I am happy that things are finally moving in the right direction. A person stalks you and they (rightfully) get punished. {Google, Facebook, ad networks} stalk you across the net, recording information about your interests, your fears, and your secrets, without permission. And they get away with a free pass. In fact, we celebrate them as startup success stories and want to work for them.
We should at least have a choice on whether they can track us or not. And when we say 'no thank you', that should be respected.
I really think that all of you who are salivating at the prospect of the GDPR destroying FB should prepare yourself for disappointment. The intent behind the law might be good, but it's unlikely to accomplish what you want it to.
1. It's a bad law, because it's so overly broad and vague that it's going to be impossible to be fully compliant. For example, an EU resident hits your server while they're on vacation in Australia. You've stored analytics, IP addresses, etc. Congrats, you're now in violation. That's the tip of the iceberg. The law also broadly contradicts loads of other laws about how data must be retained for legal and compliance purposes. So now that everyone is breaking this law, regulators are free to just decide who they want to punish and how much. That's incredibly damaging to the fundamental idea of the rule of law.
2. It sets a really bad precedent regarding jurisdiction and the internet. So now any jurisdiction in the world can declare that if you do something they don't like that even remotely affects them, you owe them whatever they want. What if some oppressive regime passes a law that if your website is shown to one of their citizens and doesn't have a message praising their leader, you owe them 100% of your global revenue in perpetuity. Why not? You've violated their laws regarding behavior towards their citizens!
3. As item #2 gets at, countries can pass whatever laws they want, but they're limited by their ability to enforce those laws. If the EU gets overly broad and punitive here (as I'd argue they have), then companies will either just leave, or shift their digital operations to jurisdictions where courts can't enforce those laws.
Ultimately, I think that the realistic path here is that Google and Facebook will fundamentally change almost nothing. The user experience will just get worse, because we'll have to constantly be agreeing to a long list of terms about how our data will be used, etc, etc. And people will just agree and move on. Look at the cookie thing. Yes, I know you think it's different this time because of X, Y, and Z, but I'm skeptical. We'll see.
Regardless, the idea that we're suddenly going to live in a new golden age of digital privacy because the GDPR has good intentions is laughable.
It's not hard to imagine that, at some point, the sensible business strategy for certain types of US companies may be to simply not operate in the EU or certain other countries. That's not commentary on the rightness or wrongness of EU regulation but simply that, at some point,it may just not be worth operating in some geographies. GDPR is one example but so is right to be forgotten, etc.
I am in complete disagreement with the idea of fines based on worldwide revenues, that is nothing short of imposing fees on users from other countries without their agreement or to their benefit.
I think it is now time for society to regulate Facebook, Google, and whatever other company out there, that seeks to collect information on people.
Facebook and Google, are now collecting and tracking users across the Internet, just so that they can make a few extra dollars per person, but on aggregate, they will make billions.
They have essentially removed the right for us to browse the Internet anonymously.
This is what the libraries tried to protect for so long: your privacy on what books you check out. But now, with the Internet, there is no anonymous browsing anymore. It's all recorded.
It is already terrible enough that the government is doing it. But at least we know that the government is doing it.
But for a commercial enterprise to do it, without proper regard for consumer information, privacy, and protection. Then, this is a step too far. In fact, we don't even know what these private companies are doing. And the people that they employ don't have any special training, or any security clearances to handle such private information.
When Facebook goes bankrupt, like Yahoo did, then what is the first thing that they will do? They will immediately sell off all that valuable data that they have collected on the population for nearly 20 years.
What they have taken from us, is the right to be forgotten. The right to control the privacy of our lives, after we die. Sure, some people may not mind having all of their private digital history published, for all the world to see. But for some other people, we want to maintain that privacy, and take it to our grave.
> It is already terrible enough that the government is doing it. But at least we know that the government is doing it.
This argument feels so weird to me. We have a group of self-interested companies that that will sell your privacy for a nickel (Google, Facebook, etc...) and then we have a government that values your privacy at nothing. The government views even trying to keep your matters private (like encrypting your phone, as advocated by the big, self interested companies) as being inherently linked with crime and terrorism. And we now we want the government (you know, the “if you have nothing to hide you have nothing to fear” guys), to be in charge of regulating internet privacy? Thanks, but no thanks.
Given how much the majority US congress cares about privacy (almost 0) and how little they understand technology, I am quite sure whatever they create would be a giant cluster fuck.
In Germany or some other place with enlightened politicians? Yes, please, go ahead. But dear god if the FCC or some such is put charge or regulating privacy it’s going to make the TSA look like geniuses.
How can I pretend to be from the EU so that I get better protection from Facebook? Are there any cheap and trustable VPNs (I don't use Facebook a lot, and certainly not to watch bandwidth/traffic intensive videos) that would help for this? Any other solutions? How can such solutions be spread around so that more users get these protections, regardless of where they physically live?
> How can I pretend to be from the EU so that I get better protection from Facebook
You don't have to. You can start today by not giving facebook any more information (stop using their service). If facebook bleeds enough users, maybe they'll become motivated to change. I seriously doubt, at least in the US, that we'll see any legislation that forces them to change here.
