The GDPR (general data protection regulation) was introduced by the EU parliament in April 2016 after four years of preparation. The regulation replaces its predecessor – the Data Protection Directive – in the hope that it can coordinate data privacy all over Europe. The fundamental aim of the GDPR is to protect EU citizens from data breaches by controlling private data processing across the EU. Thus, the new regulation forces firms to rethink the way in which they approach data privacy. Failure to comply with the GDPR can lead to a fine of up to 4% of global annual turnover.

Facebook have recently received much scrutiny due to the fact that they are refusing to promise a GDPR-style privacy for US users. Facebook have already implemented changes to the way in which they handle data – following the Cambridge Analytica files – but Mark Zuckerberg has refused to commit to the GDPR becoming the criterion for social media platforms worldwide. It seems, from his comments, that American users will be presented with weaker data regulations in comparison to European users. Certain sources seem to agree with this view, whereas others seem to suggest that Zuckerberg shall GDPR privacy standards everywhere. Only time will tell whether or not Zuckerberg is implementing GDPR privacy controls worldwide. Until then we must wait.