It's fascinating to watch how tech companies react to restrictive EU privacy laws. Many of the EU requirements (e.g. 'right to be forgotten', mandatory opt-in for cookies) could become a real hindrance for companies that want to build intelligent services and minimized user experiences.
Call me crazy, but it seems like when you get to use a free service or website that costs many millions of dollars to develop, giving the company access to your data is a fairly small price to pay.
I'm waiting for one of these legal actions to cause a company like Facebook to just shut down their service in the local area, and leave a landing page with the email addresses of all the politicians who provoked the outage.
>Call me crazy, but it seems like when you get to use a free service or
website that costs many millions of dollars to develop, giving the company
access to your data is a fairly small price to pay.
Except I don't use Facebook. I don't use any Google service beyond the
occasional visit to Youtube, either. They still try to get my data. The amount
of filters, blacklists and blockers you need to be safe from these leeches is
utterly ridiculous. This has nothing to do with a free internet anymore.
If you consider handing you're data over to a company a "payment" for their
services, then what Facebook, Google and all these other Big Data companies
are doing to the people who don't use their services, yet are still tracked, is
nothing short of theft, and this needs to stop.
Besides, most people aren't even really aware of this "payment". They can't make
an informed choice - and it's of course not in the interest of Google or
Facebook to educate their users about this, even though it's their responsility,
nay, duty - and that needs to be made the law, because otherwise they sure as
hell won't move a finger.
And frankly, I don't give even half a shit for "intelligent services and
minimized user experiences" if they come at the cost of essential liberties. I
don't think I need to reproduce Franklin's famous quote here - it applies to
convenience just the same as to safety.
I'm waiting for one of these legal actions to cause a company like Facebook to just shut down their service in the local area, and leave a landing page with the email addresses of all the politicians who provoked the outage.
People in the EU (and Germany in particular) don't care for massive privately held databases that can be used to target individuals. They have had enough bad experiences with secret police forces, and that's why there are strict limits on data gathering and retention.
> it seems like when you get to use a free service or website that costs many millions of dollars to develop, giving the company access to your data is a fairly small price to pay.
Unfortunately, using Facebook is hardly a free choice anymore. I personally don't use it, but I have no delusions about the cost that comes with resisting. You miss out on events, news and connections. And because of Facebook's ubiquity, no other social network is a complete substitute. Some employers and dating advice columnists even find it "suspicious" when someone isn't on Facebook:
So there's a lot of pressure to use it. And while you can choose not to have an account, you can't choose to live in a world where Facebook doesn't exist. Even if you never touch the site, people can take photos of you and write status updates about you and post them there, and that affects your privacy. A sociologist I follow has written a good (slightly more theoretical) analysis of this problem:
As for giving away your data being a "small price to pay", we'll have to disagree on that. Some people value their privacy more than others. And due to the above, we're limited in our ability to make an individual decision to preserve that privacy. Hence, I applaud the strict EU privacy laws and wish we had stronger privacy protections in the US as well.
The laws are "restrictive" in the sense that they don't like opt-out mechanisms. They place few if any restrictions what a company can do if the user actively opts in.
If the personal data price is such a small to pay, convincing your users of that shouldn't be too much of a problem?
"I'm waiting for one of these legal actions to cause a company like Facebook to just shut down their service in the local area, and leave a landing page with the email addresses of all the politicians who provoked the outage."
Hahaha. You are thinking like an American, not as an European.
If facebook is shut down in Europe you will be surprised at the outcome. People here trust the government and distrust companies. In USA it is the opposite.
email addresses of the politicians? :-DDDDDDDDDDDDD
No, seriously, you need to live some time in Europe to understand the culture here.
> giving the company access to your data is a fairly small price to pay.
If we're going to think of privacy invasions as "fees" for the service, let's consider another scenario. Imagine facebook was a paid service and you gave them your credit card. You had already consented to a price of $3, however without telling you they added a new service and changed the price to $5. Automatically you're billed for the bigger amount next month. If you don't want the new service you have to opt-out. Would that be equally okay?
I'm waiting for one of these legal actions to cause a company like Facebook to just shut down their service in the local area, and leave a landing page with the email addresses of all the politicians who provoked the outage.
This would be really interesting. But judging by the notorious German copycat startup industry, they would most likely develop a replica of that site.