As long as tracking is not connected to personal information (name, IP, email) it is OK by GDPR. So Google Analytics is not affected (as long as you specify the anonymizeIps option) as it does not associate a user with their actual identity.
Regardless of whether this is a good idea or not, how will it possibly be enforced against a multinational giant like Facebook, with private source code and machines to store data all over the world?
Generally by leveraging the fact that Facebook probably wants to remain on reasonable terms with most governments. Modulo appeals etc, once they've finally lost (provided that's the final decision), they'll probably just comply.
If they refuse, the government can seize any assets Facebook might hold in Belgium, possibly other EU countries, they could block or fine Belgian companies and individuals that do business with Facebook and such things, and escalate all the way to issuing warrants for Facebook executives' arrests, which with the European Arrest Warrant could be effectuated across the EU.
Not a lawyer and I had to translate from Dutch, but the first legal encounter involved the Privacy Commission looking for interim measures. Facebook first lost, then won the appeal. This is (sort of?) the same case, but now they're looking for a final judgment on the merits of the case.
I'm not sure why any mega-companies bother with running EU business units. Just put your offices and data centers outside EU jurisdiction (Hello Switzerland, Turkey, Morocco and now England) and pay your engineers enough to compensate for being in a less desirable location (in some cases) and you're still way ahead of the game.
Recently facebook pixel started collecting information on pretty much everything a user does on the website naming them "microdata". Those users have no clue they are being tracked in that manner.
Their official stance is that these cookies are used for fraud detection: https://www.facebook.com/notes/alex-stamos/preserving-securi...
In theory, Facebook could also sell these ghost profiles to web sites that have the Facebook like button or Facebook comments and want to show personalized ads.
just wondering here, but what would stop them -or any other multinational big corp- from say redirecting any web connection from a country A where X is illegal to one of their servers in country B,C,D etc. where it is legal, do all number crunching there and send unrecognizable results back to A?
The relevant laws generally don't care about server locations, or only in a negative sense (data processing in jurisdictions with weaker protections requires additional steps to be acceptable)
Since in general evidence for these things is not collected by grabbing local servers and searching them, this doesn't really give them any benefit.
This 'argument' comes up in almost every article critical of shady browser tracking purposes, as if it's the end-all-be-all argument for why we should disregard the article.
Yes, journalism makes a bunch of money from ad impressions collected by cookies and trackers right now. No, a lot of the actors in the business don't want it that way, but they still want to earn a paycheck for the time being.
Further, I'm sure that journalists have no control over their specific page-- they can't just say "Oh it would look pretty bad if there was a content tracker on this specific page, so let's demonetize this article". No, the paper has a policy for how they collect their revenue, and I guarantee that that department is well separated from the journalism department.
Sometimes people climb hills to get to the mountains. We don't say "Why aren't you climbing mountains, I thought you were a mountain climber!? You must be a crappy mountain climber if you only climb hills.".
[+] [-] jacquesm|8 years ago|reply
https://www.gdpreu.org/compliance/fines-and-penalties/
No cap, up to 4% of worldwide annual revenues for these kind of transgressions of the law.
[+] [-] microtonal|8 years ago|reply
We should at least have a choice on whether they can track us or not. And when we say 'no thank you', that should be respected.
[+] [-] ryanwaggoner|8 years ago|reply
1. It's a bad law, because it's so overly broad and vague that it's going to be impossible to be fully compliant. For example, an EU resident hits your server while they're on vacation in Australia. You've stored analytics, IP addresses, etc. Congrats, you're now in violation. That's the tip of the iceberg. The law also broadly contradicts loads of other laws about how data must be retained for legal and compliance purposes. So now that everyone is breaking this law, regulators are free to just decide who they want to punish and how much. That's incredibly damaging to the fundamental idea of the rule of law.
2. It sets a really bad precedent regarding jurisdiction and the internet. So now any jurisdiction in the world can declare that if you do something they don't like that even remotely affects them, you owe them whatever they want. What if some oppressive regime passes a law that if your website is shown to one of their citizens and doesn't have a message praising their leader, you owe them 100% of your global revenue in perpetuity. Why not? You've violated their laws regarding behavior towards their citizens!
3. As item #2 gets at, countries can pass whatever laws they want, but they're limited by their ability to enforce those laws. If the EU gets overly broad and punitive here (as I'd argue they have), then companies will either just leave, or shift their digital operations to jurisdictions where courts can't enforce those laws.
Ultimately, I think that the realistic path here is that Google and Facebook will fundamentally change almost nothing. The user experience will just get worse, because we'll have to constantly be agreeing to a long list of terms about how our data will be used, etc, etc. And people will just agree and move on. Look at the cookie thing. Yes, I know you think it's different this time because of X, Y, and Z, but I'm skeptical. We'll see.
Regardless, the idea that we're suddenly going to live in a new golden age of digital privacy because the GDPR has good intentions is laughable.
