Regulation (GDPR), but suggested the company would want exceptions.

“We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he said without elaborating on what elements of the GDPR would be applied for Facebook users worldwide.

He argued that many of the protections provided by the GDPR already form part of Facebook’s privacy settings, such as the ability of users to delete their data.

“We think that this is a good opportunity to take that moment across the rest of the world,” he said. “The vast majority of what is required here are things that we’ve already had for years across the world for everyone.”

Earlier this year, Facebook outlined guidelines and the governing principles for its handling of user data, which included some overlap with the GDPR, and argued at the time that many of the GDPR principles have informed its products and privacy practices for a long time.

However, by stopping short of committing to the GDPR protections as the standard for the world, Zuckerberg signalled in his interview that American users “could find themselves in a worse position than Europeans”.

Although Google has declined to comment on its plans, Reuters noted that Apple and some other technology firms have plans to give people in the US and elsewhere the same privacy rights as Europeans will gain from May 25 onwards.

For example, the GDPR requires users to be notified when their personal data is breached, empowers them to demand what personal data a company holds on them and how that data is used, as well as containing an option for data to be deleted.

Sourced from Ars Technica, Reuters; additional content by WARC staff