Presumably, since Facebook has no way to contact those people, they will just shut down the no-logged-in-but-tracked half of their business in Europe?
(If you don't know what I mean by shadow profile: When you first create a Facebook account, it helpfully produces a prepopulated list of your friends, and links in a pile of consumer tracking data before the onboarding flow is done.)
Is the reality that they'll be tracked regardless, just now through a thin veil of indirection (as with the shadow profiles)?
I think they established well how this is done and that if you are not a user, they actually collect much more data.
So the plain fact is you get tracked by Facebook even if you are not a Facebook user. The info collected by those trackers might not be enough to identify you, but still good enough to feed tailored ads to you.
The US has since 2001 built a techno-legal spying system that the Stasi would have been proud of (relying a lot on US companies, especially the GAFAMs), and worse, (ab)used it on non-US people, specifically people located in EUrope (especially as revealed by the Snowden scandal in 2013).
Since this violates the EU Charter of Fundamental Rights, in 2015 the Court of Justice of the European Union has effectively declared US companies to be illegal in EUrope : https://en.wikipedia.org/wiki/Max_Schrems#Schrems_I
(Technically speaking, that's not strictly the case, but good luck having a business when you can't have access to your EU customer's personal data, which, depending on the context, includes things as basic as their IP address - and the context might change as your business evolves...)
There have been attempts since 2015 between the US and the EU to try to find an agreement, but so far nothing has stuck, and it's hard to see how it can (unless the EU just chooses "denial" at some point), since, again, it's the whole US techno-legal spying system being in violation of EU fundamental rights that we're talking about.
To recap: a law was put in place 5 years ago that said if you get consent you can basically use data in any way, with some very vague and general language about how consent can be gathered and what it means.
Meanwhile, Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law.
Then, some random guy says he doesn't think Facebook's interpretation is right, a court agrees, and all of those billions of dollars have gone to waste.
So absurdly inefficient. No regulator has had the idea of just going to Facebook, having a real conversation about what they're doing, then talked about it with ethics professionals and researchers and tried to draft a forward-looking law that will make the whole system better? No; we prefer to thrive by ignoring problems for a long time then smashing them with a hammer.
so when you say a crazy way of making laws, you mean the way that laws basically get made?
>No regulator has had the idea of just going to Facebook,
pretty sure there was all sorts of conversations with Facebook and others over at least 5 years where it was quite clear people wanted to fix privacy issues and it was also clear that it was in Facebook's financial interest that it not get fixed.
>tried to draft a forward-looking law that will make the whole system better?
Facebook doesn't want the system better, Facebook wants the system to benefit them. At some point these things are incompatible. No body has gone to a bank robber and tried to discuss with them how to best draft the laws on how to stop the robbing of banks, because of an intuitive understanding that it is not the bank robber's intention to help stop the robbing of banks.
So when the law gets made to stop the robbing of banks, the bank robber than goes ahead and breaks it.
Or in the case of Facebook they say we are obeying the law! But still try to do what the law wants them not to do.
But I think this is the core of our disagreement here >according to their fair reading of that law
I would say according to their desire to get around that law.
It seems reasonable to survey or research bank robbers with intention of making their further attempts as miserable as possible and as unattractive as possible.
In the same way I expect that any good privacy related regulation will be analysing and researching what FB/Google/etc is doing and designing policy to outlaw their undesirable data gathering.
I think what's being characterized as crazy is that the laws as written are at best vague. It takes years to find out what they actually mean in implementable detail. This makes it very difficult to comply.
Have you read through GDPR? I have. It talks a lot about "reasonable measures" and includes vast swaths of other laws while being very light on details. Compare to, for example, electrical codes. Those tend to be quite specific and clear with sharply limited room for interpretation.
With this in mind, I can see why someone might regard this as an insane way to create laws.
This would never work because Facebook is uninterested in making "the whole system better". Their entire goal is to make money off of user data, and they have zero incentive to work with governments that threaten that goal.
This appears to be deliberate and I am happy about it.
Any internet-related law actually increasing privacy and harming tracking/spying/personal data gathering was going to harm FB. If it would not, then it would mean that it is toothless and useless.
> Facebook has invested billions of dollars in building and developing a platform according to their fair reading of that law.
It's valid to say "Facebook isn't the one who should be expected to have citizens' best interests at heart", but the incentives of regulators and Facebook are absolutely aligned in that both are looking for a law that will be followed.
