Cool. So, how does this impact consumers that never used Facebook, but that have shadow profiles for social network inference and ad tracking?
Presumably, since Facebook has no way to contact those people, they will just shut down the no-logged-in-but-tracked half of their business in Europe?
(If you don't know what I mean by shadow profile: When you first create a Facebook account, it helpfully produces a prepopulated list of your friends, and links in a pile of consumer tracking data before the onboarding flow is done.)
It doesn't impact those consumers, but that wasn't what this action by the EU was trying to stop. It looks like this suit as all about users of Facebook and Instagram being forced to agree to tracking to use the service.
To be more specific: this ruling confirms that tracking users with only implied consent is illegal. What Facebook tried to do here is to make user tracking an integral part of their service by putting it in their TOS. The GDPR is quite clear that such tracking can never be a legitimate business interest and therefore a) users must agree to it explicitly, b) consent for tracking may be withdrawn at any time, and c) withdrawal of consent may not be tied to the rest of the service offering (i.e. a business may not refuse service if users decline to be tracked).
Even if you dont't use Facebook at all, you can still be tracked by Facebook as lots of website you visit may contain trackers from it.
So the plain fact is you get tracked by Facebook even if you are not a Facebook user. The info collected by those trackers might not be enough to identify you, but still good enough to feed tailored ads to you.
As a reminder, this is just the tip of the iceberg :
The US has since 2001 built a techno-legal spying system that the Stasi would have been proud of (relying a lot on US companies, especially the GAFAMs), and worse, (ab)used it on non-US people, specifically people located in EUrope (especially as revealed by the Snowden scandal in 2013).
Since this violates the EU Charter of Fundamental Rights, in 2015 the Court of Justice of the European Union has effectively declared US companies to be illegal in EUrope : https://en.wikipedia.org/wiki/Max_Schrems#Schrems_I
(Technically speaking, that's not strictly the case, but good luck having a business when you can't have access to your EU customer's personal data, which, depending on the context, includes things as basic as their IP address - and the context might change as your business evolves...)
There have been attempts since 2015 between the US and the EU to try to find an agreement, but so far nothing has stuck, and it's hard to see how it can (unless the EU just chooses "denial" at some point), since, again, it's the whole US techno-legal spying system being in violation of EU fundamental rights that we're talking about.
No idea why this is being downvoted. It's high time there were consequences for the USA's global warrantless surveillance. Every single country should do what Europe is doing.
my first reaction was that people might be unaware of the CloudAct, or the FVYE arrangement (AABill) that forces Austrialians working in any Tech company to stay silent if their government forces them to hide a backdoor in code (likely on behalf of yank big brother).
but then anyone who today defends Snowden is called a "tankie" and friend of the Russian invasion of UA.
The truth is probably that Snowden today is ignored in the infosec community because we no longer remember that he embarrassed the worlds biggest industrial complex by sharing audi footage of obese American drone pilots laughing at brown civilians getting murdered from the safety of their air conditioned containers in Utah.
Any of this is brushed aside as "whataboutsim", because in times of a manufactured external threat any country and its people move closer together thanks to propaganda. And let's not forget Americans are the most propagandized population in the world.
Absolutely free Ukraine ... but let's not forget Europe is not at all sharing the ultra-capitalist values of ding-dong, mad-as-a-hatter America.
Not to minimize the horrible fratricidal war in Ukraine since the Russian invasion in 2014,
while Russia (and China) are worse in theory, they don't present nearly the same "insider" threat to the EU as the US does with the GAFAMs.
... though China has been catching up fast : TikTok, their (not so) low end smartphones flooding the market, Huawei basically owning EU's telecom infrastructure (with a bit of US' Cisco)... :
It sounds fairly accurate to me. This is what killed the US-EU Privacy Shield program, twice. That was the government's attempt at creating a way for US companies like Facebook to legally process data of EU citizens under GDPR. It's been struck down by the EU courts, due to our federal government's spy powers and the CLOUD Act, that invalidate any claims US companies make about protecting personal data in their possession.
I could see this reaction if my focus had been on US citizens - which last I checked, still have some protections, and the NSA still reports, albeit quite indirectly to them, in a still somewhat democratic system.
But my focus is specifically on non-US citizens, worse, on those of supposedly "allied" nations (some of which have since then built similar systems of their own, but the same caveat applies, and their reach is still not comparable to that of GAFAM/NSA).
Can you see how it becomes a HUGE betrayal of trust after all the post-cold war promises of a "global village" (which was always a bit naive, but at least we seemed to have started to build one in the West) ?
Yeah, it really cheapens the effort the US has put in their surveillance network to compare it with the chumps at Stasi writing some stuff down on paper...
In terms of quantities of data collected this likely undersells US efforts. In terms of nefarious use it perhaps oversells the issue… at least so far. But calling it a conspiracy is disingenuous when the potential is clearly there, and OP's comparison was clearly about the quantity of data collected.
Here's a really good interview with one of the former technical directors of NSA, Bill Binney, who resigned just after 9/11. He disagrees. Conspiracy theory? Hah.
Lets do the actual comparison , shall we? Which metric would you like, amount of information stored, people spied on, which are not accused of any wrongdoing, speed of retrieval, operational efficiency? In every comparison US intel wins hands down.
The comparison is a little unfair to the stasi, they did not have modern computers. .
But only US could place a microphone in every household and make people pay for it. Stasi wouldn't think of this.
If you are convinced it's incomparable, present some metric we can measure where US sysyem looses.
The Stasi would be very proud of themselves if they constructed something on the scale of what the USIC has managed. I’m honestly a little surprised anyone would quibble with that point.
Completely? Of course not. On the grounds mentioned above? Yes, of course.
Stating comparisons isn't hyperbole just because you don't like the comparison. Neither is it a conspiracy theory. Five eyes shitfuckery is extremely well documented.
If only! The US has been obtaining intelligence information on private citizens globally without cause for decades, and this is well-known. It does this to Americans, Europeans, and pretty much everyone else.
When it makes sense to collect that data through its own signals intelligence, it does that. But Constitutional and diplomatic concerns often prevent it from taking such a direct approach. So it relies on private companies like Facebook or Google to harvest this information for them, and then relies on a variety of means to obtain it from there. One really obvious one is when it goes and buys that data -- for instance, while it would not be lawful for the police to directly track your location without a warrant, it is presently lawful for the government to buy location data from cellular providers in bulk, and it does so routinely. Similarly, it was happy to obtain information from phone companies to allow it to supervise the communications of pretty much everyone, without a warrant or individualized suspicion of any kind.
If companies like Google or Facebook don't want to sell the government what it wants, then it often simply compels them using the legal system, or quasi-legal processes that do not actually require judicial oversight, like national security letters that bypass anything resembling ordinary due process. This allows the government to greatly expand the already considerable reach of what is permitted under law, because even when these letters request data that the government has no right to, the strict non-disclosure provisions make it extremely difficult to fight. (For years, you weren't even allowed to disclose that you received an NSL to your attorney!)
And when it can't get what it wants by those means, it will use more aggressive tactics like secretly tapping communication links (as we know that they did to Google's fiber links between datacenters).
Encryption presents a threat to those methods. E2EE would mean that the government can neither purchase nor intercept the data, so at any given time there is always some effort underway to deter, sabotage or outright ban the adoption of meaningful encryption. This happens through legal means (by attempting to use the courts to compel manufacturers to break their own security, as the FBI attempted with Apple), quasi-legal means (such as laws like FOSTA/SESTA and attempted laws like EARN IT that don't directly outlaw privacy, but add so much liability that companies must undermine it themselves), technical means (as with the various key escrow proposals floated over the years), or outright lies and deceit (see: Dual_EC_DRBG).
The explicit, publicly-acknowledged motive in doing all of this is ensuring state security -- in the end, the same motive as the Stasi. Of course, the Stasi never had the sheer scale of information that the US Intelligence Community has access to. When GP says that the Stasi would be jealous of what the US has built here, that is clearly not hyperbole! Unsurprisingly, the EU is no longer thrilled to give unrestricted access to private spy agencies to operate against its citizens anymore. Again, none of that is hyperbole. It is actual, literal fact.
So, this is a "conspiracy theory" only insofar as gravity is a theory -- well-supported by a tall and unambiguous mountain of evidence, and is actually quite relevant as to why the EU does not want private spy agencies like Facebook compiling dossiers on their citizens anymore.
To recap: a law was put in place 5 years ago that said if you get consent you can basically use data in any way, with some very vague and general language about how consent can be gathered and what it means.
Meanwhile, Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law.
Then, some random guy says he doesn't think Facebook's interpretation is right, a court agrees, and all of those billions of dollars have gone to waste.
So absurdly inefficient. No regulator has had the idea of just going to Facebook, having a real conversation about what they're doing, then talked about it with ethics professionals and researchers and tried to draft a forward-looking law that will make the whole system better? No; we prefer to thrive by ignoring problems for a long time then smashing them with a hammer.
>Then, some random guy says he doesn't think Facebook's interpretation is right, a court agrees, and all of those billions of dollars have gone to waste.
so when you say a crazy way of making laws, you mean the way that laws basically get made?
>No regulator has had the idea of just going to Facebook,
pretty sure there was all sorts of conversations with Facebook and others over at least 5 years where it was quite clear people wanted to fix privacy issues and it was also clear that it was in Facebook's financial interest that it not get fixed.
>tried to draft a forward-looking law that will make the whole system better?
Facebook doesn't want the system better, Facebook wants the system to benefit them. At some point these things are incompatible. No body has gone to a bank robber and tried to discuss with them how to best draft the laws on how to stop the robbing of banks, because of an intuitive understanding that it is not the bank robber's intention to help stop the robbing of banks.
So when the law gets made to stop the robbing of banks, the bank robber than goes ahead and breaks it.
Or in the case of Facebook they say we are obeying the law! But still try to do what the law wants them not to do.
But I think this is the core of our disagreement here
>according to their fair reading of that law
I would say according to their desire to get around that law.
> No body has gone to a bank robber and tried to discuss with them how to best draft the laws on how to stop the robbing of banks, because of an intuitive understanding that it is not the bank robber's intention to help stop the robbing of banks.
It seems reasonable to survey or research bank robbers with intention of making their further attempts as miserable as possible and as unattractive as possible.
In the same way I expect that any good privacy related regulation will be analysing and researching what FB/Google/etc is doing and designing policy to outlaw their undesirable data gathering.
> so when you say a crazy way of making laws, you mean the way that laws basically get made?
I think what's being characterized as crazy is that the laws as written are at best vague. It takes years to find out what they actually mean in implementable detail. This makes it very difficult to comply.
Have you read through GDPR? I have. It talks a lot about "reasonable measures" and includes vast swaths of other laws while being very light on details. Compare to, for example, electrical codes. Those tend to be quite specific and clear with sharply limited room for interpretation.
With this in mind, I can see why someone might regard this as an insane way to create laws.
Reasonable is a common term in laws, see for example the "reasonable person test" which is widespread in US civil law. Laws are not written like electrical codes in the most part because such specific laws either explicitly enumerate what is permissible (which is more ok for something like "acceptable methods of wiring a house" than "acceptable uses of data") or are rendered obsolete by the first thing the law writers didn't foresee ("Oh, the law bans tracking with cookies? Well we just have a server side database for UA+IP address combinations, so we don't need to comply" - in fact the first EU attempt at privacy law arguably failed for this reason)
It is, but generally reasonableness comes with useful legal context to help you understand what it means.
In the context of GDPR? I was left guessing what a regulator in Brussels might consider reasonable when their path to career advancement might run through my employer. Coupled with being uncertain what various national regulators (or empowered industry bodies) might add in, as they were allowed to do so until quite literally the last second. It left a person with no good way of judging what might be considered reasonable, only nervous paranoia.
