Facebook announced a new push last week to better explain its efforts to protect user data before the European Union’s new data protection law takes effect in May.

The privacy principles, separate from the company’s terms and policies, include a commitment to protect user privacy at the outset of product design and help people understand how their data is used.

The changes are the result of the E.U.’s General Data Protection Regulation, or GDPR. Back in 2015, the European Commission created the rules to give European citizens more control over the data collected about them by major tech companies such as Facebook, Google and Amazon.

Under the provisions, tech companies will have to inform regulators within three days after discovery of a data breach. Citizens also will have the right to request that certain data about them be removed from the web. Minors under the age of 16 who want to use digital services will first receive parental consent under the new rules. And national regulators will be able to issue fines if companies collect personal data without consent or misuse personal data.

The rules are significant because they are some of the most robust since the dawn of the internet, exceeding consumer protection in the U.S.

Facebook said it will launch a new privacy center this year for its 2 billion users, allowing them to change their core privacy settings in a single place on their Facebook accounts.

The initiative is an example of how tech industry efforts to comply with the GDPR will spill over to users in the U.S.

“Our apps have long been focused on giving people transparency and control, and this gives us a very good foundation to meet all the requirements of the GDPR and to spur us on to continue investing in products and in educational tools to protect privacy,” said Facebook Chief Operating Officer Sheryl Sandberg at an event in Brussels last week.

The GDPR rules apply both to European companies and to American companies that collect the data of European residents. In Europe, Facebook has been the focus of several privacy investigations by government watchdogs in recent years.

“The release of these privacy principles was to essentially get ahead of the GDPR,” said Frances Zelazny, the vice president of BioCatch, a security company that uses behavioral biometrics. “Facebook knows that if they are not prepared, they could get into trouble down the road.”


Shaban writes for the Washington Post.