So often in the last 20 years I’ve seen companies (and particularly US tech companies, but it’s not exclusive to them) deliberately read more charitable interpretation of the law, knowing they'll make millions over and above any fines they might receive.
It’s so common place that there is even a saying for it:
“ask for forgiveness not permission”
So I have a hard time believing that Facebook, with their army of lawyers and millions earned from data collection, are the victims here.
..of dollars that Facebook recieve by selling info about their users?
At the end of the day, they are still human, and laws and regulations are still written by humans, meaning that it can often be hard to suss out intent from the letter of the law.
People who make laws can see the future (yeah, sometimes they don't), it's the people that do not understand them and protest, because they do not see the immediate benefit for themselves, so the laws have to be changed to accomodate the snowflakes of the World.
Making laws is about govern, not about futurism.
A compromise has to be found every time a new law is proposed to be approved.
See for example the ban on ICE engines, one side wanted it NOW the other side wanted it NEVER, truth is a good compromise was to accelerate as much as possible for some heavy user (Amazon alone, for example, is responsible for more than 20% of the global deliveries) and make some exception (5 years tops) for supercar luxury brands like Ferrari or Lamborghini, that sell a few thousands cars/ year.
But things being as they are, people complained about Ferrari asking for an extension (for themselves and other luxury brands) but at the same time against the ban in general because everyone owns a car.
The real problem is that people put in charge of making laws other people like them, not people better than them.
It's a vicious circle.
EDIT: the HN paradox: everyone knows what's bad, everyone has a very important job, but apparently things never improve because "politics".
Maybe things are harder than what they look at first sight, from outside, and it's not about "people not seeing the future", but about the fact that the more a society is rich and established, the more changes are hard and people oppose to them.
See for example how hard it is to convince American people that socialism is not a crime and USA could survive free health care paid by everyone's taxes.
Does it mean that Americans are stupid and can't open Wikipedia and do a simple research, that they can't see the truth in front of their eyes, or that they are simply afraid of change, because the system works for a large part of the population, the same part of the population that basically runs the country and decides who gets elected?
The main fault of the process is that it took 4.5 years. That’s 4.5 years of illegal revenue. Speed is justice. We all know this. It would have been preferable for the law to have been so clear that it didn’t take that long to argue. I forget the exact wording but I think it was pretty clear, and they just managed to draw it out long enough to turn more profit in the meantime. Possibly not so much a problem with lawmaking as with the litigation.
I do not care at all what FB claims. They repeatedly lied, cheated (see 2 factor phone numbers) and deliberately misinterpreted law in insane ways.
One of their attempts was putting serving interesting ads as service given to users and claiming that it means that they are obligated to track them.
and here I was thinking that breaking things and disruption is what Facebook in particular was super into. Sucks if it happens to you I guess. Laws and regulations aren't made by meeting Facebook representatives and then asking them what's convenient. Okay Facebook has invested billions of dollars, luckily they've also made billions of dollars. How much do you think traditional journalism, including all the positive externalities it entails has suffered from Facebook? They didn't seem to care, it's a legacy industry if I remember correctly.
Car manufacturers all over the world have invested probably a hundred times as much in the combustion engine and the traditional car, it's going away as well. Like are we going to reimburse and invite everyone who has made anything we've decided we don't want any more?
I think the crux is that they instead implemented a system according to their most favourable reading of that law.
They took a calculated risk, it backfired a little bit (albeit after 5 years of using it to their advantage), and now they need to approach things differently.
Business as usual.
> Then, some random guy says he doesn't think Facebook's interpretation is right, a court agrees, and [the law changes].
You've just described how US legal system works (case law - https://legaldictionary.net/case-law/)
> just going to Facebook, having a real conversation about what they're doing, then talked about it with ethics professionals and researchers and tried to draft a forward-looking law that will make the whole system better
You've just described how US lobbying works.
In terms of society, regulatory uncertainty better than no regulation, hands down, and is a spectrum whether the risk is too high to engage in the market profitably.
'Gone to waste' is the best possible outcome of money spent on advertising infrastructure.
This is utter bullshit. They have tried to twist and bend the rules and tried to use an exception that doesn't apply to them at all. Everybody knew that Facebook went against the spirit of the law.
Somehow they got the Irish authority to go along with their idiotic interpretation of the law, but that doesn't mean they were working "according to a fair reading of the law", it just means that the Irish authority failed to do their job.