It was a distinctly unpleasant experience and one I was left thinking was both anticipated and avoidable.
Don't we have to use broad terms to avoid abuse of edge cases?
Should we have avoided writing a constitution because "freedom of speech" is extremely vague?
GDPR is a radical step forward considering how poor the situation was. We're talking about a fundamental right to privacy. It was absolutely expected that it would shake some businesses, that's why it was announced years before implementation. Also, the courts don't come suddenly stab companies in the back out of nowhere. There was and there is a lot of pedagogy around it and usually the cases escalates gradually with warnings. The ones getting fines are clearly the ones who are still trying to do it the old way.
> It is really not hard at all to comply with GDPR. Don't collect private informations you don't need, and don't share them.
The problem is, not all personal data corresponds to the intuitive notion of "private informations". For instance, I, as a U.S. citizen, would be violating the GDPR if I operated a dumb HTTP server that stores request logs indefinitely and does no other processing, such as "python3 -m http.server". (IP addresses are personal data, and U.S. authorities can make me turn over my logs; thus, I cannot store the logs for however long I want.)
Can you define "private informations" and "need" in unambiguous ways, please? In my experience it's shockingly hard to do so once you get beyond the basics.
Even when you have clear legal obligations to collect a bunch of private data, you still have to figure what reasonable measures to protect it are. What's a reasonable measure when you're obligated to keep seven years of financial records about your customers in a way that lets you produce ready reports for regulators? Complete with mandatory personal identifiers for tax purposes?
I’m not sure what you mean with your second point. A legal need to collect and process personal data is a valid GDPR basis. You don’t need to get consent there.
You don't, but obligations under GDPR include taking "reasonable measures" to protect the private information you're obligated to collect. The point I was making is that this underscores is how difficult it is to define "reasonable measures" because not collecting private information is not always an option.
GDPR is not just about being obligated to ask for consent. Its requirements go a great deal further. Probably. Maybe. Depending on what someone unknown with an unknown background considers reasonable based on unknown factors.
I'm sure that will be easy to write requirements around. Right?
It sounds like the recent decisions are making the laws less vague are they not? Shouldn’t that make everyone happy (other than those who are invested in other legal realities)?
> No regulator has had the idea of just going to Facebook, having a real conversation about what they're doing, then talked about it with ethics professionals and researchers and tried to draft a forward-looking law that will make the whole system better?
This would never work because Facebook is uninterested in making "the whole system better". Their entire goal is to make money off of user data, and they have zero incentive to work with governments that threaten that goal.
My understanding is that they did this. It just happens that they are basically outlawing large parts of FB business model.
This appears to be deliberate and I am happy about it.
Any internet-related law actually increasing privacy and harming tracking/spying/personal data gathering was going to harm FB. If it would not, then it would mean that it is toothless and useless.
on the contrary, I think facebook and google have a huge incentive to work with different governing bodies to define what data is ok to collect and build identifiers around, and what is not. There is no way facebook would just throw up it's hands and say "we have no incentive to find a way to advertise to a population of 750 million people."
> There is no way facebook would just throw up it's hands and say "we have no incentive to find a way to advertise to a population of 750 million people."
And yet, this is exactly what they do repeatedly [1] [2] [3].
I would suggest reading some of the sources of those stories instead of just the headlines ^^
(Spoilers: the reality of the “threatens to leave Europe” headline is a much less click-baity “lists ‘leaving Europe’ as one of many possible paths to take, but one they would prefer to avoid”)
> one of many possible paths to take, but one they would prefer to avoid
This seem to be exactly the sentence one would use to respectfully threaten someone else (try it with a different theme, it might be clearer: "we are exploring all possible solutions to the conflict, going nuclear is just one of the way but one we would prefer to avoid")
Yes - especially if they can do this in a way that still makes them money but is expensive and burdensome to comply with. That would keep them in the game but seal the market off to potential competitors.
I mean, the parent comment have a pretty compelling case to the contrary:
> Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law.
It's valid to say "Facebook isn't the one who should be expected to have citizens' best interests at heart", but the incentives of regulators and Facebook are absolutely aligned in that both are looking for a law that will be followed.
If you have a complaint against you under GDPR the first thing that happens is the authority in question contacts you and suggests how you could clear up the problem. It is only through refusing to comply that you get fined
> Meanwhile, Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law.
So often in the last 20 years I’ve seen companies (and particularly US tech companies, but it’s not exclusive to them) deliberately read more charitable interpretation of the law, knowing they'll make millions over and above any fines they might receive.
It’s so common place that there is even a saying for it:
“ask for forgiveness not permission”
So I have a hard time believing that Facebook, with their army of lawyers and millions earned from data collection, are the victims here.
It's definitely hard to say that big corporations are victims, but I know that I personally find lots of bog standard legalese hard to interpret. Granted, lawyers have a lot more experience there, and more employed gives lots more perspective.
At the end of the day, they are still human, and laws and regulations are still written by humans, meaning that it can often be hard to suss out intent from the letter of the law.
The harder the better. Corporations should think thrice before collecting even one bit of information on anyone. They should be scrambling to forget everything they know about us the second we're done dealing with them. Storing data about people should actively cost them money. Keep adding difficulty and liability until they stop this surveillance capitalism nonsense.
Just so I understand your viewpoint, you're saying that the harder it is to understand/comply with the law, the better?
If your goal is to prevent data collection, why wouldn't it be better to just draft a law that says "It's illegal to collect data" with super clear rules and enforcement criteria?
Indeed. We should know what the law is, without first hiring a team of lawyers. There's a trend to make laws that are harder and harder for ordinary people to understand.
Partly that's a result of having to cut out exceptions and loopholes for lobbyists and donors; but I suspect it's largely because lawmakers are increasingly trained, practising lawyers. If the language you speak is legalese, I guess that's the language you use to write laws.
People who make laws can't see the future, it's a constant race to curb corporate behavior that is deemed unacceptable and the laws evolve as new loopholes are found and exploited. Corporations know this and take it into account when making a cost/benefit calculation. A while ago Facebook was threatening to pull out of the EU. When nobody cared they ponied up the tech required to stay. They will this time as well.
People who make laws can see the future (yeah, sometimes they don't), it's the people that do not understand them and protest, because they do not see the immediate benefit for themselves, so the laws have to be changed to accomodate the snowflakes of the World.
Making laws is about govern, not about futurism.
A compromise has to be found every time a new law is proposed to be approved.
See for example the ban on ICE engines, one side wanted it NOW the other side wanted it NEVER, truth is a good compromise was to accelerate as much as possible for some heavy user (Amazon alone, for example, is responsible for more than 20% of the global deliveries) and make some exception (5 years tops) for supercar luxury brands like Ferrari or Lamborghini, that sell a few thousands cars/ year.
But things being as they are, people complained about Ferrari asking for an extension (for themselves and other luxury brands) but at the same time against the ban in general because everyone owns a car.
The real problem is that people put in charge of making laws other people like them, not people better than them.
It's a vicious circle.
EDIT: the HN paradox: everyone knows what's bad, everyone has a very important job, but apparently things never improve because "politics".
Maybe things are harder than what they look at first sight, from outside, and it's not about "people not seeing the future", but about the fact that the more a society is rich and established, the more changes are hard and people oppose to them.
See for example how hard it is to convince American people that socialism is not a crime and USA could survive free health care paid by everyone's taxes.
Does it mean that Americans are stupid and can't open Wikipedia and do a simple research, that they can't see the truth in front of their eyes, or that they are simply afraid of change, because the system works for a large part of the population, the same part of the population that basically runs the country and decides who gets elected?
On the contrary, it’s actually quite refreshing to see law that patches a loophole which was being exploited by a data mining company to enrich itself.
As a matter of process, this isn’t a new law. It’s the same law that was in place in 2018 when the first complaint was filed. The courts have only just decided what it means for this specific scenario. They decided you can’t rely on contractual necessity to excuse not presenting the user with a choice about whether to be tracked, just because Facebook’s business is tracking. Up until now Facebook had operated assuming they could.
The main fault of the process is that it took 4.5 years. That’s 4.5 years of illegal revenue. Speed is justice. We all know this. It would have been preferable for the law to have been so clear that it didn’t take that long to argue. I forget the exact wording but I think it was pretty clear, and they just managed to draw it out long enough to turn more profit in the meantime. Possibly not so much a problem with lawmaking as with the litigation.
>No; we prefer to thrive by ignoring problems for a long time then smashing them with a hammer.
and here I was thinking that breaking things and disruption is what Facebook in particular was super into. Sucks if it happens to you I guess. Laws and regulations aren't made by meeting Facebook representatives and then asking them what's convenient. Okay Facebook has invested billions of dollars, luckily they've also made billions of dollars. How much do you think traditional journalism, including all the positive externalities it entails has suffered from Facebook? They didn't seem to care, it's a legacy industry if I remember correctly.
Car manufacturers all over the world have invested probably a hundred times as much in the combustion engine and the traditional car, it's going away as well. Like are we going to reimburse and invite everyone who has made anything we've decided we don't want any more?
Facebook has many legal experts. They have surely consulted with them, before investing their billions... For them it is more profitable to "not comply and be caught" than to exit the business... Now they got caught and they will fight until the end - because they have many more billions to spend... Any business in any country is making a risk, that laws will change...
> Meanwhile, Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law.
I think the crux is that they instead implemented a system according to their most favourable reading of that law.
They took a calculated risk, it backfired a little bit (albeit after 5 years of using it to their advantage), and now they need to approach things differently.
> just going to Facebook, having a real conversation about what they're doing, then talked about it with ethics professionals and researchers and tried to draft a forward-looking law that will make the whole system better
This is called regulatory uncertainty and there is a long history to it. Its also part of why you want a stable polity that listens to the people it rules, why you want lobbying to be legal (but not bribery), and why you should be careful about building businesses in areas that have regulatory uncertainty.
In terms of society, regulatory uncertainty better than no regulation, hands down, and is a spectrum whether the risk is too high to engage in the market profitably.
> Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law
This is utter bullshit. They have tried to twist and bend the rules and tried to use an exception that doesn't apply to them at all. Everybody knew that Facebook went against the spirit of the law.
Somehow they got the Irish authority to go along with their idiotic interpretation of the law, but that doesn't mean they were working "according to a fair reading of the law", it just means that the Irish authority failed to do their job.
If Facebook had gone with a conservative reading of the law, like many other companies have, they would have added consent prompts 5 years ago, and they wouldn't have a problem today.
I would suggest you spend some time reading the GDPR. It's surprisingly approachable. The parts about consent really aren't that hard to understand at all, and it's clear what the intention of the exceptions were (eg. a pizza delivery service obviously does not need to ask for consent to share the customer address with a delivery driver for the purpose of delivering the pizza, but they do need to ask for consent if they want to add the address to a direct mailing directory).
It's unfortunate that it took the EU 5 years to do something about this obvious violation, but the problem is not the law itself.
What? No. This legal response is perfectly reasonable in light of the facts.
"Having a real conversation" is clearly not how Facebook intends to operate. It has never been particularly open or forthcoming about how it handles data.
> To recap: a law was put in place 5 years ago that said if you get consent you can basically use data in any way, with some very vague and general language about how consent can be gathered and what it means.
The "vague and general language":
Article 7, paragraph 4:
> When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
> Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation. 2In particular in the context of a written declaration on another matter, safeguards should ensure that the data subject is aware of the fact that and the extent to which consent is given. 3In accordance with Council Directive 93/13/EEC¹ a declaration of consent pre-formulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms. 4For consent to be informed, the data subject should be aware at least of the identity of the controller and the purposes of the processing for which the personal data are intended. 5Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.
