Facebook is quietly looking to limit the number of users that will be protected by Europe's tough new data law, according to Reuters.

Outside of the U.S. and Canada, Facebook's users agree to terms and conditions that are tied with the social media company's operation in Ireland.

So, as the EU's General Data Protection Regulation (GDPR) is set to come into force on May 25, even non-EU users would have had their data protected by the law on Facebook.

But now, Facebook is reportedly looking to ensure that GDPR only applies to European users next month, affecting 1.5 billion users in Australia, Africa, the Middle East and in Asia.

For Facebook, the move will limit its liability to the GDPR, which will issue massive fines for non-compliance. For the most serious of infringements, like using data without proper consent, fines can reach up to 4 percent of a company's annual income, or €20 million, whichever is higher.

New privacy controls and terms screens are being rolled out to EU users first before the rest of the world, where they can control what kind of data they share with Facebook, and if they want to allow facial recognition.

Facebook's new privacy controls and terms screens. Image: facebook

As part of the process, users will also sign an updated terms of service and data policy, which seemingly appears to be different for those in Europe, given GDPR.

"While the substance of our data policy is the same globally, people in the EU will see specific details relevant only to people who live there, like how to contact our Data Protection Officer under GDPR," reads Facebook's blog post.

So far, the new privacy and terms screens have faced criticism for burying important changes and using design tricks to ensure users would continue to give data to Facebook.

In a statement to Reuters, a Facebook spokesperson downplayed the changes to the terms of service, saying that "we apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland."

Mashable has contacted Facebook for further comment.

Correction: An earlier version of this article stated that GDPR fines reach up to 4 percent of a company's revenue, or a maximum of €20 million. It's whichever is higher.