If Facebook had gone with a conservative reading of the law, like many other companies have, they would have added consent prompts 5 years ago, and they wouldn't have a problem today.
I would suggest you spend some time reading the GDPR. It's surprisingly approachable. The parts about consent really aren't that hard to understand at all, and it's clear what the intention of the exceptions were (eg. a pizza delivery service obviously does not need to ask for consent to share the customer address with a delivery driver for the purpose of delivering the pizza, but they do need to ask for consent if they want to add the address to a direct mailing directory).
It's unfortunate that it took the EU 5 years to do something about this obvious violation, but the problem is not the law itself.
"Having a real conversation" is clearly not how Facebook intends to operate. It has never been particularly open or forthcoming about how it handles data.
The "vague and general language":
Article 7, paragraph 4:
> When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
https://gdpr-info.eu/art-7-gdpr/
Recital 42:
> Where processing is based on the data subject’s consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation. 2In particular in the context of a written declaration on another matter, safeguards should ensure that the data subject is aware of the fact that and the extent to which consent is given. 3In accordance with Council Directive 93/13/EEC¹ a declaration of consent pre-formulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms. 4For consent to be informed, the data subject should be aware at least of the identity of the controller and the purposes of the processing for which the personal data are intended. 5Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.
https://gdpr-info.eu/recitals/no-42/
Facebook didn't like the business impact of complying so has spent years grasping at loopholes that don't exist in a law which is remarkably clear for legalese (especially EU legalese). The fault for that lies with Facebook, not the law making process.
Specifically, my understanding has always been that a company cannot demand consent to data storage and processing in exchange for providing a service except where the data is actually necessary to provide the service. It certainly isn't necessary to track what users do on other websites in order to provide Facebook's core product. It isn't even necessary to do that to provide ads targeted to a Facebook user's interests because people who use Facebook normally provide significant information about their interests through normal use of Facebook.
There is no way that Facebook wasn't aware courts were likely to understand the law that way.
This is not "some random guy". It's noyb and they're doing an important job. They not just "saying this and that" but do try to get the actual laws enforced which is what they did here. You can learn more about them here: https://noyb.eu/en/our-detailed-concept
The "random guy" you've probably actually meant is Max Schrems and his history is also quite noteworthy: https://en.wikipedia.org/wiki/Max_Schrems
What?
Article 7 par 4. GDPR [1], "Conditions for consent": When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. (emphasis mine)
Personalizing ads is not necessary for providing the service, hence the forced consent is not given freely.
To anyone involved with the GDPR back then, this was as clear as the day.
Also, Article 7 par 3. clearly states that even if consent were given freely, the "data subject shall have the right to withdraw his or her consent at any time", and "[p]rior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.", which was clearly not on the table with Facebook.
[1] https://gdpr.eu/article-7-how-to-get-consent-to-collect-pers...
Many would argue that that's what happened, Facebook choose to bet a few billions on trying to get around it by trying to argue loopholes into the interpretation and is now getting told to knock that off a bit more forcefully.
I mean, if they do not actually know for sure how a specific law is to be interpreted then better err on the side of caution, instead of becoming a criminal, violating the rights of many millions of people. Better take precautions in case ones convenient interpretation turns out to be BS. I am sure they made their business viable without all those violations of the law. They can just flip a switch now, and stop doing the bad thing, that they now know for sure is illegal :)
But hey, that is just what I personally would consider an ethical approach, ha! Maybe not caring about the law and just continuing to ignore people's rights, being as invasive as possible to people's privacy, for as long as it is financially viable is the more ethical choice ...
The article makes it seem pretty straightforward:
> Meta explained that its updated terms rely on the GDPR concept of "contractual necessity". The GDPR mostly prohibits companies from forcing users to turn over personal information to use their services. The only exception is when that information is necessary to execute a contract: For instance, a car sharing app needs to know your location so that it can show cars near you.
For a car sharing app, it is necessary for them to get your location for the service to work. In Facebook's case, personalized ads are not necessary for Facebook to work. Since it isn't necessary, Facebook needs to get express permission to use personal information for ads.
Facebook took an overly optimistic view of the law expecting regulatory capture to allow them to skirt the rules. It didn't work, so their investment was a poor one. Regulators didn't force Facebook to make a poor investment.
Also, Facebook can decide to pay the users it tracks in Europe. Maybe the investment has poor returns, but the money hasn't entirely gone to waste yet.