Facebook didn't like the business impact of complying so has spent years grasping at loopholes that don't exist in a law which is remarkably clear for legalese (especially EU legalese). The fault for that lies with Facebook, not the law making process.
I am not a lawyer, a GDPR implementation specialist, or even a GDPR enthusiast and I knew this.
Specifically, my understanding has always been that a company cannot demand consent to data storage and processing in exchange for providing a service except where the data is actually necessary to provide the service. It certainly isn't necessary to track what users do on other websites in order to provide Facebook's core product. It isn't even necessary to do that to provide ads targeted to a Facebook user's interests because people who use Facebook normally provide significant information about their interests through normal use of Facebook.
There is no way that Facebook wasn't aware courts were likely to understand the law that way.
> Then, some random guy says he doesn't think Facebook's interpretation is right
This is not "some random guy". It's noyb and they're doing an important job. They not just "saying this and that" but do try to get the actual laws enforced which is what they did here. You can learn more about them here: https://noyb.eu/en/our-detailed-concept
> To recap: a law was put in place 5 years ago that said if you get consent you can basically use data in any way, with some very vague and general language about how consent can be gathered and what it means.
What?
Article 7 par 4. GDPR [1], "Conditions for consent": When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. (emphasis mine)
Personalizing ads is not necessary for providing the service, hence the forced consent is not given freely.
To anyone involved with the GDPR back then, this was as clear as the day.
Also, Article 7 par 3. clearly states that even if consent were given freely, the "data subject shall have the right to withdraw his or her consent at any time", and "[p]rior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.", which was clearly not on the table with Facebook.
> No regulator has had the idea of just going to Facebook, having a real conversation about what they're doing, then talked about it with ethics professionals and researchers and tried to draft a forward-looking law that will make the whole system better?
Many would argue that that's what happened, Facebook choose to bet a few billions on trying to get around it by trying to argue loopholes into the interpretation and is now getting told to knock that off a bit more forcefully.
How about not rolling with ones own interpretation of the law, which coincidentally is very convenient for oneself?
I mean, if they do not actually know for sure how a specific law is to be interpreted then better err on the side of caution, instead of becoming a criminal, violating the rights of many millions of people. Better take precautions in case ones convenient interpretation turns out to be BS. I am sure they made their business viable without all those violations of the law. They can just flip a switch now, and stop doing the bad thing, that they now know for sure is illegal :)
But hey, that is just what I personally would consider an ethical approach, ha! Maybe not caring about the law and just continuing to ignore people's rights, being as invasive as possible to people's privacy, for as long as it is financially viable is the more ethical choice ...
> To recap: a law was put in place 5 years ago that said if you get consent you can basically use data in any way, with some very vague and general language about how consent can be gathered and what it means.
The article makes it seem pretty straightforward:
> Meta explained that its updated terms rely on the GDPR concept of "contractual necessity". The GDPR mostly prohibits companies from forcing users to turn over personal information to use their services. The only exception is when that information is necessary to execute a contract: For instance, a car sharing app needs to know your location so that it can show cars near you.
For a car sharing app, it is necessary for them to get your location for the service to work. In Facebook's case, personalized ads are not necessary for Facebook to work. Since it isn't necessary, Facebook needs to get express permission to use personal information for ads.
Facebook took an overly optimistic view of the law expecting regulatory capture to allow them to skirt the rules. It didn't work, so their investment was a poor one. Regulators didn't force Facebook to make a poor investment.
Also, Facebook can decide to pay the users it tracks in Europe. Maybe the investment has poor returns, but the money hasn't entirely gone to waste yet.
There's a very strong assumption that Facebook are operating in good faith.
The article suggests you need actice consent, which is what a basic reading of gdpr rules would mean. I don't know why hiding it in the terms and conditions would possible be conpatible.
And to think, neither of these interpretations has anything to do with respecting my privacy, in a way that I think is fit!
I should be able to choose complete privacy.
Anything less, regardless of what corporations or government agencies say or agree, is illegitimate. And it shows that the governance agencies are illegitimate too.
It shouldn't be that it is assumed I am a criminal and that as crimes occur online, my data should be collected. Not should it be assumed that my data should be monetisable by intermediaries.
I get the feeling that you can bypass laws in the US based on technicalities and loopholes. In the EU, it’s the intent of the laws that matters, not how the words are written first degree. And the intent is pretty fucking clear: don’t mess with EU citizens private data. I can’t wait for Facebook to die and will never care that they spent billions trying to bypass EU laws for nothing.
A pessimistic take: Europe isn’t capable of producing that many good tech companies[1]. Thus the goal of these fines is to raise money by fining foreign companies. Under that lense, the system functions perfectly as it was designed.
[1]source: a list of the largest tech companies sorted by market cap.
GDPR requires consent for a specified usage of people's data. If you want to send people emails, then you need emailing consent. If you want to use people's data to target advertising, then you need to ask them for that consent.
I'm doubtful that Facebook have been using a fair interpretation of the laws as that doesn't seem to be the way they operate. I'm also doubtful that users can easily revoke consent which is another requirement under GDPR.
Indeed, the law is only confusing if what you're trying to understand from it is "How do I track my users for my own revenue model, who would not agree to be tracked if it was as easy to decline and they understood the options?" and don't want to accept the answer is "You don't"
If their "fair reading" of that law is about as accurate as the characterization in your post, it's no wonder they lose court case after court case about it.
No. Never have been. Nor do I work in ad tech. I'm an attorney who interprets laws, including gdpr, for a tech company that does not engage in targeted advertising.
No court has decided over this. It's the decision of a regulator, so Meta will most likely appeal to a court, and then we will know what the law allows or not.
On the contrary, these laws are proving to be very efficient at stopping Facebook's abusive surveillance. The Facebook problem should be smashed. Hopefully Gooogle and the other Big Techs are next in line.
All they have to do is stop collecting people's personal information, all their problems would go away. People don't want their surveillance capitalism abuse anymore. No one is interested in watching Facebook "discuss" the matter with regulators in order to massage it into a "compliant" form. We want Facebook's unconditional surrender on the matter, cease and desist all surveillance activities. We don't care how much money it will cost them, what they are doing is simply not acceptable and it has to stop.
I'm impressed both by your outrage at requiring free, informed consent for tracking and personalized ads as well as this change resulting in "all of those billions [going to waste]".
To me it means one of two possibilities:
1. Facebook is incompetent, not only did it spend billions developing lackluster practices that don't fit the spirit of the GDPR but that money also instantly disappears because they are apparently incapable of adding a prompt for tracking consent and evolving with the regulatory landscape like every other company on earth.
or
2. Facebook relies on its relationship with its users being non-consensual.
<<2. Facebook relies on its relationship with its users being non-consensual.
Well, I am not certain FB tells users exactly the extent to which their online persona is being profiled. We have relatively vague lawyer talk for 'more targeted ads', but it does not tell you that FB identifies as a prime target for ads that would feature, say, a suffering animal. For the record, I am making it up, but inferences taken from massive amounts of posts people make daily make it highly unlikely that a detailed and thorough psychological profile that would normally require years of visiting an actual psychiatrist are now very much a possibility.
And the only official indication of this we have comes from various FB court cases, but those being 1000s of pages of useful information is not an average person will go through, let alone understand. I forgot which company tried to shed some light on it with ads that used that info indicating to ad viewing person that "you are an X who likes Y". They got shot down fast.
I guess my point is.. it may be consensual in the sense that user agreed, but did the user truly understood what he/she agreed to, is something I would argue against.
> Facebook relies on its relationship with its users being non-consensual.
Its very existence depends on it. Facebook is a company that builds shadow profiles of people who never joined the social network, never agreed to the terms of service and not even once consented to anything.
There's no problem with advertising, the issue is with companies misusing people's data. If a company wants to use targetted advertising then they just have to openly ask for consent to do so, but tying it up with the terms and conditions to use the site is hardly asking for consent.
I didn't say it was. However, defining what is tracking and what is not is also an issue.
Let's say facebook runs an ad on its platform to my website with a url of site.com/fbad. Then I can see how many people clicked on the ad on facebook and how many people converted on that webpage. There are people on this site who will tell you, and FULLY believe that that is TOO much tracking and is morally wrong.
Incrementing a counter is not tracking. I don’t know where you’d find someone saying otherwise. However, keeping records associating the fact that something was clicked with personal identifying information, such as an IP address or a unique identifier, is tracking, and you need to ask for consent. What is and is not acceptable use of data related to a person is defined in the regulation.
> If the EU just wants to fully outright ban advertising
Come on, don’t be obtuse. The problem is not advertising, the problem is tracking and using user data without consent. The fact that they do that for advertising is irrelevant. They would have the same issue if they were doing it for any other reason.
> set a standard and stick to it
That’s what they did. It’s called the GDPR. One can argue that enforcement was insufficient, but the standard has not changed.
Unless you're actively trying to skirt the edge (in which case you shouldn't act surprised if you find yourself on the wrong side of it), it's pretty clear.
Facebook wasn't trying to get consent through the fine print (that would be very obviously illegal). https://edpb.europa.eu/news/news/2022/edpb-adopts-art-65-dis... says that the decision "settles ... the question of whether or not the processing of personal data for the performance of a contract is a suitable legal basis for behavioural advertising".
Under GDPR, you need to have a valid legal basis for any data processing. This can be a) consent (which Facebook was not getting, nor claiming to get), b) doing only what's necessary for the performance of a contract, (some other things), and f) legitimate interests.
Consent is the easiest: When you get it (properly), as you said, you can basically use data in any way. But getting consent properly means actually getting consent, not tricking, annoying or forcing the user into saying yes when they don't want to. Ad platforms tend to either try to claim consent without actually getting it in a valid way (because, surprise, most people don't want this), or they reach for the other justifications.
I suspect Facebook has realized this because otherwise they would have claimed Legitimate Interest. Instead, they claimed that processing the personal data is "necessary for the performance of a contract". That is obvious bullshit, and the EDPB has now explicitly confirmed this.
So I would recap it differently:
- A law was put in place 5 years ago to protect people from exactly the kind of behavior Facebook wanted to engage in (intrusive tracking, wholesale collection of personal data).
- Facebook has made a massive profit by violating the law, claiming to be merely skirting it, relying on creative interpretations that they must have known were "creative".
- They have now been told that their creative interpretations are wrong and that they need to actually follow the law. (They will likely also have to pay a fine that is a fraction of the profit they made from violating the law.)
- They can still do the thing they want, they'll just need to actually get voluntary user consent. Which they probably will not get in many ways, in particular because they're known for abusing the users and illegally misusing their data (see above).
I agree that it's inefficient that they were allowed to do this for 5 years before being told to stop, but I don't think that's unfair to Facebook, to Facebook's detriment, or because Facebook couldn't have known. It's because Facebook correctly concluded that they will get away with, and profit from, violating the law until caught and stopped.
This is a fight for the money Facebook is generating. The court, the law, the administrations, the bureaucrats, the media, the lawyers, the judges are all complicit. Using the law to say, take over someone house without reason will be outrageous (though it does happen in "lesser" countries than the EU).
But in the EU, you can still get people to look the other side if you explain it by Facebook is evil, Facebook is tracking you, Facebook is addicting you, Facebook is generating lots of money, etc... Of course, you have to realize, this is the same government that will sell your blood if they think they can make profit out of it.
I feel there is a risk in having the cost of privacy getting transferred to the user that we have yet to actually confront, and it worries me that we are not doing that.
