Facebook will comply with strict new European data privacy laws set to come into force in May, the company said on Wednesday, but it will also continue to serve targeted ads based on user data.

The social network will first roll out changes within Europe, and will later extend the same protections to all of its other users around the world, it said in a blog post.

Facebook’s latest move to tighten privacy follows a month of revelations about the company’s activities in years past, which have enabled the misuse of personal user data by third parties. As a result, the company updated its data policy and the company’s CEO Mark Zuckerberg issued an apology and testified in Congress about what he admitted were the company’s past failures.

But even without the recent data scandal, Facebook would have been obligated to make changes in accordance with a new European law that is sparking one of the biggest upheavals in online privacy since in the history of the internet.

The law, known as the General Data Protection Regulation (GDPR), comes into force on May 25 and will compel companies operating online in Europe to overhaul the way they treat people’s personal data. Those that do not comply with the law face huge fines.

“As soon as GDPR was finalized, we realized it was an opportunity to invest even more heavily in privacy,” said the company in a blog post on Wednesday. “We’ve also sought input from people outside Facebook with different perspectives on privacy, including people who use our services, regulators and government officials, privacy experts, and designers.”

Regulators, other online companies and the wider tech industry have been closely watching Facebook to see how the tech giant, which has long used personal data to target ads at users, would interpret the law.

Starting this week, Facebook users in Europe will start to see a pop-up asking them to make choices about their privacy and how the platform handles their data. Later the same options will also be presented to Facebook users globally. All users will also be asked to agree to Facebook’s updated terms of service and data policy.

Included in the choices will be the option to enable facial recognition, a feature that wasn’t previously available to Facebook users in the EU and Canada.

Facebook is also building in special protections for teenage users, such as limiting the personal information that advertisers can use to target them and getting rid of the default option for new posts to be set to public.

In some countries parental permission is required under GDPR to allow younger users to access certain features, which will mean some teenagers may see a restricted version of Facebook until their parents say otherwise.

Later this year, the company will introduce a new global online resource centre specifically for teens with information about their most common privacy questions.

Cambridge Analytica: Everything you need to know about Facebook’s data mining scandal.

Tech Enabled: CNET chronicles tech’s role in providing new kinds of accessibility.