The article suggests you need actice consent, which is what a basic reading of gdpr rules would mean. I don't know why hiding it in the terms and conditions would possible be conpatible.
I should be able to choose complete privacy.
Anything less, regardless of what corporations or government agencies say or agree, is illegitimate. And it shows that the governance agencies are illegitimate too.
It shouldn't be that it is assumed I am a criminal and that as crimes occur online, my data should be collected. Not should it be assumed that my data should be monetisable by intermediaries.
I get the feeling that you can bypass laws in the US based on technicalities and loopholes. In the EU, it’s the intent of the laws that matters, not how the words are written first degree. And the intent is pretty fucking clear: don’t mess with EU citizens private data. I can’t wait for Facebook to die and will never care that they spent billions trying to bypass EU laws for nothing.
[1]source: a list of the largest tech companies sorted by market cap.
https://gdpr.eu/gdpr-consent-requirements/
I'm doubtful that Facebook have been using a fair interpretation of the laws as that doesn't seem to be the way they operate. I'm also doubtful that users can easily revoke consent which is another requirement under GDPR.
Protection of personal data is not something many in this bubble like to see since it threatens their products business model.
If their "fair reading" of that law is about as accurate as the characterization in your post, it's no wonder they lose court case after court case about it.
History shows us the regulator always comes after the original culprits exploited what they could, never before.
It's really not up to Facebook nor you to decide what is the "fair interpretation of the law".
All they have to do is stop collecting people's personal information, all their problems would go away. People don't want their surveillance capitalism abuse anymore. No one is interested in watching Facebook "discuss" the matter with regulators in order to massage it into a "compliant" form. We want Facebook's unconditional surrender on the matter, cease and desist all surveillance activities. We don't care how much money it will cost them, what they are doing is simply not acceptable and it has to stop.
To me it means one of two possibilities:
1. Facebook is incompetent, not only did it spend billions developing lackluster practices that don't fit the spirit of the GDPR but that money also instantly disappears because they are apparently incapable of adding a prompt for tracking consent and evolving with the regulatory landscape like every other company on earth.
or
2. Facebook relies on its relationship with its users being non-consensual.
Well, I am not certain FB tells users exactly the extent to which their online persona is being profiled. We have relatively vague lawyer talk for 'more targeted ads', but it does not tell you that FB identifies as a prime target for ads that would feature, say, a suffering animal. For the record, I am making it up, but inferences taken from massive amounts of posts people make daily make it highly unlikely that a detailed and thorough psychological profile that would normally require years of visiting an actual psychiatrist are now very much a possibility.
And the only official indication of this we have comes from various FB court cases, but those being 1000s of pages of useful information is not an average person will go through, let alone understand. I forgot which company tried to shed some light on it with ads that used that info indicating to ad viewing person that "you are an X who likes Y". They got shot down fast.
I guess my point is.. it may be consensual in the sense that user agreed, but did the user truly understood what he/she agreed to, is something I would argue against.
Its very existence depends on it. Facebook is a company that builds shadow profiles of people who never joined the social network, never agreed to the terms of service and not even once consented to anything.
Come on, don’t be obtuse. The problem is not advertising, the problem is tracking and using user data without consent. The fact that they do that for advertising is irrelevant. They would have the same issue if they were doing it for any other reason.
> set a standard and stick to it
That’s what they did. It’s called the GDPR. One can argue that enforcement was insufficient, but the standard has not changed.
The language Art. 7 (https://gdpr-info.eu/art-7-gdpr/) may not be clear enough, but check out the recitals.
Unless you're actively trying to skirt the edge (in which case you shouldn't act surprised if you find yourself on the wrong side of it), it's pretty clear.
However, I think this article is slightly missing the point, as is your conclusion. (https://noyb.eu/en/noyb-win-personalized-ads-facebook-instag... explains this a bit better.)
Facebook wasn't trying to get consent through the fine print (that would be very obviously illegal). https://edpb.europa.eu/news/news/2022/edpb-adopts-art-65-dis... says that the decision "settles ... the question of whether or not the processing of personal data for the performance of a contract is a suitable legal basis for behavioural advertising".
Under GDPR, you need to have a valid legal basis for any data processing. This can be a) consent (which Facebook was not getting, nor claiming to get), b) doing only what's necessary for the performance of a contract, (some other things), and f) legitimate interests.