I am not exactly breaking the news: If companies make less money through ads, they have to make it "some other way" (which so far has resolved in "making the user pay directly"). A lot of people have been suggesting that it's not their business to figure that part out; privacy is paramount and above all else. That's fine up to the point where zealousness effectively worsens the life of others, and maybe even more than that, our collective lives.
(To me, one example of that might be restricted access to a lot of important news outlets. I know that it is currently pretty hip to attack the NYT anyway, and I can see a lot of good reasoning behind the critique, but if that then resolved to people getting information from random internet personalities on Twitter or IG, we seem to have significantly worsened a bad situation)
The HN community is for the most part probably not negatively impacted by having to pay for more stuff and actually might net gain through stronger privacy rules. However I expect the privileged to also think for others, in the terms of the others' problems (i.e. if struggle was poverty and you tried to work through that, would privacy really be more important to you than having unpaid for access to Google?)
I know this is terribly biased topic on HN, but alas: Pennies for your thoughts.
Companies did just fine selling products with non-personalized targeted ads that were intended for a wider audience before there was an internet. None of this tracking is actually needed in order to sell ads or make a profit.
People also were able to communicate before there was an internet. None of this internet is needed to allow people to communicate.
Personalized ads are as big of a breakthrough for the ads industry as internet is for people's communication. Both also come with legit downsides, but saying it's not needed is naive, at best.
Ads with tracking, like it or not, are extremely beneficial to almost every single business, especially small ones who don't have that much money to spend on advertising.
And placement based ads are disappearing for a good reason - they just aren't that effective, except for specific niches.
Look, I understand that there's a lot (like a loooot) of reasons not to like ads and tracking. But let's get the facts straight about what they bring.
Personalised & tracking ads are beneficial firms because they extract more revenue from consumers. That means it makes consumers poorer by diverting a larger fraction of their disposable income.
As such, I couldn’t care less whether personalised ads are beneficial to big or large firms and help their bottom line. These laws are (rightly, IMHO) targeted at protecting consumers and so I’m glad they’ve been passed and are being enforced.
This is only true in the most naive sense. Through added efficiency we generate additional money. The information industry today and everyone that uses part of it was enabled through that added efficiency/money. Companies paying doctor money for programmers is not an accident. It's a consequence.
Sure, you can do ads without tracking like in the old days. You can also also do some amount of cancer treatment without chemo, or get old without any system of elderly care. It was "just fine" for hundreds or thousands of years. Parts of it might even look enticing. But if you cut out chemo, be prepared to die "naturally" younger, and if you cut out elderly care, be prepared, at the very least, to debilitate a generation of women, who will not participate in the workforce.
You can simply not expect the internet to get rid of just ad tracking, the additional money it provides and have everything else stay the same. A lot of silly things are being done with the money, things that nobody will miss, but if you expect only the bad things to go consolidate and all the fun and good parts to remain when ad efficiency and revenue goes down, I don't know what to tell you.
> That's fine up to the point where zealousness effectively worsens the life of others, and maybe even more than that, our collective lives.
Funny. Facebook's addictive "engagement engineering" was proven to worsen people's mental health in significant and measurable ways. When is that going to stop being fine? When are all the ad tech attention brokers gonna be held accountable?
If advertising-driven social media is wiped off the face of this earth, our lives are going to improve, not the other way around. We don't need advertising, nor do we need social media.
Any addiction is worsening people's mental health. Social media are part of it, sure, but it's naive to think that getting rid of Facebook will solve the problem. Hacker news is also addictive and has lots of people who spend way too much here and it's worsening their mental health.
It has everything to do with your comment. Your point is that regulating this stuff could harm people. My point is they're harming people a lot more just by existing and it would be a net gain if they were regulated out of existence.
Your point is stronger than you probably think: there are entire countries where ad-supported smartphone apps are the only really viable way of communicating for the majority of people because things like normal phone calls or text messages are ridiculously expensive for the locals. The business of financing communications through ads is actually helping millions of people in these affected poorer countries.
That's just my personal observation. Make of that what you will.
Removing the possibility of financing phones and calls through ads changes the entire market dynamic. I can’t say for sure that the ad-free prices wouldn’t drop because they were suddenly the only option available and scale gains (or a survival need) would drive costs down.
Companies won’t lower their prices if they don’t have to, but they will go to great lengths to survive…
I think you make an interesting strawman, but look in the reverse direction. If companies put the same revenue figure per customer as a pricetag, and then offered a discount of 100% to opt out, would it work?
Have two pennies if you can answer that without a presumptive bias.
That's simple enough: I don't know. But I get the a vague feeling you are being rhetoric and you think you do? If that's the case, please, just offer up the answer alongside your thoughts leading up to it.
Also I don't think I made a strawman (of any quality) but it's somewhat telling you think I did. To be super lame: I have very conflicted feelings about this topic and no conclusive opinion.
Occam hits the nail on the head - those with valuable data will pay, the value of "privacy" is not a long tail graph, it's a diminishing return.
So the products for the poor are subsidized by the information of the able at a cost to everyone. That doesn't feel sustainable to me - we're barely twenty years into the Google era, and how many hours have been wasted opting out of tracking? How many useful things could have been created for a dollar per user instead of mesothelioma ads?
That the indigent get 'free' service is a byproduct of the fact that companies abuse everyone else to subsidize it.
"Your" data may be worth a buck, but to the right person, targeting "you" is worth a fortune - the value you extract from your Gmail address is the same, the value they extract is not.
There is an adverse selection problem: the users who would pay are probably the richer -and most profitable- ones. The only equilibrium is a very high price to opt out, far above the average revenue per user, and essentially nobody would pay for it.
Insurance has similar problems since a long time: search for Stiglitz and “unraveling“ for literature on the topic.
I think a key point to consider is that when buying a good or service that has a quoted price, a consumer can make an informed decision as to whether that good or service’s utility to the exceeds the utility of price being asked for. When there’s all sorts of tracking going on behind the scenes and advertising that leads to them getting better targeted ads (which presumably lead to them spending more, because otherwise firms would not pay to have such targeted ads) then it becomes an opaque situation that does not allow the consumer to make a reasonable calculation.
Good riddance. If the EU wants to outlaw that business model, then that's their prerogative. I wish the jurisdiction I lived in would do the same and more.
(Yes, this does potentially give a lot of power to Flattr. But not that much, barely more than Patreon, as long as most of the processing stays local, and they only get the aggregate usage once per month ? And the open source aspect should keep them honest...)
Ah, so since we arw talkint about harm, when will facebook account for the massive fraud they enabled? They proffit millions off scammers on their platform. If I was assisting fraud on a massive scale, I would be in jail long time ago.
The idea that they have to make money some other way when profit margins are 40% is spurious. There are cases where advertising is banned and it improves the local economy because the soda companies no longer have to compete by placing their placards everywhere. The tobacco companies happily agreed to no advertising on TV. A huge number of businesses benefit from a smaller ad market.
That being said, this unequivocally lowers demand for software engineers and puts downward pressure on our compensation.
Governments can get away with punishing companies up to the point they become unprofitable. I feel like internet ad companies have flown too close to the sun and privacy regulations are proving more productive for governments than anti-trust or tax law. Privacy is an acceptable excuse, but the real motivator is Europe is tired of sending so many ad dollars to US software engineers.
"The EU decision will not have direct consequences for users, unfortunately, as it can be appealed to. Such an appeal would lead to a lengthy judicial process."
I really miss the skeumophic design of the iOS ecosystem from the early-to-mid 2010's.
It felt so premium, especially with the retina display which was miles ahead of basically everything else (especially desktops and laptops of the era).
I thought the world decided that skeuomorphism was bad in and of itself and was merely a stepping stone to more usable designs? I seem to remember there was something on the front page of Hacker News years ago talking about just how much of a relic it has become because modern design paradigms were just so much better.
I tried to find the link but this was the closest I could come up with:
oh, yes! i remember those angry troll comments on HN as well. as if flattening all UI was the only thing that mattered and everything else was skeuomorphism.
no sweetie, not everything needs to be a pictogram. and everything you see or use online is skeuomorphism off of something in the physical world at some level. yeah, that flat design also.
Edit: Added "at some level" after helpful comments below.
If everything is something, then something isn't a useful category. Sure, all digital design is in some sense and to some extent a metaphor for real world objects. But skeuomorphism was always referring to things that were to an extreme extent following the design language of the real world, well beyond what was required by their digital constraints or expectations of the user.
That is a useful category of visual language description that is lost when you start with all-design-is-skeuomorphism. It's not wrong it's just not a useful model for anything.
ah, but flat design is also skeuomorphic. methinks it was just some strategic intellectualism with no legs to look down on everything else that people made. clever tricks of the hive mind.
I can see this rapidly ‘degenerating’ into “what is a chair? Is a tree stump you sit on a chair?”- or “is there such a thing as a ‘chair’, after all ‘chair’ is an abstract concept and what we sit on is physical items”-type discussions.
“It’s skeuomorphic because it reminds me of icons which are things”
I had to check the retina remark as my Sony Z5 premium came in mind with the 800+ppi but even before that in 2013 I had z Sony Z1 with 440ppi and I'm pretty sure other manufacturers had high dpi screens since 2010 eg. sharp's ISO3 . So "miles ahead" is not true plus I believe iphones had other manufacturing tricks that helped in the "retina" marketing hype, I believe touch/display elements been closer together etc. Not saying is was a fluke, but a hype it was for sure
Why are you comparing phones from 2015 and 2013 to Apple marketing from 2010? The competition absolutely did catch up eventually. And if the Sharp ISO3 is the best example you can come up with from 2010, then I disagree with your claim entirely. A single, low volume halo device is not comparable to a mainstream device that sold in the millions.
The 2010 Galaxy S had a 233 PPI display compared to the 326 PPI that Apple marketed as "Retina". The 2011 Galaxy II actually regressed slightly to a 217 PPI display. These were both PenTile displays, so their effective PPI was definitely noticeably lower than the paper specs would suggest.
Even in 2012 with the Galaxy III, Samsung's mainstream flagship reached 306 PPI, which is still less than 326, but it would be roughly comparable if not for the compromised PenTile subpixel arrangement that means it didn't even have 306 PPI of clarity, nowhere near as good as a 306 PPI traditional LCD in terms of clarity.
By 2013 with the Galaxy S4, Samsung finally exceeded 326PPI with their 441 PPI display... on paper, but this was still a SAMOLED screen with a PenTile arrangement, but it was probably comparable with the 326 PPI of the iPhone 4.
The 2013 HTC One (M7) actually did have a 468 PPI Super LCD screen, which was impressively sharp, but still years later than the iPhone 4.
It took several years for the mainstream competition to catch up to Apple's retina displays. Apple was miles ahead of everything else. And I say this as someone who was an Android user until the iPhone X! I was not an iPhone user, but I could easily see how much better the pixel density was on iPhone 4 and for several years after that. As with most things, there are diminishing returns, and having a 20,000 PPI display next to a 500 PPI display is going to be completely unnoticeable. 326 "real" PPI is an excellent level of clarity, and I don't see much (if any) advantage to going past the ~450 PenTile PPI (whatever that works out to in real PPI) that we have on a lot of mainstream smartphones today.
Maybe you fell for the marketing hype of PenTile displays that were claiming higher PPIs than they actually had?
I remember getting my iPhone 4 and just sitting there on the couch staring at the home screen for a good 20 minutes, in awe of just how sharp the image was.
I compare apples to oranges. At the time apple came up with this marketing term, other manufacturers started increasing the display size of the devices making them more usable for their users. When apple decided to do that 2-3 years later, the high dpi offering started making sense but it had already convinced you of the "retina milea ahead" technology kn a 3.5 inch device
So, yes new tech is extremely cool, doesn’t always mean it makes sense/provides any benefit in practice.