[+] [-] ghaff|8 years ago|reply
[+] [-] rhizome|8 years ago|reply
[+] [-] Shivetya|8 years ago|reply
[+] [-] blackrock|8 years ago|reply
Facebook and Google, are now collecting and tracking users across the Internet, just so that they can make a few extra dollars per person, but on aggregate, they will make billions.
They have essentially removed the right for us to browse the Internet anonymously.
This is what the libraries tried to protect for so long: your privacy on what books you check out. But now, with the Internet, there is no anonymous browsing anymore. It's all recorded.
It is already terrible enough that the government is doing it. But at least we know that the government is doing it.
But for a commercial enterprise to do it, without proper regard for consumer information, privacy, and protection. Then, this is a step too far. In fact, we don't even know what these private companies are doing. And the people that they employ don't have any special training, or any security clearances to handle such private information.
When Facebook goes bankrupt, like Yahoo did, then what is the first thing that they will do? They will immediately sell off all that valuable data that they have collected on the population for nearly 20 years.
What they have taken from us, is the right to be forgotten. The right to control the privacy of our lives, after we die. Sure, some people may not mind having all of their private digital history published, for all the world to see. But for some other people, we want to maintain that privacy, and take it to our grave.
[+] [-] jaredklewis|8 years ago|reply
This argument feels so weird to me. We have a group of self-interested companies that that will sell your privacy for a nickel (Google, Facebook, etc...) and then we have a government that values your privacy at nothing. The government views even trying to keep your matters private (like encrypting your phone, as advocated by the big, self interested companies) as being inherently linked with crime and terrorism. And we now we want the government (you know, the “if you have nothing to hide you have nothing to fear” guys), to be in charge of regulating internet privacy? Thanks, but no thanks.
Given how much the majority US congress cares about privacy (almost 0) and how little they understand technology, I am quite sure whatever they create would be a giant cluster fuck.
In Germany or some other place with enlightened politicians? Yes, please, go ahead. But dear god if the FCC or some such is put charge or regulating privacy it’s going to make the TSA look like geniuses.
[+] [-] rmc|8 years ago|reply
[+] [-] newscracker|8 years ago|reply
[+] [-] craftyguy|8 years ago|reply
You don't have to. You can start today by not giving facebook any more information (stop using their service). If facebook bleeds enough users, maybe they'll become motivated to change. I seriously doubt, at least in the US, that we'll see any legislation that forces them to change here.
[+] [-] PacifyFish|8 years ago|reply
[+] [-] axau|8 years ago|reply
[+] [-] zimbatm|8 years ago|reply
Both companies are tracking users and Google is doing this even more than Facebook.
[+] [-] hjnilsson|8 years ago|reply
[+] [-] JustSomeNobody|8 years ago|reply
[+] [-] jpkeisala|8 years ago|reply
[+] [-] allthenews|8 years ago|reply
[+] [-] mseebach|8 years ago|reply
If they refuse, the government can seize any assets Facebook might hold in Belgium, possibly other EU countries, they could block or fine Belgian companies and individuals that do business with Facebook and such things, and escalate all the way to issuing warrants for Facebook executives' arrests, which with the European Arrest Warrant could be effectuated across the EU.
https://www.bloomberg.com/news/articles/2017-01-09/volkswage...
[+] [-] mtgx|8 years ago|reply
https://www.reuters.com/article/us-facebook-belgium/facebook...
Or is this a different case?
[+] [-] ctx|8 years ago|reply
The current process started a couple of months ago: https://deredactie.be/cm/vrtnieuws.english/News/1.3080677
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] meddlepal|8 years ago|reply
[+] [-] smallbigfish|8 years ago|reply
At least that's what they do in my EU country.
[+] [-] mirceal|8 years ago|reply
[+] [-] halukakin|8 years ago|reply
[+] [-] zenhack|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] ansh0l|8 years ago|reply
Alternatively, how does it affect me?
[+] [-] rockinghigh|8 years ago|reply
[+] [-] KanyeBest|8 years ago|reply
They still record your IP address and link it to all the sites you visit that have a facebook script.
[+] [-] squarefoot|8 years ago|reply
[+] [-] detaro|8 years ago|reply
Since in general evidence for these things is not collected by grabbing local servers and searching them, this doesn't really give them any benefit.
[+] [-] argimenes|8 years ago|reply
[+] [-] hokus|8 years ago|reply
[+] [-] larrysalibra|8 years ago|reply
[+] [-] txru|8 years ago|reply
Yes, journalism makes a bunch of money from ad impressions collected by cookies and trackers right now. No, a lot of the actors in the business don't want it that way, but they still want to earn a paycheck for the time being.
Further, I'm sure that journalists have no control over their specific page-- they can't just say "Oh it would look pretty bad if there was a content tracker on this specific page, so let's demonetize this article". No, the paper has a policy for how they collect their revenue, and I guarantee that that department is well separated from the journalism department.
Sometimes people climb hills to get to the mountains. We don't say "Why aren't you climbing mountains, I thought you were a mountain climber!? You must be a crappy mountain climber if you only climb hills.".
[+] [-] kenning|8 years ago|reply
[+] [-] sctb|8 years ago|reply
[+] [-] matt4077|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] limnatic|8 years ago|reply
[deleted]