Pretending that clicking 'accept' under a page of legalese constitutes consent in any meaningful way is disingenuous and as a society we need to grow past it.
[1] https://www.nytimes.com/2017/03/16/us/oxford-comma-lawsuit.h...
It's not nearly as simple as that.
The issue isn't (only) that ToCs are written in legalese (they are a contract, after all). The bigger issue is that users don't know what Facebook collects about them or how that can be used against them. And it's clear that Facebook gathers a significant amount of information on you even if you never "sign up" for an account.
In the ToCs, it is written in vagaries like "the information you submit to us", but in practical terms, Facebook has been caught doing things that users (even very technical users) didn't expect. When you type in the "comment" form but delete the comment, Facebook has actively analyzed what text was deleted. The first Facebook iOS app transferred the entire contents of my contacts list (it's possible that this was messaged previously, but I wasn't aware of this permission). It's pretty clear that LinkedIn pilfered my GMail contacts without my permission or even my knowledge.
It's not reasonable to assume that users know what Facebook 2018 might do with their data when they sign up in 2008. This counts 2x when it comes to M&A -- if a company is purchased, the new company can completely rewrite the ToCs and I, as a consumer, have no ability to withdraw my previously submitted data to them (without components of the GDPR).
GDPR's "Right to be Forgotten" is interesting to me because it's a foreign concept in US law. As an engineer, I find it difficult to deal with corner cases. As a consumer, I feel like the foundations of what we call "privacy" are only eroding without the GDPR. Congress is willing to defend the privacy of children under 13 (COPPA), medical patient records (HIPPA), some financial account records, but little else.
> Zuck isn't putting a gun to anyone's head and telling them to use to service.
This isn't about coercion (or the lack of it). It's about transparency of operations and information asymmetry.
And I don't mean to hate on Facebook. They have been the target of more reports, but there are precious few companies in the same industry which don't have many similar offenses.
When prenuptial agreements are signed for example, if one party has an attorney, the other party should have an attorney if they expect the agreement to hold up later.
I believe the case law around shrink wrap licenses is nothing more than a pragmatic recognition of a business "need" (desire) to have complex legal terms to defend themselves against claims. I believe it falls short of what we should recognize as a valid contractual agreement as a society.
https://en.wikipedia.org/wiki/Meeting_of_the_minds
I also don't think "the right to pay me money and use my service" is really valid consideration.
But I'm not a lawyer and that's just my opinion about the way things should be, not how they actually are in today's varying jurisdictions.
That's the problem, they took physical, real world products like Mortgage documents that were easy to understand, kept on paper and but had stipulations and they applied it to things like storing your information in some unknown company in some unknown country and relinquishing liability in the event your personal details ended up on the DarkWeb.
Do EU lawsuits require the plaintiff to pay the legal costs of the defendant if they lose? If so, I doubt we'll be seeing GDRP trolls unless those GDRP trolls are well financed and prepared to pay all of the legal costs.
I agree with the GDPR in principle, but the manner in which the enforcement was setup, and the way it didn't phase in the aspects over time, and the way the fines are subjective from painful to destructive without any clear guidance as to how they will be levied, and considering the regulations were written in such a way that people seem to have a very poor understanding of what the actual rules are unless they have legal teams giving them the answers leaves me with doubts that this isn't yet another European regulatory money grab at the same time that it's a much needed advancement on privacy reform.
What's even better is all the non-lawyers posting blog posts saying STOP FREAKING OUT!!! Stop interpreting the rules wrong!!!
When you create a system that could amount to a severe financial risk, in the way this was done, I can't exactly rest easy given the advice of Jon Q. Blogspam Esq attorney from Wordpress School of Law.
If GDPR were clearly and rationally written, if it had a explicit grace period and progressive fines rather than instant potential massive liability, if regulators had front loaded more of the official clarifications prior to it taking effect so that everyone wouldn't have to pay law firms to ask the same questions, etc then we wouldn't all be flooded with stupid emails and misfires by every company we do business with. And saying that anyone who is afraid of GDPR is doing something bad with user data is just unfounded slander.
I am extremely pro-privacy and what they're trying to do for privacy here is great. The execution could have been much better. And I highly doubt the apologists will be around to explain why they were wrong when people operating in good faith, trying their best to be compliant are fined for non-compliance in an audit.
Is that plain wrong, or am I missing something?