It was night and day difference compared to similar 2010 smartphones. Maybe you don’t care about PPI, and that’s fine, but it absolutely did provide benefits to the users in practice.
That is a pointless question. Why do you call them Apple iPhones when they’re made by Foxconn?
Apple has not made displays in decades, if ever. They still contract the design to meet their specifications, and then market and sell those displays that they were involved with. That makes them Apple displays for marketing purposes.
These days, Apple sources displays from multiple manufacturers, but they end up being nearly indistinguishable because Apple was deeply involved in the design and manufacture.
It's not when you're talking about a technological lead. They didn't even make these displays or come up with the technology for them, they just paid for the exclusive right for them for a certain period of time.
It’s a distinction without difference as far as the market is concerned. Your question was just flamebait. If other manufacturers saw how important this would be, and if Apple had zero involvement with the display development as you claim, then those other manufacturers should have bought exclusivity first.
Instead, I’m sure Apple was involved in the design and development. It’s not a coincidence that the display just happened to exactly quadruple the resolution of the iPhone’s previous display while maintaining the exact same size.
Either way, nothing useful can come from this topic diversion.
Apple certainly deserves credit for mainstreaming some things, but they get a lot of undue credit for originating them. I have seen so many people saying that Apple or Steve Jobs invented the smartphone. :rolling_eyes:
I would argue that they invented the modern form factor of a smartphone, and a lot of the software design principles that go along with it.
If you handed a kid an iPhone 2G plus a bunch of BlackBerries and Palm Treos from 2007 and asked them to classify the devices, I bet they would only call one of them a "smartphone".
If by "the modern form factor" you mean the slab of glass with a virtual keyboard, sure. Good for them. (Actually, I didn't look; maybe somebody else did that first. But I'll assume you checked.) They also did a bunch of the "crossing the chasm" work, and they marketed the hell out of it.
But that is distinct from inventing the smartphone. Apple generally doesn't invent things; they let other people invent and pioneer the space, and then they come in with a consumer-focused design and marketing operation to produce luxury products and capture the high end of consumer revenue.
Good for them, and they've been richly rewarded for it. But let's not pretend that we should think like 7 year olds just so we can avoid being accurate about who invented what.
Apple didn't even do that first... or at least weren't alone doing that (though their competitors quickly failed for one reason or another, until Android)
Before the iPhone was shown off in 2007, Android was being built for devices that looked like BlackBerries, complete with the little trackball.
The first consumer Android devices came in 2008, looking a lot more like the iPhone than the BlackBerry-esque prototypes, but they kept the trackball because much of the software was still more suited for navigation with that than with the touchscreen.
I'm thinking rather of competitors the name of which I forgot, that came out at the same time or slightly before the iPhone, that had the new capacitive touchscreen tech (and used it for a full sized screen with a simulated keyboard), but little else in terms of "support" needed for a successful phone.
The hype was what actually brought the feature to users, not only the entire apple product line was quickly featuring it, but it also forced marched the entire ecosystem.
Sony might had the hardware feature, they did not had their entire product line, neither 1rst citizen support from everyone.
I really wish people understood that, because it's what it takes to become a giant like apple, and what will be required to take it down.
Well, active consent has been seen before with cookie banners. Let's see how long it takes before every time you open Instagram you get a prompt like: "I allow not not omitting the usage of tracking"
Though wouldn't surprise. However, if it would be the case, I would probably attribute it the fact that GDP is a low quality metric (though potentially the best we have?)
As in: If a rich woman marries her housekeeper and he does the previous things as a part of the marriage, the total production is the same with a lowered GDP.
Correct, but the lack of enforcement means almost everyone does it, almost everyone gets away with it, and the ones that see everyone else doing it and getting away with it feel compelled doing the same...
And how is this helpful? Is this a solution? What if the app-in-question was a different one? Not using Instagram at that would be very helpful, indeed...
Of course it's a solution. The developer has a right to comply with the law in whichever way they see to best fit their needs as a business. If you don't like it then don't use the app, nobody is forcing you to and you don't have a right to dictate to others how to run their business.
It's done all the time. And a reason why e.g. in the US or EU sites, domains, accounts and whatnots will be blocked or frozen for CP, whereas that (type of) CP may be legal in the place where the distributor is based.
While that's an entire different scale as "didn't display cookie banner" the mechanisms are the same and in place. If the EU finds privacy infringement important enough the infringer will be warned than fined[1]. I'm no lawyer, but I would expect that when a company doesn't pay that fine, they'll ultimately be prohibited from doing any business in the EU. e.g. through blocks, frozen accounts and such.
"let me track you or you can't use this" ought to be well within the law. The idea that is isn't is pretty insane government overreach. The disclosure should be clear and obvious, but it should also be the right of two parties to enter into such an agreement without the interference of the federal government.
I don't understand. There are webpages/apps that track you and now you have to accept that they track you before using it. That has nothing to do with instagram - if I don't want to be tracked, I don't use the software. Right? Simple solution.
Facebook should just start charging users that don't consent to tracking for targeted advertising. Etc. Problem solved, and we, the shareholders, will hopefully be happy too.
It's been truly shit to own Facebook stock the last year.. Let's end this now and get back to writing the growth story. Please.
The money advertisers can pay Facebook is, essentially, a percentage of all consumer spending. A percentage of the money you pay for toilet paper, dish soap, groceries, car insurance, credit cards, etc is funding the advertising budgets of those companies.
The money consumers can pay Facebook is, at most, some portion of their discretionary spending budget. What's left over after buying all that stuff, and paying the rest of their bills (housing, fuel, taxes, etc).
The first number is a much bigger number than the second.
If Facebook is no longer able to capture Charmin's ad spend because they can no longer provide adequate targeting, then Facebook will no longer get that money. The Charmin customers don't have it to send to Facebook directly, they gave it to Charmin to buy their toilet paper.
Charmin is likely doing brand advertising, however, and Facebook's ad network will likely still have greater demographic-targeted reach than other options.
If nobody is allowed to build a demographic profile for cross-site cookies, the biggest negative impact will be to small sites. Previously their ad inventory could be relatively high value because it could be assigned targeted ads at scale, without site-specific work or having to trust the site itself. Now the site will at best self-report their user demographics. (1) they probably have poor visibility into their customer demo without something like Google Analytics to guide them and (2) it's difficult for a third party to verify any demographic composition they claim.
Ad targeting on these will likely be content based. I suspect this inventory mostly won't be eligible for lucrative display advertising anymore, if it was before.
Out of interest where do you see growth coming from for Facebook? How many more people are there to get as users? Their advertising business is being hurt and likely to face further issues. The meta verse is, as yet, going nowhere.
Facebook would need to charge too much. This is the problem. They invented a way of extracting so many dollars per user-months in ads that they can’t have users pay for it instead because it’s too expensive.
And the reason they do it so well is because they are so invasive to peoples integrity that if people find out - they’d also quit the service in droves, and it’s also so invasive that regulators are objecting.
I don’t see Facebook returning to growth any time soon.
I'm not totally sure that's allowed under GDPR. I know you can't say "consent to data collection or you can't use the website" [1]. So I doubt "consent to data collection OR PAY or you can't use the website" is acceptable.
[1] unless the data is needed for the website to work
Seems to be quite common practice for some news outlets here in Germany. I remember that I read a court decision stating that this would for some reason be acceptable. Not sure if it really is though.
Some of them give you the choice between "targeted advertising with tracking, free" and "completely ad-free, paid".
Others give you the choice between targeted advertising and paying for non-targeted advertising, or three choices (free with targeted ads, paid with non-targeted ads, paid a lot with no ads).
They don't have to provide the service. They can charge money for the service (but then they probably will go bankrupt because few people are willing to pay for it, because the service isn't that great).
They can show ads on the service. They can even ask people to opt in to targeted advertising.
What they can't do is harvest people's personal data to monetize the service.
In other words: You can give away potatoes for free. You can sell potatoes for money. You can sell potatoes for onions. You can, in many countries, even sell potatoes for sexual favors, although there will be some rules to protect against exploitation. What you cannot do, in most countries, is sell potatoes for kidneys, and you most definitely can't sell potatoes while surreptitiously removing customer's kidneys and hoping they don't notice or care enough because they have two and you're only taking one.
> What a world we live in where government has decreed that business must provide services for free.
What the hell are you talking about? You can keep providing ads. If it's a paid service, you can keep providing a paid service. No one is asking you to do stuff for free.
The GDPR has failed to reach a balanced approach to the issues from the start. They failed to account for missing and much needed technology (uniform, automatic and consistent consent mechanisms), and failed considering anonymization technology used to deliver targeted ads.
The most profound mistake is their lack of proper risk assessment, as well as proof and transparent documentation of real actual significant harm done to users, to warrant such discriminating privacy laws. In the process they are hurting everyone, including small personal blogs, news media sites, and large social media sites.
The data, if hacked, or spied on by employees, is still a privacy risk regardless if its used for targeting ads or not. The data still sits on the servers, because the applications depend on it to function properly. The number of ecommerce websites alone that do not properly handle personal data is scary; basically anyone with database access can also access all the personal data on customers. If a given CMS has a known exploit, then the data is in great risk of being leaked and abused. E.g. Never host a site on Wordpress without proper security in place.
Nevertheless. We should always maintain that the user is ultimately responsible. If they do not like Facebook, they just ought NOT to create a Facebook account. Dislike being watched when walking around in physical shops? Stay away from them. However, the actual risk to the individual user, from ads, is so miniscule that we practically have no substantive examples of harm done. The worst shit is falsehoods promoted via ads, but that is purely an policy/moderation problem. Fake pages and accounts are a much bigger problem than falsehoods promoted via ads.
Having a paid subscription model would be a valid opt-out of advertising (ads are often dishonest, so I would like to see that). The problem is, the data still sits on servers, and if leaked, this will, unlike targeted ads, pose an actual real risk of harm.
I am not against the GDPR or the EU, but it has been profoundly flawed from the beginning, costing website owners a lot of time and money trying to comply. I absolutely hate consent platforms, because they are just another third party dependency IMO...
I hope Facebook doesn't survive another 5. But I won't hold my breath.
Still amusing just a few years ago Facebook was described as a world government due to the influence they had. Maybe they still have that, but I've just detached myself from it to see it.
Facebook will still be around in 5 years. The question is whether it will be relevant.
People make the comparison to MySpace, because it's the most comparable service - Facebook de-throned it as the king of social media.
And incidentally, MySpace is still around. They survived the de-throning by pivoting, which is inevitably what Facebook will do. I think we've seen the groundwork for it already.
Facebook's future isn't in the social media space though. Most of their endeavors are in VR and other cutting edge technologies, hence the name change to Meta. I wouldn't be surprised if they saw the writing on the walls years ago. They've been hiring AI, and VR researchers for years now and are the industry leader in VR at least.
But a leader in what exactly? I have been looking for years for actual usage stats. E.g., MAU and UAM for VR headsets, especially ones broken out by length of ownership. I get that people are buying Oculus units because of the hype, but is there much sustained usage? If so, what exactly is keeping people engaged once the novelty wears off?
As comparison, look at Amazon's smart speakers. $10 billion spent, lots of hype, part of the zeitgeist enough that SNL is doing jokes about it [1]. End of the day it's a "colossal failure": https://arstechnica.com/gadgets/2022/11/amazon-alexa-is-a-co...
Meta is betting on the long term. They're the leader of a very niche market _now_, but as XR technology improves, that market will only grow, and Meta will be ready for it, with years ahead of the competition at that point.
That's their bet, anyway, and we can speculate whether it will come to pass or not.
