Home / Tech / News / How Facebook and other tech companies are complying with EU’s new privacy law

How Facebook and other tech companies are complying with EU’s new privacy law

The GDPR makes it mandatory for companies to notify users of the situation within 72 hours in case of data breach.
The GDPR makes it mandatory for companies to notify users of the situation within 72 hours in case of data breach. (AFP)

EU’s new privacy rules GDPR comes into effect on May 25. Here are the changes that top tech companies have made to their terms and conditions and privacy policies to comply with the new rules.

European Union's new General Data Protection Regulation (GDPR) law comes into effect on May 25. The privacy law entails new and stricter rules which will change the way companies collect and share user data online.

The GDPR will be effective for companies operating in the European Union, irrespective of having headquarters elsewhere.

New changes with the GDPR

Upon becoming aware of a data breach, the GDPR makes it mandatory for companies to notify users of the situation within 72 hours. Users will also have more control over their data by having the full authority to find out what kind of information is being collected and used.

Companies are also liable to let users download a copy of all their data being collected. Facebook, Google and Instagram have tools allowing users to download a soft copy of their data stored on these platforms.

There's 'Data Erasure' which allows users to have the company erase all personal data, including those that may be in store with third parties. Companies will also have to design their systems from the core to comply with GDPR by limiting the requirement of user data and only using what's important. The EU will also have companies report their data processing measures and activities to 'Data Protection Officers'.

More importantly, companies who fail to comply with the GDPR rules will be "fined up to 4% of their annual global turnover or €20 Million (whichever is greater)".

With the deadline only a few weeks away, major tech companies have been updating their privacy policies to comply with the new EU law. Here's a look at the new changes introduced so far.


Facebook recently announced new privacy policies for users in compliance with the GDPR. Facebook will ask users if they want to use data from partners to show them ads. Facebook users will also be asked for permission to share or use their political, religious and relationship information (if any) on the platform. Facial recognition on Facebook will be optional for all globally, but not for users below the age of 18 in the EU.

Facebook users in the EU will have more detailed and specific terms of service presented to them. In accordance to GDPR's law for teens aged between 13 and 15, Facebook has made some features available only with the permission from a parent or guardian.


Following Twitter's updated privacy changes, the company started showing a pop-up of the same when users open the app. Twitter is making sure users read its privacy policy along with an option to read a plain text version. Twitter has introduced direct links for users to check what data the company has, and decide whether they want to share it or not. Twitter is also making it easier for users to raise their privacy concerns.

For users in the EU, Twitter will guide them through their privacy settings and ask them to review it. Users will also get the option to modify their privacy settings or let it remain the same.


The live-video streaming platform updated its Privacy Policy and Terms of Service and consolidated them into Twitter's. For instance, the minimum age to use Periscope is now 16 years. The latest update focuses on the controls the platform gives you over your private data. It also has more clarity on how it shares your data to "prevent harm and comply with law".


WhatsApp's latest change in terms of the GDPR is raising the minimum age to use the app from 13 to 16, Reuters reported. The Facebook-owned company hasn't clarified though how it aims to successfully verify a user's age.

WhatsApp has also introduced a new tool to let users download the "limited" information it collects. WhatsApp messages are end-to-end encrypted. WhatsApp users can request for their account information to see what information is being collected by the company.


Instagram also followed suit by letting users download information collected on the app. Instagram hasn't announced that this move is specifically for the GDPR but it does come necessary. Your downloaded information on Instagram will be your profile, photos and videos, stories, direct messages, photo captions, likes, comments, and more. Instagram's data download tool will roll out to iOS and Android users soon.

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.