Facebook Moves 1.5 Billion Users to California Servers for Nothing?

TDA
  • Date Published
  • Categories Editorial, News
  • Reading Time 4-Minute Read

Last week Facebook made an announcement implying that everyone would be covered by GDPR equally, regardless of where they are located. This was somewhat disingenuous on Facebook’s part, as the announcement of the move of servers indicates anything but this.

The General Data Protection Regulation (GDPR) has been the looming concern of the tech industry (and those involved with the Big Data industry) since its announcement and pre-implementation phase beginning in April 2016, but the final deadline for companies is rapidly approaching. On the 25th of May, 2018, GDPR will take effect and any firms not in complete compliance could risk being fined up to 20 million euros, or 4% of their total (global) revenues of the year prior. However, despite the collective panic and preparation within the industry, people are still uncertain what the exact rules of the law are, as the document given to the public is quite confusing to those who are not GDPR Officers (and may even be confusing to them).

Facebook, however, is not willing to risk anything regarding GDPR compliance (but still wishes to protect their revenue model), especially after the recent spectacle Mark Zuckerberg headlined in Congress. Last week Facebook made an announcement implying that everyone would be covered by GDPR equally, regardless of where they are located, by publishing a blog post titled “Complying With New Privacy Laws and Offering New Privacy Protections to Everyone, No Matter Where You Live.” This was somewhat disingenuous on Facebook’s part, as the announcement of the move of servers indicates anything but this. Reuters’ source, “One Irish official, speaking on condition of anonymity, said he did not know of any plans by Facebook to transfer responsibilities wholesale to the United States or to decrease Facebook’s presence in Ireland, where the social network is seeking to recruit more than 100 new staff.” Facebook’s plan is that the Irish office will continue to manage the financials of the corporation, as the Irish corporate tax rate is far lower than the US’ or other EU constituents’ corporate tax rates, on average.

These non-EU user profiles comprise 70% of Facebook’s total user-base, and clearly constitute a veritable tsunami of fines were Facebook to not address the GDPR-status of these profiles. We may logically assume Facebook has the majority of the public’s attention drawn to their activities and business dealings since the congressional hearing last week, and GDPR may drag them back to a governmental hearing (be it US or EU-hosted) if they did not recognize this threat and diffuse it as quickly as possible. Their solution, however, may not have actually be as much of a shield as they wish it to be.

The articles within the GDPR documentation raise more questions than they provide the answers to, which is a major issue to those who wish to understand both how to protect their personal data, and to the multinational corporations who process a large quantity of data daily. These non-EU profiles create a problem because of the technicalities of GDPR protections, as the law protects not only direct citizens of the EU, but also those who have their data processed within the EU (to an extent) and those who are receiving services within the EU. So, the question people should be asking is whether or not the service is delivered in the country one may access Facebook, or if the service is held to the laws of the server-hosting country. It seems Facebook would claim the latter to be true, as they most likely have sent their legal team on a quest to conquer the labyrinth of GDPR. The riddles it presents to the uneducated public may not be the biggest issue for Facebook’s lawyers, but we cannot be certain of this, as GDPR has not even taken effect yet, and will not until May 25th. Even they may have misunderstood the terms.

So, unfortunately for the time being it seems that GDPR is a deep fog many are concerned with, and disoriented by, but only a select few understand on a deeper level. Does Mark Zuckerberg understand, does Facebook understand, and was the move of the servers from Ireland to California actually effective in protecting Facebook from the perils of GDPR repercussions? This remains to be seen, but will be seen soon enough. GDPR is looming on the horizon, the wave is rising, brace yourselves.