I'm inclined to think that the tech will eventually become mainstream, when headsets are as comfortable to wear as glasses. It's a prime opportunity for Apple to jump in near the tipping point, and claim to be the innovator, once again. It would be the mainstream push the industry needs, at least.
I'm less confident that Meta's verse will succeed, though. They've shown to be incapable of delivering an appealing product people want to spend hours in. And the Meta brand is tarnished beyond repair, no matter how many rebrandings they go through.
But something like VRChat always has something weird and interesting going on. Like, maybe I find a virtual theater where a bad sci-fi movie is playing and I sit down next to a group of Kermit the Frog / Booby Anime girl avatars who are trash talking the movie ala MST3K. Every day of the week you get this!
Thanks! I really appreciate a comment from an actual VR user describing actual VR use. I find the "but in theory it works great so let's ignore the problems" replies tiresome after a while.
How often would you say you use VRChat? I'm especially interested in things that people use in the same way they'd use Facebook or Twitter: multiple times per week and as a default activity when they're bored.
I don't use my VR headset all that often, unfortunately. The last time I was using it a few times a week was trying to figure out if I could get a good working environment set up using my WMR headset. (It's OK with one of the virtual desktop apps you can get on Steam - but not so good I could do more than an hour in it. I haven't even gotten to the point of trying a Teams call to see how the audio and screen sharing works) Nor do I use social media much these days.
I think if I was 15 years younger (less demanding job, no wife, no dog, few other responsibilities), I'd probably be in VRChat 3-4 times a week though. It's a dicking around kind of place not unlike the online games I used to play back then.
I would use my headset more for watching movies virtually if:
1. Any of my friends had a VRHeadset and did the same (none do; barely any of my friends online game anymore due to family commitments). I used to regularly watch movies using the Xbox Netflix party feature back in the day.
2. My VR setup was more comfortable. Eyestrain is real - as my eyes aren't as great as they used to be. The headset chafes, I am still trying to work out how to consistently make it comfy.
All told - middle age prevents me from spending more time in VR, and thus VRChat.
One data point regarding kids: A couple christmases ago I rented the Oculus Quest just to see. It was fun and interesting, and a hot property around the household for the first week or so. I expected that the adults would tire of it, and we did. But to my surprise, the kids did too. They ended up back on the Playstation and their Switches, and they didn't even notice when I returned the Quest.
I agree with you that Meta ads another set of ways to fail. But this is the thing I want to question:
> that market will only grow
I too have read science fiction, so I get the theory. You know what else is in science fiction? 3D movies and 3D TV. But we've had 3 waves of 3D films (1950s, 1980s, 2000s) and it turns out nobody cares. And 3D TV fared even worse. And let's not forget the 1990 wave of actual VR, which also cratered. So the question is: will facehugger VR go the way of other stereoscopic 3D entertainment?
I think it's an open question, but my point is that it's very plausible that VR and the Metaverse will, like the jetpack, remain in the realm of sci-fi long after you and I are in the ground. And as far as I can tell, nobody is releasing data that shows it on a different arc. The Brewster Stereoscope sold a lot of units too, as did the Viewmaster. But ultimately people seem fine inferring 3D from 2D images without stereoscopic effects to help them along.
But it's kind of weird that you would say this, with 3D now being an option in cinemas everywhere now (if not in homes any more, though my own TV is still compatible), especially with Avatar 2 that just released ?
Compare that with the introduction of color or sound, and it's pretty obvious that 3D films are at best a niche. I haven't heard of any 3D film that's offered only in 3D. Even Avatar 2 is available in 2D, suggesting that even James Cameron, one of 3D's biggest proponents, considers it optional.
Will theaters keep offering it? Probably, but theaters are a business in decline and so are desperate for anything that gets people coming in. Just looking at some theaters selling Avatar tickets, 3D is treated as an amenity like Dolby sound or reclining seats or "plush rockers", whatever those are. Perfectly nice, but hardly the stuff of societal transformation like Zuckerberg is hoping for.
Wasn't Avatar 1 also available in 2D ? When 3D was NOT an amenity ?
Anyway, yeah, arguably even color wasn't "transformational" (sound probably was ?)
But then 3D films and TVs are pretty much offtopic anyway - unlike VR/AR compared to 2D (or even 3D) monitors, they don't radically change the mode of interaction compared to 2D films and TV... (not to say that VR/AR will be successful)
3D films are relevant in that they are an example where something that was technically better was not transformational. And where there was a lot of hype but it turned out that people didn't really care. Which is important, because Meta is betting tens to hundreds of billions that facehugger VR will be transformational.
If you go back to the Brewster stereoscope, I count 6 waves of people expecting that stereoscopic 3D would change the world. Each time, there was lots of investment and lots of hype. Each time, it turned out that people were fine mentally reconstructing 3D from 2D without stereoscopic assistance.
My point here is that Meta's efforts could well be failed wave number 7.
Sure, but you can say the same thing about electric cars and smartphones. Both have had several "failed" attempts, and it wasn't until the technology was mature, cheap and accessible enough that they reached mainstream adoption. There's nothing to say that the same thing won't happen with XR.
If we consider transhumanism as something that's likely to happen, then XR can be viewed as a stepping stone towards that goal. In that sense, it could eventually become as ubiquitous as smartphones are today.
Yes, in the future anything is possible. But for any given chunk of the future, most possible things don't happen. The interesting question is which bucket a given thing falls into.
I think electric cars cut against your case here. The reason electric cars are becoming popular is that we're finally doing something about global warming. Governments are heavily using both carrot and stick via billions in subsidies and drastically tighter regulation on ICE vehicles. Unless you expect governments to try to end use of monitors, electric cars are an example of why we should be suspicious of facehugger VR.
The end result you see in the VR headset, or the games/worlds arn't really the goal.
AI, and VR tech don't pay out right now. But AI is rapidly developing and Meta is one of the leaders in AI research. We could easily see chatbots, Alex like things, or even manufacturing and disability assistance. Or robots and image classification. Skies the limit. The thing is with this tech, the killer product doesn't even exist yet, and probably isn't even a thought in someones mind.
The goal is to make it so when the killer product does arrive, all the R&D they've invested is able to allow them to become to dominate leader. The same also applies to VR tech and the interfaces for VR. It's not a consumer focused field, but their R&D is worth millions, and when it comes time for the killer product, they'll have it, or be able to smother the one who does.
And this honestly makes sense for a company like Facebook. Their golden goose is dying. Facebook won't churn out money. All the legislation against them is killer, and they know it's a market propped up by easy VC money where almost no social media company makes money. So why not invest the all their billions into future tech we'll see likely playout in 5-10 years, where they will then be able to completely pivot to that product. It's the long game.
Yes, I understand the theory. But you've assumed the very thing I'm questioning: "when the killer product does arrive".
Killer products for particular hyped tech visions frequently don't arrive, at least in the necessary window for a given wave of investment. We don't have jetpacks. There were people who invested in flying cars throughout the 20th century; Are they now "become to dominate leader"? Or look at Motorola's Iridium. Zepplins, wireless power transmission, vacations to the moon. All commonplace in sci-fi, and all things people have invested in. The killer product never arrived.
Facebook is doing this because Mark Zuckerberg wants to remain rich and relevant. But just because his ego can't conceive of his company becoming irrelevant doesn't mean we have to play along.
Facebook has already seen the writing on the wall and has been pivoting to VR. Probably not the best pivot but it is what it is.
They clearly want to be the Apple/iPhone of VR. The part that confuses me is that they can't seem to decide whether or not to make consumer VR stuff or business VR/AR stuff. They're completely different markets.
Consumers want games and apps/experiences that are fun and/or exciting (even if they're not games). Businesses want specialized apps and equipment that's suited to their industry/use cases. If you're going to make business-focused hardware like the Quest Pro you're not going to be making the highly specialized software that businesses want because that would be a waste of your time (too niche). So it would behoove Facebook to sell something like the Quest Pro with a significant markup (the "business tax" like with all things "enterprisey") instead of at or near cost like they're currently doing.
The thing that baffles me the most is how much friction they've artificially introduced in order to develop for the Oculus platform(s). Firstly, you need a Facebook account to gain access to their developer portal. This makes zero sense considering that Facebook is primarily something meant for personal use. It also means you have to give your employer your Facebook account which is... Bad. To say the least!
(Aside: You might be thinking, "just make a separate Facebook account for work" but that's actually a violation of Facebook's TOS!)
Secondly, there's ZERO information about developing custom hardware for the Oculus platform in their developer portal. In their forums/community pages there's loads of people asking questions about how to do this and no answers from Oculus/Facebook staff. Nothing!
The ability to integrate custom input devices would be a HUGE boon to business-specific solutions/use cases. Simple example: Imagine walking around a store doing inventory while wearing an AR headset... It automatically identifies the products on the shelves and estimates their counts for you but how do you enter in the real count? Hold a controller in your hand and use a virtual keyboard? That would be the peak of inefficiency.
Sure, you can pair a Bluetooth keyboard/numpad to the Oculus (I think) but a customized input device that could say, weigh some bananas and measure the temperature, light/color, sound, and levels of ethene gas would be sooooo much better! It wouldn't be too difficult to make either except for the fact that Facebook has made it impossible.
When I bought the CV1 Oculus Rift, it listed Windows 7 as being compatible, and no requirements of a Facebook account.
Now the Oculus software has been "upgraded" by dropping compatibility with Win7, and the support for using it without a Facebook account will end on 2023-01-01.
Where I suspect this violates EU consumer laws, is that Oculus/Facebook/Meta doesn't provide me with an option to keep running old versions of Oculus software (offline if need be) that work on Win7 and without a Facebook account, along with apps I bought from or outside the Oculus Store !
Also, not much advance warning (if any??) between starting to warn about the end of Win7 support on the box and dropping Win7 support - we got plenty of time with the mandatory Facebook account requirement, though I haven't checked whether it was the case on the boxes ?
And the less said about Oculus promise of CV1 Rift Linux support that is still nowhere to be seen 6 years after release, the better. And this would have reduced developer friction a lot !
Facebook's survival (and MySpace's before them) is predicated on continued advertising revenue.
Continued advertising revenue is predicated on user count and eyeball time.
Consequently, the only thing that really kills Facebook is if users abandon the platform.
And there isn't really a Mastodon-equivalent alternative for FB's feature set. Or even assurance that there could be (i.e. features that require centralization or expensive compute).
Not really though. They even lost all user accounts before a certain date recently so there's not even much of a Ship of Theseus argument it's the same apart from the name.
If they challenge it, surely they still pay the fines retroactively if they lose? And given their size and how the fines are structured, couldn't it be very expensive to keep this in courts when it looks like a losing case on paper?
In a just world, of course they would have to pay back all that ad income, because as it turns out, they obtained it illegally and have been told so. Merely them thinking that it was not illegal and going to court does not make it suddenly legal and just to keep it. Like any ordinary citizen, of course they would stop doing the thing, that they have been warned about to be illegal, riiiight?
Good. So the invasive tracking that TikTok and every other social network does in Europe should also be illegal as well then? If not, then is it's only a matter of time and eventual enforcement and outlawing this behaviour for everyone.
Should not be just Meta; we need to go further and cover all social networks.
Does TikTok follow you around the web to a similar extent as Facebook?
AFAIK, the regulation doesn’t cover only Meta. If forcing acceptance of tracking to use the service is illegal for Meta to do, then it’s also illegal for TikTok.
That picture is of "Max Schrems, the lawyer who successfully sued Facebook for privacy violations against European citizens" which is another article at that site. They probably just forgot to link it and give it an appropriate caption.
