Facebook won't extend European data privacy protections around the world

As internet companies get ready for a stringent new European data privacy law to begin, Facebook says it won't apply those regulations globally — for now, at least.

The revelation comes from CEO Mark Zuckerberg, who told Reuters that Facebook already complies with many parts of the law that will come into effect in May.

Zuckerberg intends to expand privacy protections around the world at some point, but there would be some exceptions which he did not go into detail about.

"We're still nailing down details on this, but it should directionally be, in spirit, the whole thing," he told the wire service.

Passed in 2016, the General Data Protection Regulation (GDPR) is the biggest change to privacy in the European Union in 20 years, and is affecting how non-EU businesses deal with the user data of Europeans.

When the GDPR comes into effect, tech companies will be forced to ensure that users are notified when personal data is breached. It also empowers users to ask companies what personal data it holds about them, how it's being used, and allows that data to be deleted if requested.

Companies face massive fines if they don't comply. These can be as high as 4 percent of a company's annual global turnover or €20 million (US$24.5 million), depending on which is greater.

Zuckerberg's comments come as Facebook still reels from the Cambridge Analytica scandal, in which the personal information of 50 million users was harvested without their knowledge.

Nicole Ozer, director of technology and civil liberties at the American Civil Liberties Union of California, told the wire service it shouldn't be difficult to extend those protections globally.

Still, the GDPR is a harder implementation for Facebook, as its targeted ads rely on data that's been taken from user profiles, compared to say Google which uses anonymized search results to serve ads.