Consent is the easiest: When you get it (properly), as you said, you can basically use data in any way. But getting consent properly means actually getting consent, not tricking, annoying or forcing the user into saying yes when they don't want to. Ad platforms tend to either try to claim consent without actually getting it in a valid way (because, surprise, most people don't want this), or they reach for the other justifications.
While the advertising industry is trying to push to justify legitimate interest, anyone who has read the official EU interpretations (e.g. https://edpb.europa.eu/sites/default/files/consultation/edpb... - page 16 point 50, referencing Page 47 in https://web.archive.org/web/20220305192156/https://ec.europa...) would plainly see that you cannot use that to justify the kind of tracking that these ad networks do.
I suspect Facebook has realized this because otherwise they would have claimed Legitimate Interest. Instead, they claimed that processing the personal data is "necessary for the performance of a contract". That is obvious bullshit, and the EDPB has now explicitly confirmed this.
So I would recap it differently:
- A law was put in place 5 years ago to protect people from exactly the kind of behavior Facebook wanted to engage in (intrusive tracking, wholesale collection of personal data).
- Facebook has made a massive profit by violating the law, claiming to be merely skirting it, relying on creative interpretations that they must have known were "creative".
- They have now been told that their creative interpretations are wrong and that they need to actually follow the law. (They will likely also have to pay a fine that is a fraction of the profit they made from violating the law.)
- They can still do the thing they want, they'll just need to actually get voluntary user consent. Which they probably will not get in many ways, in particular because they're known for abusing the users and illegally misusing their data (see above).
I agree that it's inefficient that they were allowed to do this for 5 years before being told to stop, but I don't think that's unfair to Facebook, to Facebook's detriment, or because Facebook couldn't have known. It's because Facebook correctly concluded that they will get away with, and profit from, violating the law until caught and stopped.
This is a fight for the money Facebook is generating. The court, the law, the administrations, the bureaucrats, the media, the lawyers, the judges are all complicit. Using the law to say, take over someone house without reason will be outrageous (though it does happen in "lesser" countries than the EU).
But in the EU, you can still get people to look the other side if you explain it by Facebook is evil, Facebook is tracking you, Facebook is addicting you, Facebook is generating lots of money, etc... Of course, you have to realize, this is the same government that will sell your blood if they think they can make profit out of it.
Welcome to the Jungle.
I am not exactly breaking the news: If companies make less money through ads, they have to make it "some other way" (which so far has resolved in "making the user pay directly"). A lot of people have been suggesting that it's not their business to figure that part out; privacy is paramount and above all else. That's fine up to the point where zealousness effectively worsens the life of others, and maybe even more than that, our collective lives.
(To me, one example of that might be restricted access to a lot of important news outlets. I know that it is currently pretty hip to attack the NYT anyway, and I can see a lot of good reasoning behind the critique, but if that then resolved to people getting information from random internet personalities on Twitter or IG, we seem to have significantly worsened a bad situation)
The HN community is for the most part probably not negatively impacted by having to pay for more stuff and actually might net gain through stronger privacy rules. However I expect the privileged to also think for others, in the terms of the others' problems (i.e. if struggle was poverty and you tried to work through that, would privacy really be more important to you than having unpaid for access to Google?)
I know this is terribly biased topic on HN, but alas: Pennies for your thoughts.
Personalized ads are as big of a breakthrough for the ads industry as internet is for people's communication. Both also come with legit downsides, but saying it's not needed is naive, at best.
Funny. Facebook's addictive "engagement engineering" was proven to worsen people's mental health in significant and measurable ways. When is that going to stop being fine? When are all the ad tech attention brokers gonna be held accountable?
If advertising-driven social media is wiped off the face of this earth, our lives are going to improve, not the other way around. We don't need advertising, nor do we need social media.
I don't think it was ever fine. I also don't think it pertains to my comment.
That's just my personal observation. Make of that what you will.
Companies won’t lower their prices if they don’t have to, but they will go to great lengths to survive…
Have two pennies if you can answer that without a presumptive bias.
Also I don't think I made a strawman (of any quality) but it's somewhat telling you think I did. To be super lame: I have very conflicted feelings about this topic and no conclusive opinion.
Insurance has similar problems since a long time: search for Stiglitz and “unraveling“ for literature on the topic.
https://www.ctrl.blog/entry/flattr2.html
https://github.com/flattr/flattr-extension/
(Yes, this does potentially give a lot of power to Flattr. But not that much, barely more than Patreon, as long as most of the processing stays local, and they only get the aggregate usage once per month ? And the open source aspect should keep them honest...)
https://www.moneysavingexpert.com/news/2019/01/martin-lewis-...