The story talks about an impact on ads. While this immediately translates to something monetary, this probably extends to all sorts of analysis of user-data and will limit features that ensure continued user-engagement, too. Like recommending friends of friends, flooding the timeline with something to keep the user busy, etc.
Friend recommendations on Facebook are so creepy. I have an unused, empty Facebook account that recommends connecting with people I know in real life, even if I don't use WhatsApp, Instagram, Facebook, Oculus, or other Facebook products.
Some of these people recommended to me might have given Facebook access to their phone contacts, and that's how Facebook associated me with them. Or that's what I believe happened.
It is worrying that Meta's algorithms have relatively personal data about me when I never engaged with them much. It was pretty uncomfortable to find that out.
GDPR requires that data processing consent should be granular, so the user must be given a way to choose whether they want their data to be used for such purposes.
Glad to see that they do address the issue that for a company as big as Meta, it just ends up being a cost of doing business rather than a limitation on tracking.
Fines escalate when you keep breaking the same rules. Cost of doing business is fine when you can stop, but tracking is central to Meta’s business model.
I can see that there's not much point in serving me ads for e.g. women's clothing, because I'm not a woman. But even if you knew everything I read online, I think you'd be hard-pressed to guess what I want to buy.
So I don't believe that advertisers need to know all about me. They just need a few data points: am I a man or a woman, do I ever buy anything (do I have any money), and that's about it. Beyond that, I don't see how having more data makes it easier to get ad conversions.
I've never worked in this area, and I drive with ads turned off, so I honestly don't know.
On the other hand, outside of Proctor&Gamble-esque juggernauts of all things cheap and disposable in the grocery store, there's tons of stuff that appeals to small groups; this is a lot of what the internet and globalization has provided.
For example, my total spending on video games in the last 5 years is between 0 and $100, so game publishers should probably save their ad spend (and not annoy me with noise). My TV is seldom out of the closet and plugged in, and I spend maybe $1-200/month on books. I'm pretty interested in buying a tennis stringing machine and more sheet music to play, but it's too much effort for me to seek those things out, so I don't. These are just a few of an infinite array of identifiers that could provide worthwhile targeted ads to me.
As another example, most charities have a group of people who would be happy to give them money if they knew about the organizations, while most of the population is indifferent or, in some cases, opposed to their work.
I don't like advertising much, either, and it doesn't reach me that often, but it's ridiculous to suggest that personalized ads have no value.
I don’t know if this an real question. Just by knowing you opened HN, I could guess a lot about you. You are much more likely to be interested in tech, a man, work as software developer than an average person. I guess you have good computer or interested in one, you are interested in free cloud credits, you are interested in cool tech products if I could show you one etc.
Heh. So I'm on HN, so I'm some sort of nerd. That's fine; my career was in IT. But not really, you see; I have a few low-spec, low-power GP computers, but they are fine for my needs. If I need to replace one, I know where to go; I don't need signposts. I am deeply uninterested in "the cloud". And not everyone's idea of a "cool tech product" is the same.
I have some halfway decent clothes; but I hardly ever wear them. The stuff I wear is old and faded, and often a bit tattered.
I have as much clutter as I can cope with. I certainly don't have room for more cool gadgets.
I do buy stuff; but not usually because I saw an ad.
Look at Facebooks bottom line per user. It’s insanely high. And it’s probably all down to precise as delivery. They make so much money per user from ads that if they charged a subscription for it, no one would sign up. That’s why they are so successful, and ironically also why I think they are doomed (because what’s the pivot once delivering precise ads is dead?)
I do not know how to react about this. On one side I prefer my private information staying private.
On the other I use free services like Google, YouTube, Facebook all the time.
They make money selling our data, on the other, the fact that it is free for everyone is the democratization of the access to information. I suspect that even a subscription of $1 / month will push away more than half of the users for these services.
I prefer to live in the world where people have free access to search engines and large social networks.
> The EU decision will not have direct consequences for users, unfortunately, as it can be appealed to. Such an appeal would lead to a lengthy judicial process.
So companies can flout the law for years, making massive profits, and continue to do so for as long as they can string along an appeal process? Seems like a pretty nice loophole.
Depends on jurisdiction but it is possible to ban or allow actions to continue. It’s up to the court in those cases to weigh up potential harms on either side.
If a court decides the action is overtly harmful, they might ban it pending appeal. This happened with the U.K. government trying to send refugees to Rwanda. The ECHR blocked action since it was likely illegal and wouldn’t be easily reversed once the activity had taken place.
Imagine I sued you on the basis that the house you are living in is stolen and isn't yours to inhabit. Would it be fair that you can't live there while a lengthy court process figures out the truth?
In special cases, the judge can issue an preliminary injunction where a party is compelled to do something (or not do something) while the court case is ongoing, but the bar for that is pretty high.
If you sued me the case would not last 4.5 years, because a normal person doesn't have the funds to sustain a fight that long. That's the entire point of the gripe - corporations can extend these fights indefinitely and they will because it's profitable for them. That's not a good system for getting companies to act accountable for their choices.
Not doing so would allow mere allegations to put your business on hold until the entire court process, all the way to the highest court, if applicable, is complete. It's not a loophole. It's a fundamental tenant of innocent until proven guilty.
The process shouldn’t take years of course. Once a court no matter how minor finds you guilty, you are guilty.
Now, you might want to appeal that to the next instance which makes it take years. But a court has already found you guilty.
In this case the law if it was sane should stipulate that the business either stop the violation during the appeal or risk the fine for the whole period of the appeal process if it turns out after appeal that you were guilty of the violation after all.
Facebook should have to seriously consider whether it’s worth the gamble to both fund the appeal process and pay the accumulating fines (which, again if the law is sane, amount to more than what FB would lose by simply stopping the violation).
>This is civil law, not criminal. Presumption of innocence doesn’t apply.
If the court is so sure that the plaintiff will prevail, why even have a trial? The answer is that until the court rules, barring 100% certainty of the plaintiff prevailing, you have to wait for the court's deliberation or you have only oppression and no justice at all. Both sides must have a chance to make their case.
In civil law, the roles of plaintiff and defendant are largely interchangeable. If you order food and don't like it, the restaurant might sue you for payment. Or you need to sue the restaurant if you already paid. It's rather arbitrary, being only based on the order of the exchange of food and money.
In any case, take it up the law, because it is as I said: the burden of proof is different, its "preponderance of the evidence", i. e. 50%.
You are talking punish first, then have a trial later. Regardless of the rules of evidence, or who is suing who, the reason we have courts and trials is to allow both sides to be heard, and a decision be made on who violated the law, and then on how to remedy it. You cannot have justice if one side is not heard, or is put out of business before getting to make their case.
>The loophole is that the company is allowed to continue breaking the law while the appeal is in progress.
This means that the court is not sure that that is the case yet, and that the rights of the defendant are being respected. If you just kill the business on the mere accusation of wrongdoing, there is no justice, only oppression.
It seems fair, as long as the fines and penalties for continuing noncompliance are backdated to when the initial decision was made, even if they're only due after the last appeal fails.
With that setup, if they're confident that they'll come out on top, they can keep tracking while appealing. If they're less confident, they'll pause tracking to prevent the buildup of fines.
> So companies can flout the law for years, making massive profits, and continue to do so for as long as they can string along an appeal process? Seems like a pretty nice loophole.
Actually, they may yet receive a hefty fine. The court ruled on the principle: now, each lower jurisdictions may take action based on that principle.
Would it wreck the legal framework to institute a concept wherein you can appeal, but if, on appeal, the lower court ruling holds, the punishment/fine is retroactive to the date of the lower court ruling?
I.e., make it so that there is no free pass to continuing presumptively illegal activity.
Wouldn't it be that way already? The punishment even for the whole extended period of time is still often nothing to big tech. Punishments need to be tailored to those being punished to cause equal effect.
Under GDPR, fines can be up to 2% of annual revenue (not profit) for "less severe" infringements. Facebook had $118 billion revenue in 2021, so that would be $2.36 billion. And I think the fines will repeat.
For more severe infringements, it's double that, so $4.72 billion. Which would be around half of profits for 2021.
That's how liberals fight the second amendment in the US. Continue to pass obviously unconstitutional laws that they know will inevitably get overruled, and then pass another slightly different one once it does. Constant state of appeals. And nobody gets any recourse for squandered rights in the end. No politicians are barred or held accountable for their blatant abuse of the legal system. It's like a DoS attack on liberties.
Privateers generally had a letter of marque from an actual government, otherwise they were just pirates. If gun owners need to get a letter of marque from their state government to own arms, I think the gun control people would be on board...
Lack of fine-grained tracking makes it hard for small companies to target niche audiences. It tends to favor big brands who can do TV advertising or other highly non-targeted advertising. There was a point in the early 2010s were small consumer brands could break through the noise for cheap and find their audience. With the GDPR and the subsequent fall of facebook ads that era is sadly coming to an end.
Heh. Facebook's advertising (still targeted because this decision isn't final yet) is desperately trying to sell me some shoes. The same shoes for the last 2 years.
For variation it gives me some crap ads from some online stores that are just a frontend for some Aliexpress drop shipping. The line is always the same "Unfortunately we're discontinuing $PRODUCT. Buy now to take advantage of the discount!"
I don't see what niche they're targeting with that.
That's a nice anecdote but the thousands of new, successful online brands that were built on well-targeted, cheap, Facebook advertising from ca. 2014-2020 are proof that your anecdote doesn't match everyone else's reality.
100% this. In the past, you would have to commit to a minimum of $1k/mo for local radio/tv/newspaper ads, and had no tracking and lagging indicators if the spend was effective. Classifieds in newspaper were cheaper, but still more expensive than FB. With $100/day on facebook charged to your CC, from my experience, you could almost overnight turn on 2-3 quality leads per day. This was life changing for a significant number of people.
This isn't possible anymore as you need to burn thousands to get enough learning to get scale with Facebook, especially if you're in the US with an audience that uses iPhones.
Google Search ads still work, because they own the whole stack and they aren't impacted by attribution, but the prices have been going up significantly as people move spend towards channels with better attribution.
All of this legislation and privacy advocacy is just a gift to Amazon/Google/Apple - everything is first party data for these "portal" businesses. Their ads will still work, and they'll have no real competition in direct-response marketing.
Yeah HN is sadly way off-base celebrating this decision. FB/Insta ads were a key catalyst of growth for thousands of startups and small brands in the 2010s. Now it's all back to square one without an easy growth channel to target niche audiences.
I find it insane how many people on this thread are accepting/defending the fact that advertising must be a persistent thing in our lives (including in inappropriate places such as personal communication tools) and that people must keep buying things (otherwise what would be the objective of said advertising?).
If targeted advertising benefits the user, they will opt-in (GDPR doesn’t outright outlaw it, it just requires informed consent). If you are having an existential crisis about people having this choice then maybe it’s time to recognise that you’ve always been a parasite that didn’t actually provide any value to users?
Nike will be, they're also requiring you to consent or get out (and also set lots of cookies without consent, but I guess it's fine if you're not a social media company).
I agree, but the reality is that the most egregious offenders of consumer rights tend to control the markets they exist in, and the diligence required to effectively "vote with your dollar" is enough to overwhelm even the most staunch among us.
I've always found Ivy Lee's essay "Mr. Jones' Dilemma" to be a great summation of this problem. I'm having a hard time finding it online, but I'll link to it if I find it.
I'm not completely sure but I think we had to allow Skoda to track us when we paid them to turn on the Apple connection stuff in the car. I'm sorry I can't be more specific or technical than that, but I've never had a drivers license and drive a cargo bike, so the car is sort of my wife's domain that I know very little about.
If it was an option, I don't see why anyone would allow their car company to track them.
