Facebook has quietly altered its terms of service, making stricter Irish data protection laws no longer binding on the vast majority of its users. The revision was first reported Wednesday by Reuters.
Now, Facebook’s headquarters in California will be responsible for processing any relevant legal claims, and American law will be binding for those outside the EU.
Previously, CEO Mark Zuckerberg had said Facebook would implement new EU rules “everywhere.” While Facebook may claim that it is offering EU-style control globally, removing this provision in its own terms of service suggests that the company is trying to mitigate its potential legal liability.
“We want to be clear that there is nothing different about the controls and protections we offer around the world,” the company wrote in a public blog post on Tuesday. However, this doesn’t appear to apply to the specific legal terms, but it is limited, instead, to the features in Facebook itself.
Prior to the change, Facebook users not only in the European Union, but worldwide—outside of the United States and Canada—were subject to Irish laws as they had signed a contract with Facebook Ireland Limited.
Irish data laws will now only apply strictly to EU users. By eliminating the link to Irish data-protection law, Facebook is removing 1.5 billion users from the EU’s new General Data Protection Regulation, which goes into effect next month.
The United States, for example, does not enshrine an affirmative right of individuals to access data held by private companies.
By comparison, according to the Irish Data Protection Commissioner: “Under Section 3 of the Data Protection Acts, you have a right to find out, free of charge, if a person (an individual or an organization) holds information about you. You also have a right to be given a description of the information and to be