That being said, this unequivocally lowers demand for software engineers and puts downward pressure on our compensation.
Governments can get away with punishing companies up to the point they become unprofitable. I feel like internet ad companies have flown too close to the sun and privacy regulations are proving more productive for governments than anti-trust or tax law. Privacy is an acceptable excuse, but the real motivator is Europe is tired of sending so many ad dollars to US software engineers.
Alas, as always with such news:
"The EU decision will not have direct consequences for users, unfortunately, as it can be appealed to. Such an appeal would lead to a lengthy judicial process."
I really miss the skeumophic design of the iOS ecosystem from the early-to-mid 2010's.
It felt so premium, especially with the retina display which was miles ahead of basically everything else (especially desktops and laptops of the era).
I tried to find the link but this was the closest I could come up with:
https://blog.prototypr.io/i-know-you-like-skeuomorphism-but-...
...and then there's this which really brought back (horrible) memories haha:
It's been truly shit to own Facebook stock the last year.. Let's end this now and get back to writing the growth story. Please.
The money advertisers can pay Facebook is, essentially, a percentage of all consumer spending. A percentage of the money you pay for toilet paper, dish soap, groceries, car insurance, credit cards, etc is funding the advertising budgets of those companies.
The money consumers can pay Facebook is, at most, some portion of their discretionary spending budget. What's left over after buying all that stuff, and paying the rest of their bills (housing, fuel, taxes, etc).
The first number is a much bigger number than the second.
If Facebook is no longer able to capture Charmin's ad spend because they can no longer provide adequate targeting, then Facebook will no longer get that money. The Charmin customers don't have it to send to Facebook directly, they gave it to Charmin to buy their toilet paper.
If nobody is allowed to build a demographic profile for cross-site cookies, the biggest negative impact will be to small sites. Previously their ad inventory could be relatively high value because it could be assigned targeted ads at scale, without site-specific work or having to trust the site itself. Now the site will at best self-report their user demographics. (1) they probably have poor visibility into their customer demo without something like Google Analytics to guide them and (2) it's difficult for a third party to verify any demographic composition they claim.
Ad targeting on these will likely be content based. I suspect this inventory mostly won't be eligible for lucrative display advertising anymore, if it was before.
And the reason they do it so well is because they are so invasive to peoples integrity that if people find out - they’d also quit the service in droves, and it’s also so invasive that regulators are objecting.
I don’t see Facebook returning to growth any time soon.
Excuse me, 'growth story'? For Facebook ??
Time proves the shareholders vs. rest of society stereotype to be true, I guess
[1] unless the data is needed for the website to work
This is currently being contested by NOYB.
It think it's a gray area right now though.
The most profound mistake is their lack of proper risk assessment, as well as proof and transparent documentation of real actual significant harm done to users, to warrant such discriminating privacy laws. In the process they are hurting everyone, including small personal blogs, news media sites, and large social media sites.
The data, if hacked, or spied on by employees, is still a privacy risk regardless if its used for targeting ads or not. The data still sits on the servers, because the applications depend on it to function properly. The number of ecommerce websites alone that do not properly handle personal data is scary; basically anyone with database access can also access all the personal data on customers. If a given CMS has a known exploit, then the data is in great risk of being leaked and abused. E.g. Never host a site on Wordpress without proper security in place.
Nevertheless. We should always maintain that the user is ultimately responsible. If they do not like Facebook, they just ought NOT to create a Facebook account. Dislike being watched when walking around in physical shops? Stay away from them. However, the actual risk to the individual user, from ads, is so miniscule that we practically have no substantive examples of harm done. The worst shit is falsehoods promoted via ads, but that is purely an policy/moderation problem. Fake pages and accounts are a much bigger problem than falsehoods promoted via ads.
Having a paid subscription model would be a valid opt-out of advertising (ads are often dishonest, so I would like to see that). The problem is, the data still sits on servers, and if leaked, this will, unlike targeted ads, pose an actual real risk of harm.
I am not against the GDPR or the EU, but it has been profoundly flawed from the beginning, costing website owners a lot of time and money trying to comply. I absolutely hate consent platforms, because they are just another third party dependency IMO...
Still amusing just a few years ago Facebook was described as a world government due to the influence they had. Maybe they still have that, but I've just detached myself from it to see it.