The car location thing is an actual issue that needs to be legislated away. Companies like bmw do this with irremovable sim cards and location data
Why the fuck does my car need an internet connection when nav isn't being used? Why are the sim cards irremovable? Why is an internet connection necessary for heated seats?
Principle of least privilege. These automakers can fuck off out of the data brokering industry with their ""automobile as a service"" business model
> Why the fuck does my car need an internet connection when nav isn't being used?
So they can update the firmware to fix (recall) issues instead of having you go into the dealership and pay someone to hook up a device to your car to do the same. This counts as 1-4 hours of labor--depending on how much of a pain in the ass it is to access all the car's ECUs/MCUs/systems.
I think it's important to note that the car only needs to be online for this to work. The automotive manufacturer does not need to know a damned thing about its location or regularly track your car's movements for this to work. A simple wifi connection to the Internet would work for the same purpose.
You should also know that newer electric vehicles have built-in Wifi for communicating with charging stations so they can keep track of various data fields about the batteries (e.g. temperature, charge state, etc). No reason why they couldn't also use that to download firmware updates when necessary.
I think it's important to note that the car only needs to be online for this to work.
I think it's important to note that what the manufacturer *needs* to know and what they have access to from your car's computer may be very different things.
Your car's computer system is most likely tracking a great deal of information about your driving history including speed, distance, acceleration, braking and *location* if a GPS is installed. All of this is most likely available to the manufacturer through an online connection if one is available.
And such a connection may still exist even if you don't know about it.
I can't imagine anybody without a paycheck-based motivation would be concerned by this. The fact that so many people in this comment section are whining about it is simply a reflection of the number of techies who work for Facebook or a company like it.
So what will they do instead? Put in a checkbox that you have to agree to if you want to use the service? Maybe offer a version specific to people who check that box which costs a few bucks a month?
That would be illegal as per the GDPR - you can’t force consent by withholding service.
They have no choice but to stop ad targeting based on personal data and instead only use publicly available data (public actions the user takes on the platform such as liking a page, commenting, etc) unless the user explicitly consents to their personal data being used for ad targeting.
What's also in violation of GDPR is sending your contacts to Whatsapp, as the app nags right and left to do, and as Whatsapp claims would be required for unrelated functionality such as seeing those freaking Whatsapp/Fb status pages of others or publish your own I guess. Phone numbers are PII, so even if you have individual consent for every number or number/name pair to pass onto third parties, which I very much doubt you have, the holder of that data in addition has a right to request data stored at Whatsapp/Fb and cancel storage and processing.
I seriously hate how misleading the titles of this report are (NOYB did the same crock and buried the lede 7 paragraphs into their report): Facebook tracking is illegal ONLY if Facebook hasn't asked for tracking consent.
If they did, they can track to their hearts' content - and it's horribly misleading that the news and news titles don't make this obvious. It'll put people into false sense of security.
These ad business puts pixel canavas trackers on your browsers. Got my neigbours language course advertisements through my private VPN connection in private browser mode. God luck in preventing it you cannot stop tracking unless you block javascript.
You will get private canavas trackers.
All your private data will be sold for advertisement.
To test try amiunique.org on a PC. Hint: You are not unique you are tracked.
This teacking is probably not legal according to GDPR.
GDPR applies not only to websites, but to software, am I correct? Does it mean that Android/Windows/MacOS and mobile apps should get user's permission for telemetry/analytics and allow to opt out from it? And Microsoft should allow using their software without requiring an online account?
Please turn on the great europa firewall! We all know you want to. Block facebook for illegal tracking, block twitter for illegal speech. Come give us the internet you think we deserve.
I don’t understand why Meta is always in the center on this problem, at least on most media. It is not relevant anymore. TikTok, or even Google should be the most concern now no?
I think with WhatsApp and Instagram under its control, Meta still has quite a reach.
Facebook might be (rapidly) declining, but I didn't hear young people switch to Signal/Telegram in masses, because their parents are also using WhatsApp.
Also: Yeah, there's TikTok, but I think Instagram is not dead yet for young(er) people.
Yes, those numbers look fine, but have a closer look.
Check page 14, Monthly Active Users: They have slightly risen in the US, slightly decreased in Europe, strong growth in Asia and RoW.
Compare that to page 15, Average Revenue per User: US around $49, EU $14, Asia $4.4, RoW is $3.2. Those numbers are also decreasing for the US and EU.
So for each user you lose in the US or the EU, you'll need 3 to 10 new users in Asia, even more in the rest of the world, or you'll need to squeeze the existing users harder.
They cannot grow much in any case. When half of the world's population is a facebook-user they could double at best. Doubling isn't the kind of growth expected from this kind of company, so they have to try crazy things like metaverse, or they would soon be valued like a utility.
Calling them chronically underfunded is very charitable. Corrupt would be a more accurate term considering they’ve privately collaborated with Facebook on ways to effectively bypass the regulation they’re supposed to be enforcing, in disagreement with most other DPAs.
Thank you! Interesting reading and not a good look for the DPC in question. That said, your use of the term "corrupt" implies that she has personally profited from the draft decision, and to be fair, I don't see any suggestion of that in the noyb article.
You wouldn't know if it was under the table or if it was non-monetary favours such as promotions for friends/family working at Meta or the implied promise of a nice high-paying position once they're out of the DPA role.
It could also be corruption at a higher level - the only reason Big Tech likes Ireland is because it's somewhat of a tax haven and accommodates unlawful practices like this one - if they stop being accommodating the companies will leave, so there's an incentive to not piss them off too much.
Sure but the claim was that TikTok is practically immune because they're a Chinese company and thus don't care what the EU thinks. My point was that they do business in the EU via their EU subsidiary in Ireland and that one is very much subject to EU laws.
Additionally the alternative to having a subsidiary in Ireland with a "special relationship" with the Irish DPA (look up "GDPR one-stop shop") they'd be subject to every single DPA in the EU at the same time, not just the Irish one, which would also mean every DPA could fine them independently. This is why people familiar with this arrangement paid particular attention to the restructuring at Twitter Ireland (and especially its involvement in reviewing feature proposals for compliance) which seems to have killed its GDPR OSS role.
If they can't show good ads in Europe, I assume that they will lose money and eventually have to close down here.
I think that users have a right to know what happens to their data. But this is not a consent or information screen, this is the end of it. Europe tells us they do this for our own good, so we can own our data, but then they make it illegal for us to exchange our data for someone's service. Basically they think they know better than us what to do with our data: it is the opposite of freedom.
Hopefully this will teach the users to vote better. Oh wait, we can't elect EU officials directly.
If Facebook were to suddenly go away we, all of us, would suddenly find ourselves plunged back into that time before Facebook even existed. Does anyone else remember what it was like then?
Your particular concept of freedom doesn't account for asymmetries in information and power. The average person does not have the time or knowledge to truly understand the implicit bargain that goes with using Facebook. Partly because Facebook is very aggressive in keeping users in the dark. But even if Facebook were totally open about everything, people just don't have the time to independently investigate every company they do business with.
What your high-theory freedom means in practice for the average person is the freedom to be exploited. That's how it went in the early 1900s before we had labor laws and anti-trust laws. Did hundreds of millions of workers lose the freedom to work overtime for free? Undoubtedly. Are they missing it? Generally not.
>EU privacy regulators say Facebook and Instagram must not force users to agree to tracking by putting this requirement into their terms.
In the context of apps like Facebook or Instagram, which make money by tracking us to show us personalised ads, this is like saying that it is illegal for supermarkets to charge us for groceries, even if customers wanted to pay for them. What happens next? The supermarket closes, evidently. And this is a win for whom? Not the supermarket, and not the clients. Everybody loses.
> this is like saying that it is illegal for supermarkets to charge us for groceries, even if customers wanted to pay for them.
More like banning the import of substandard and dangerous electronics, even if customers really want to plug their phone into a 50-cent charger from Aliexpress - because side-effects bear too high cost on the society.
That's precisely what I'm saying. I am an adult, and if I want to pay for a service with MY data, I should be able to consent to that. I can't, so this regulation doesn't respect me and my rights.
I think you misunderstood this. They are not being forced against showing personalised ads, they are being forced to give you an active choice. You are still welcome to choose to let them track you.
I think you misunderstood my answer. Using my analogy, this is like forcing the supermarket to give me a choice: pay for groceries or take them for free. This means the supermarket is forced to close because most people will take them for free.
It's more like forbidding Kellogg's to put toys into their cereal boxes. MAYBE they cannot sell sugary cereals to kids without, but most likely they still can. Only one way to find out :)
I wouldn’t assume they will no longer be able to show good ads. Ads don’t require tracking to work and there’s plenty of ad-targetable signal that Facebook users give the platform while using the service.
For example, if you join a cycling-in-Berlin group, they can still use that information to show you ads for protein bars and lederhosen.
But that would lower the ad brokers' profit margins!
It would allow producers of quality content to charge a premium for their ad impression inventory.
Careful, this is a slippery slope: Soon you'll be arguing some other anti-monopoly nonsense, like for open access journals, or that lederhosen manufacturers should be able to sell off Amazon at a discount.
> If they can't show good ads in Europe, I assume that they will lose money and eventually have to close down here.
They can't do it based on external browsing activity.
In-Facebook likes, comments, group memberships, clicks, etc. sound like they'd still be applicable, and give pretty good targeting info for a lot of folks.
> If upheld, though, this decision will make it much harder for Facebook and other platforms to show users ads based on what they click, like, share and watch within these platforms' own apps.
> While Meta is already allowing users to opt out of personalizing ads based on data from other websites and apps, it has never given any such option for ads based on data about user activity on its own platforms.
No one's who's done business selling to consumers is cheering about this. What exactly is gained for the society when a business has to show bike ads to basketball enthusiasts?
A lot of us around here seem to live perfectly fine despite effectively seeing zero advertising with a combination of ad blockers and avoiding ad-supported services so I’m wondering why do you think advertising is an essential concept that needs to be preserved and defended?
It's not my revenue. If you believe any business is evil if it has has paid salaries out of the revenues boosted by efficient advertising, that's your prerogative.
I am open to hearing how exactly targeted advertising has damaged our society but I will not accept vague notions of spying and privacy as an argument.
Most of the entities powerful enough to spy on you currently, will continue to do so discretely.
Could you elaborate which part of Cambridge Analytica's actions you object to? Not that I disagree but I don't consider targeted advertising, that is available to everyone during election, as a smoking gun of any kind. I assume you are more so referring to the fact they illegally obtained people's data (gathering of which wasn't related to targeted advertising).
To be honest, I don't remember the details and I don't want to waste time looking them up again anymore.
My opinion (and that seems to be that of many) is that targeted advertising is not desirable. Neither from a user perspective (I don't want to give my data to a FANG company) nor from a society perspective.
It opens up the flood gates for misuse like the CA case and it doesn't make the world a better place. And it's not only that isolated case, it's FB's own behavior - things like scraping and cross referencing Bluetooth network and contact information. It's a recipe for disaster.
You asked me 'Does "Cambridge Analytica" ring a bell?', but apparently it barely rang anything for yourself.
I see you haven't researched the topic in question and have stated you are not going "to waste time". This actually succinctly summarizes most of the knee-jerk reactions.
Fuck advertisers, fuck surveillance. Nothing is gained for society when any kinds of ads are run, but less ability to track and spy on me _is_ good for society
Presumably, since Facebook has no way to contact those people, they will just shut down the no-logged-in-but-tracked half of their business in Europe?
(If you don't know what I mean by shadow profile: When you first create a Facebook account, it helpfully produces a prepopulated list of your friends, and links in a pile of consumer tracking data before the onboarding flow is done.)