LONDON — Mark Zuckerberg promised to extend Europe's revamped privacy rules across all of Facebook's global empire. That pledge is already running into trouble.

Amid an international uproar over alleged mishandling of personal data that affected as many as 87 million Facebook users worldwide, European and U.S. privacy experts are raising concerns that the social network's rollout of facial recognition across the 28-member bloc may not comply with new EU data protection standards that come into force on May 25.

The technology, which reviews uploaded photos to automatically identify individuals' faces on the social network, was barred in Europe in 2011 after local regulators claimed Facebook had not obtained people's consent for their images to be included in such widespread scans of online images. Facebook now uses the technology outside of the EU, including in the United States.

As part of Europe's pending privacy overhaul, the social networking giant said it would ask Europeans to opt in to use the technology, and it has started running tests with a small percentage of its EU users.

Those plans, according to some privacy campaigners and lawyers, do not comply with the region's strict privacy standards because the images on Facebook of people who have not opted into the technology may be analyzed without their explicit consent — a strict requirement under the Continent's new privacy standards known as the General Data Protection Regulation, or GDPR. Failure to comply with these rules may result in fines of up to €20 million or 4 percent of a company's global revenue, whichever is greater.

“We’ll get the right level of consent to use facial recognition going forward” — Stephen Deadman, Facebook’s global deputy chief privacy officer

"Facebook is, by design, running facial recognition on people who have explicitly not given their consent," said Simon McGarr, director of Data Compliance Europe, a consultancy that advises companies about how to abide with Europe's privacy rules, in Dublin. "They have no legal basis for doing that."

A group of U.S. consumer groups also filed a complaint on Friday with the Federal Trade Commission, the American agency in charge of consumers' privacy rights, against Facebook's use of its facial recognition technology, accusing the tech giant of failing to gain people's consent before scanning people's digital images.

"This automated, deceptive, and unnecessary identification of individuals undermines user privacy, ignores the privacy settings of Facebook users, and is contrary to law in many parts of the world," the U.S. complaint said.

Facebook rejected claims that it did not comply with European and U.S. privacy standards, adding that all photos on Facebook were already processed by the company to comply with its terms of service, including the removal of explicit imagery like child pornography from the social network.

The company said only photos of people who had opted into its facial recognition technology would then be scanned — a process, according to Facebook, that would help to protect users from their photos being misused on the digital platform without their knowledge.

"We'll get the right level of consent to use facial recognition going forward," Stephen Deadman, Facebook's global deputy chief privacy officer, said in an interview last month in reference to the technology's pending rollout in Europe.

The renewed focus on Facebook's privacy standards comes days before Zuckerberg, the company's 33-year-old chief executive, will testify to U.S. lawmakers about the company's role in how data from almost 90 million of its users was illegally obtained by Cambridge Analytica, a London-based data firm that worked for Donald Trump's 2016 U.S. presidential campaign. Both companies deny any wrongdoing.

Zuckerberg said Facebook will extend the privacy controls available under Europe's new data protection rules, including the ability for individuals to remove their consent on how companies use their data whenever they chose, across the company's global network of 2.2 billion users. Under Facebook's current privacy setting, its non-EU users can already opt out of the facial recognition technology.

"We need to figure out what makes sense in different markets with the different laws and different places," Facebook's chief executive said in reference to Europe's privacy standards. "But — let me repeat this — we’ll make all controls and settings the same everywhere, not just in Europe."

“Facial recognition must be strictly limited to those users who have opted in to that technology” — Johannes Caspar, Hamburg’s data protection commissioner

Much will now depend on the privacy regulator in Ireland, which oversees the data protection rights for the company's non-American users because Facebook's international headquarters are in the low-tax country.

The regulator said it was working with its counterparts in France, Germany and the United Kingdom, where Facebook is testing its facial recognition technology. Authorities have asked Facebook whether it would need to scan all of its European users' faces as part of the company's plans. Until those questions are answered, it is unclear if the company would be able to use the technology across the bloc.

"The issue of compliance of this feature with the GDPR is therefore not settled at this point," said Graham Doyle, a spokesman for the Irish privacy watchdog.

Other European regulators are similarly keeping a close eye on Facebook's plans ahead of the company's expected rollout of its facial recognition technology by the end of May, when Europe's new privacy standards come into full force.

"Facial recognition must be strictly limited to those users who have opted in to that technology," Johannes Caspar, Hamburg's data protection commissioner, said in an email. "We expect Facebook to take all necessary safeguards and be transparent to users and supervisors."