People make the comparison to MySpace, because it's the most comparable service - Facebook de-throned it as the king of social media.
And incidentally, MySpace is still around. They survived the de-throning by pivoting, which is inevitably what Facebook will do. I think we've seen the groundwork for it already.
Should not be just Meta; we need to go further and cover all social networks.
AFAIK, the regulation doesn’t cover only Meta. If forcing acceptance of tracking to use the service is illegal for Meta to do, then it’s also illegal for TikTok.
Yes, the TikTok pixel: https://ads.tiktok.com/help/article?aid=9663
Not as prevalent as Facebook's Like icons but it's well on its way.
He helped to get rid of Safe Harbor and Privacy Shield because they didn't protect the data of EU users.
Not at all. That's for improved privacy.
Some of these people recommended to me might have given Facebook access to their phone contacts, and that's how Facebook associated me with them. Or that's what I believe happened.
It is worrying that Meta's algorithms have relatively personal data about me when I never engaged with them much. It was pretty uncomfortable to find that out.
Next day Facebook was recommending her as a friend.
I do have FB Messenger and Whatsapp on my phone. Still that's creepy.
I can see that there's not much point in serving me ads for e.g. women's clothing, because I'm not a woman. But even if you knew everything I read online, I think you'd be hard-pressed to guess what I want to buy.
So I don't believe that advertisers need to know all about me. They just need a few data points: am I a man or a woman, do I ever buy anything (do I have any money), and that's about it. Beyond that, I don't see how having more data makes it easier to get ad conversions.
I've never worked in this area, and I drive with ads turned off, so I honestly don't know.
For example, my total spending on video games in the last 5 years is between 0 and $100, so game publishers should probably save their ad spend (and not annoy me with noise). My TV is seldom out of the closet and plugged in, and I spend maybe $1-200/month on books. I'm pretty interested in buying a tennis stringing machine and more sheet music to play, but it's too much effort for me to seek those things out, so I don't. These are just a few of an infinite array of identifiers that could provide worthwhile targeted ads to me.
As another example, most charities have a group of people who would be happy to give them money if they knew about the organizations, while most of the population is indifferent or, in some cases, opposed to their work.
I don't like advertising much, either, and it doesn't reach me that often, but it's ridiculous to suggest that personalized ads have no value.
I have some halfway decent clothes; but I hardly ever wear them. The stuff I wear is old and faded, and often a bit tattered.
I have as much clutter as I can cope with. I certainly don't have room for more cool gadgets.
I do buy stuff; but not usually because I saw an ad.
On the other I use free services like Google, YouTube, Facebook all the time.
They make money selling our data, on the other, the fact that it is free for everyone is the democratization of the access to information. I suspect that even a subscription of $1 / month will push away more than half of the users for these services.
I prefer to live in the world where people have free access to search engines and large social networks.
So companies can flout the law for years, making massive profits, and continue to do so for as long as they can string along an appeal process? Seems like a pretty nice loophole.
If a court decides the action is overtly harmful, they might ban it pending appeal. This happened with the U.K. government trying to send refugees to Rwanda. The ECHR blocked action since it was likely illegal and wouldn’t be easily reversed once the activity had taken place.
The loophole is that the company is allowed to continue breaking the law while the appeal is in progress.
With that setup, if they're confident that they'll come out on top, they can keep tracking while appealing. If they're less confident, they'll pause tracking to prevent the buildup of fines.
Actually, they may yet receive a hefty fine. The court ruled on the principle: now, each lower jurisdictions may take action based on that principle.
I.e., make it so that there is no free pass to continuing presumptively illegal activity.
It takes time but the regulators are evolving teeth.
"Please don't use Hacker News for political or ideological battle. It tramples curiosity."
Funny that. Not.
For variation it gives me some crap ads from some online stores that are just a frontend for some Aliexpress drop shipping. The line is always the same "Unfortunately we're discontinuing $PRODUCT. Buy now to take advantage of the discount!"
I don't see what niche they're targeting with that.
This isn't possible anymore as you need to burn thousands to get enough learning to get scale with Facebook, especially if you're in the US with an audience that uses iPhones.
Google Search ads still work, because they own the whole stack and they aren't impacted by attribution, but the prices have been going up significantly as people move spend towards channels with better attribution.
All of this legislation and privacy advocacy is just a gift to Amazon/Google/Apple - everything is first party data for these "portal" businesses. Their ads will still work, and they'll have no real competition in direct-response marketing.
