OK, I’ll go ahead and say it: Mark Zuckerberg’s reputation is in the toilet right now. As the company suffers scandal after scandal and the price of its shares continue to drop like they’re hot, Zuck has fumbled to make amends. And now, presented with a great opportunity to win back customers and investors alike, he’s like “Mm, no thanks.”

That opportunity: The General Data Protection Regulation (GDPR), the European Union’s new law on data privacy. It ensures that every individual on the internet has a right to know which company has what data about them, plus the right to have it destroyed. To be active in the EU, websites, including social media, must comply with the new regulations that take effect on May 25.

So Facebook is making the necessary changes, as you may expect, because there were some 252 million Facebook users in the EU alone in June 2017. But according to a report from Reuters, those privacy protections won’t extend to people in other countries.

Let’s be clear: the site already has the technological capabilities to do this for users in whatever country it damn well pleases. But it’s simply choosing not to.

It’s almost as if Mark forgot what got his company into this big stinking Cambridge Analytica mess in the first place. What makes Americans (and the rest of the world) inherently unworthy of having the same privacy rights as their European counterparts?

Predictably, Zuckerberg deflected any suggestions that the choice was malicious, telling Reuters about his plans for the rest of the world, “we’re still nailing down details on this, but it should directionally be, in spirit, the whole thing.” In spirit? Really?

This isn’t likely to appease American Facebook users, who are still fuming over the company giving away their data to shady political consultancy groups.

Zuck didn’t do any more explain his choice, but he didn’t really have to. Keeping things the way they are for users outside the EU means Facebook can keep making money (and a lot of it) from the data the company harvests. And it has no legal requirement to change. So why should it?

“If user privacy is going to be properly protected, the law has to require it,” Nicole Ozer, the director of technology and civil liberties at the American Civil Liberties Union in California, told Reuters.

Regardless of what Zuckerberg’s vision of the future of data privacy in the U.S. looks like, the decision not to extending the same privacy rights to all users worldwide looks shady as hell.