Companies large and small are updating their privacy policies and service terms to comply with upcoming European Union rules governing data and privacy. Only EU users are technically covered by the rules, formally known as the General Data Protection Regulation.
But many companies are making broader changes anyway, at least to some degree. Here’s a look at how three leading internet companies — Facebook, Google and Twitter — are adapting to a post-GDPR world.
In March, Facebook updated its privacy controls in hopes of making them easier to find and understand. CEO Mark Zuckerberg has said Facebook intends to offer those same controls and settings around the world, even though the GDPR governs only EU users.
But Facebook has been vague about applying other GDPR provisions to non-Europeans. That includes one that lets Europeans object to the processing of personal data, such as for marketing.
Facebook has also ramped up efforts to get your permission to use facial recognition to automatically identify people in photos — for instance, to make it easier to tag friends or to let you know if someone uses your photo. Facebook has been using that technology in much of the world for six years, but not in the EU and Canada, where privacy laws are stronger.
Now, EU and Canadian users are being invited to turn that feature on. Facebook says it will eventually ask everyone to reaffirm the use of facial recognition; the company previously assumed consent unless users took the initiative to turn that off.
That means users in Asia, for instance, won’t get the EU privacy protections. Facebook didn’t explicitly announce the change; The Associated Press confirmed it through checks in six countries.
Facebook also plans to offer a less-personalized version of its service for EU teens to comply with requirements it obtain parental permission before kids under 16 can, for instance, list their political or religious views online. In the U.S., the cutoff is lower, at 13. Facebook won’t ask for parental consent in such cases outside the EU, but will ask teens themselves I they want these features.
Google is also expanding the availability of Family Link, a feature that lets parents create Google accounts for their children. As part of this, parents will have to give consent to comply with new EU provisions governing teens.
The feature also gives parents tools to control Android devices, such as locking the child’s device and blocking apps. Family Link was already available in 11 countries, including the U.S., the U.K. and Ireland. Google is now making that available in the rest of the EU.
Twitter’s new policy includes a few exemptions just for Europeans. Twitter says it may receive log data from websites that embed tweets or tweet buttons. But its policy now states that Twitter won’t collect such data “from browsers that we believe” are in the EU and four countries linked to the EU by trade agreements — Iceland, Liechtenstein, Norway and Switzerland.
Twitter also provides a link to contact its data protection officer, but says it’s for those in the EU or those four non-EU countries. Twitter doesn’t say what will happen when someone outside Europe tries to make contact through that link.—ANICK JESDANUN, AP
Associated Press writers Yuri Kageyama in Tokyo, Youkyung Lee in Seoul, South Korea, Kelvin Chan in Hong Kong, Cara Rubinsky in London and Frank Jordans in Berlin contributed to this report.