Facebook recently announced new privacy protection features in accordance with the European Union’s General Data Protection Regulation (GDPR) for users worldwide. Along with new rules, the company also announced enhanced privacy features for teenagers and made some changes on the platform in terms of reviewing what data is shared.

While the company promised that the new features would be extended to all users worldwide, an exclusive report from Reuters reveals that the company is making changes to keep the new features away from users outside of the EU.

Nearly all of Facebook’s users outside the US and Canada have agreed to terms and conditions set by the company’s Irish subsidiary. However, Facebook plans to move these users to US servers to limit its potential exposure to GDPR’s fines.

Despite promises of making GDPR controls available to all users, Facebook is allegedly doing the exact opposite, leaving users more vulnerable to less-stringent privacy laws outside Europe. The report further states:

“The previously unreported move, which Facebook confirmed to Reuters on Tuesday, show the world’s largest online social network is keen to reduce its exposure to GDPR, which allows European regulators to fine companies for collecting or using personal data without users’ consent. That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook’s case could mean billions of dollars.”

Facebook is currently under scrutiny from regulators and lawmakers all around the world, due to the recent Cambridge Analytica scandal. But the move could potentially save the company billions of dollars in fines from GDPR violation.

If Facebook does not move its users to US servers, it risks being fined for a lot more than the 440 million users that are in EU. With nearly 1.5 billion users out of GDPR’s reach, privacy violations would not attract the same penalties. Simply put, 1.5 billion affected users – who don’t reside in the EU or use EU-based Facebook servers – will not be able to file complaints under the GDPR law. “Instead they will be governed by more lenient US privacy laws,” Reuters reports.

It’s worth noting that other multinational companies are also planning similar changes to their policies. The report highlights Microsoft-owned LinkedIn, a social media platform for professionals, which is implementing new terms of service that will effectively move non-European users to contracts with US-based LinkedIn Corp. On the contrary, in its current terms of service, all non-European users have a contract with LinkedIn Ireland.