Enjoy watching Nissan ads on loop.
How many of those are genuine brands and startups and not a yet-another front for a multinational conglomerate (or marked up AliExpress pipeline)?
If targeted advertising benefits the user, they will opt-in (GDPR doesn’t outright outlaw it, it just requires informed consent). If you are having an existential crisis about people having this choice then maybe it’s time to recognise that you’ve always been a parasite that didn’t actually provide any value to users?
I'm not completely sure but I think we had to allow Skoda to track us when we paid them to turn on the Apple connection stuff in the car. I'm sorry I can't be more specific or technical than that, but I've never had a drivers license and drive a cargo bike, so the car is sort of my wife's domain that I know very little about.
If it was an option, I don't see why anyone would allow their car company to track them.
Why the fuck does my car need an internet connection when nav isn't being used? Why are the sim cards irremovable? Why is an internet connection necessary for heated seats?
Principle of least privilege. These automakers can fuck off out of the data brokering industry with their ""automobile as a service"" business model
- https://news.ycombinator.com/item?id=33893240
- https://news.ycombinator.com/item?id=33884343
- https://news.ycombinator.com/item?id=33890865
... and more
Meta’s behavioral ads will finally face GDPR privacy reckoning in January - https://news.ycombinator.com/item?id=33893240 - Dec 2022 (59 comments)
Is there a more neutral article we can change the above URL to?
They have no choice but to stop ad targeting based on personal data and instead only use publicly available data (public actions the user takes on the platform such as liking a page, commenting, etc) unless the user explicitly consents to their personal data being used for ad targeting.
Would that be the Valley of the Silicone Dolls?
Tutanota should know better than that.
If they did, they can track to their hearts' content - and it's horribly misleading that the news and news titles don't make this obvious. It'll put people into false sense of security.
You will get private canavas trackers. All your private data will be sold for advertisement.
To test try amiunique.org on a PC. Hint: You are not unique you are tracked.
This teacking is probably not legal according to GDPR.
It would be wonderful.
Facebook might be (rapidly) declining, but I didn't hear young people switch to Signal/Telegram in masses, because their parents are also using WhatsApp.
Also: Yeah, there's TikTok, but I think Instagram is not dead yet for young(er) people.
From Meta's Q3 earnings release[0]:
> Facebook daily active users [...] were 1.98 billion on average for September 2022, an increase of 3% year-over-year.
"During the third quarter of 2022, the number of daily active users on Facebook reached 1.98 billion" (https://www.statista.com/statistics/346167/facebook-global-d...)
A site with 2 billion daily active users is relevant.
Worth nothing that TikTok has also increasingly been getting negative attention in the US as they grow.
Also, good luck getting TikTok to even reply to some weird European Data Protection official - from a country the size of a mid-sized Chinese city...
Not relevant?
if we would have only known...
I think that users have a right to know what happens to their data. But this is not a consent or information screen, this is the end of it. Europe tells us they do this for our own good, so we can own our data, but then they make it illegal for us to exchange our data for someone's service. Basically they think they know better than us what to do with our data: it is the opposite of freedom.
Hopefully this will teach the users to vote better. Oh wait, we can't elect EU officials directly.
Oh, that's right — those were good times.
;-)
Your particular concept of freedom doesn't account for asymmetries in information and power. The average person does not have the time or knowledge to truly understand the implicit bargain that goes with using Facebook. Partly because Facebook is very aggressive in keeping users in the dark. But even if Facebook were totally open about everything, people just don't have the time to independently investigate every company they do business with.
What your high-theory freedom means in practice for the average person is the freedom to be exploited. That's how it went in the early 1900s before we had labor laws and anti-trust laws. Did hundreds of millions of workers lose the freedom to work overtime for free? Undoubtedly. Are they missing it? Generally not.
They (the EU) don't and I don't understand why you would understand it that way.
For example, if you join a cycling-in-Berlin group, they can still use that information to show you ads for protein bars and lederhosen.
They can't do it based on external browsing activity.
In-Facebook likes, comments, group memberships, clicks, etc. sound like they'd still be applicable, and give pretty good targeting info for a lot of folks.
Probably the same in several other Eu parliaments, too.
Also, this may be hard to believe, but, most people don’t like ads and don’t value “useful ads” over their personal privacy.
Nobody else has reported on this issue yet so hopefully this is accurate.
https://news.ycombinator.com/item?id=33891880
https://news.ycombinator.com/item?id=33897651
