Facebook is planning to limit the new European legislation to protect personal data in the network only to EU customers. This will only happen with a change in the terms and conditions of use introduced by the company’s international hub in Ireland. The change will drastically reduce the scope of the new EU regulation, which comes into force on 25 May — it will cover 370 million Europeans, but over 1.5 billion people in Africa, Asia, Australia and South America will remain outside the protection legal boundries.

Facebook subscribers outside United States and Canada, whether or not are aware that they fall under the term and conditions of a service, to which they agreed, based in Ireland. However next month, Facebook is planning to introduce the new restrictions only for EU citizens, ie 1.5 billion customers will not be protected by the EU personal data regulation – GDPR.

The new move taken by Facebook and acknowledged on Tuesday, shows that the biggest social network in the world is aimed at reducing the scope of GDPR, used by EU regulation authorities to impose financial fines on companies operating with personal data without the users’ consent.

This will reduce Facebook responsibility and legal obligations, since GDPR allows authorities to impose fines of up to 4 per cent of turnover, which in Facebook case equals to billions. At present, consumer protection authorities in the EU can only impose small fines and some have no powers to impose sanctions against companies in this area at all.

This change takes place at a moment, when the social network is under the scrutiny of EU, US and Asian regulators, since the leak last month that uncovered the misuse of personal data for political and social engineering of millions users by tech company Cambridge Analytica. The new terms and conditions affect more than 70% of the 2 billion Facebook users. In December last year, the statistics show that the social network had 239 million users in USA, 370 million in EU and 1.52 billion elsewhere in the globe.

The EU regulation was adopted in regard to the accelerated development of information technology and international trade in recent decades, leading to the need for changes to the current data protection measures.

GDPR should be applied after 25 May 2018 and aims to facilitate the free movement of personal data flows within and outside the EU relating to international trade and international cooperation, while providing protection mechanisms against personal data breaches when using automated (and other means of) processing.

After 25 May 2018, the rights of individuals and obligations of data controllers and processors, with regard to privacy and the protection of personal data, will have to be taken into account at the time of the planning of a specific activity falling within the scope of the GDPR.