Facebook CEO Mark Zuckerberg has said that new data privacy laws will only apply “in spirit” to more than three quarters of the company’s users.

Europe’s General Data Protection Regulation (GDPR) will force the social network to comply with strict rules about the privacy of its European users. But Mr Zuckerberg failed to commit to rolling out the protections globally.

“We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” Mr Zuckerberg said on Tuesday.

With only 17 per cent of its 2.2 billion users residing within Europe, the vast majority of Facebook's users will not benefit from the new rules.

Facebook has faced pressure in recent weeks to better protect its users’ data following revelations that the data analytics firm Cambridge Analytica harvested personal information from more than 50 million Facebook accounts in the build up to the 2016 US elections.

On Monday, New York City Comptroller Scott Stringer called for Mr Zuckerberg to resign from his role as chairman of Facebook, adding that data privacy issues represented “a risk to our democracy.”

The new data protection law – set to come into effect on May 25 – will give people more control over how companies store and use their personal data.

Privacy advocates argue that Facebook is doing only what is legally required of them and needs to do more to address issues relating to the Cambridge Analytica scandal.

“It would be missing some of the larger picture to interpret this as a completely voluntary, privacy-protective measure taken wholly in response to Cambridge Analytica,” Jamie Williams and Gennie Gebhart from the Electronic Frontier Foundation said in a blogpost on Tuesday.

“If Facebook wants to demonstrate that it cares beyond legal compliance, it needs to make far broader changes.”

Data is central to Facebook's advertising business, and it has not yet sketched out a satisfying plan for how it plans to comply, said Pivotal Research analyst Brian Wieser.

"I haven't heard any solutions from Facebook to get ahead of the problem yet," Wieser said.

Failure to comply with the law carries a maximum penalty of up to 4 percent of annual revenue.

It should not be difficult for companies to extend EU practices and policies elsewhere because they already have systems in place, said Nicole Ozer, director of technology and civil liberties at the American Civil Liberties Union of California.

Companies' promises are less reassuring than laws, she said: "If user privacy is going to be properly protected, the law has to require it."

Additional reporting by agencies

Reuse content