On a more serious note: I noticed recently that a massive amount of music related videos are blocked on YouTube for all German IP addresses. Instead they show a notice, that the German music-rights organization is preventing this video to be played, i.e. Google has already entered the naming and shaming game. But there seems to be relatively little outcry and people apparently just accept it.
I guess people from outside of the US are already used to the fact that US based companies are often not acting in their best interest.
Errm, you do realise the "local area" of the European Union comprises of 27 members states/countries and according to Wikipedia:
With a combined population of over 500 million inhabitants, or 7.3% of the world population, the EU, in 2011, generated a nominal gross domestic product (GDP) of 17.6 trillion US dollars, representing approximately 20% of the global GDP when measured in terms of purchasing power parity.
I'd like to see which company has the balls to pull out of that market.
Many of the EU requirements (e.g. 'right to be forgotten', mandatory opt-in for cookies)
Just to note: The "right to be forgotten" is not EU law yet. There are some changes to the EU Data Protection law coming up, that's one of them, but it's not EU law now.
"I'm waiting for one of these legal actions to cause a company like Facebook to just shut down their service in the local area, and leave a landing page with the email addresses of all the politicians who provoked the outage."
I wonder how the German data protection office might respond if they realized Google probably have the largest database of images in the world, is trying to put cameras in everyone's glasses, and already owns 2 face recognition companies (Neven Vision, Pittpatt)
If I remember correctly you ran the risk of having your Facebook account closed if you made a freedom of information request via it's Irish subsidiary for all that paper work linked to your account.
Therefore I'd imagine a similar response will be generated by FB if they are forced to comply with the latest complaint.
Clarification, in Ireland "Freedom of Information" is for government bodies. It's "Data Protection" law (which is the personal data of you held by anyone, government & private companies)
Do you actually have a link to that? I don't recall reading that Facebook would close your account if you requested information about yourself. That seems really punitive.
Dotcom was arrested by New Zealand Police, cooperating with FBI. Copyright is governed by international agreements, one of which is Berne Convention, first signed in 1886. New Zealand and US are Berne Convention signatories.
To be essentially the same, first US would sign Data Protection Directive, then Germany would request FBI to cooperate, and FBI would raid Facebook HQ.
That's not what happened. Kim Dotcom was arrested by NZ police.
Just about all extradition treaties require "double criminality", where the person is extradited on a thing that's a crime in both countries. The USA does not have these data protection laws, so the USA is highly unlike to extradite to a country where that's illegal.
The answer is because they respect the rule of law, a better analogy would be why can't germany use drone strikes or extraordinary rendition against Zuckerberg.
Twas quite clever of Facebook to set up in Ireland (and not just for the 12½% corporation tax rate). It can be a large employer in a small fish, and the Irish government is desparate to be seen to be doing something about jobs (hence any job losses from a household name would be very embarassing).
As a result, I wouldn't be too suprised if some squeeze was placed on the Data Protection Office. "Oh you want more funding... Well..."
I wonder if this is one of the reasons the EU wants to overhaul the Data Protection law so that EU citizens can complain to their national data protection office, not just the one the company is in.
Facebook has offices in a number of EU countries, including (but not limited to) offices in London (UK), Hamburg (Germany), Brussels (Belgium), Amsterdam (Netherlands), Paris (France), Madrid (Spain), and Stockholm (Sweden).
"Collected in Germany". It is nice to see how politics and law keep applying physical verbs to non-physical infrastructure. If you ask around you will see that there are almost as many definition of "done XXX in contry YYY" as the number of country out there: some national law see it as "the client is in YYY", other as "the server is in YYY", other as "the infrastructure is in YYY", other as "both the client and the server are in YYY" and so on.
It is very hard to be a law-abiding citizen or business on the Internet when there are heaps of contrasting laws.
I just don't see how FB currently gets that much value out of its facial recognition DB. As far as I can tell, as an end-user, it makes it easier to tag people because FB will suggest named tags (sometimes hilariously wrong).
But this is a minor convenience. If I really do want to tag a photo, then I'm already in a curation mindset and willing to put up with the precious second it takes to type in the first two-three characters of a friend's name.
At this point, FB, with those two characters, has enough information to make a 95% accurate guess...because it also has my entire history of interactions with friends, including all past tagging behavior. It obviously can derive a prediction that weights more recent tagging behavior (on the premise that I'm likely to have hung out with the same friends as I did last week)...and bingo, by the time I've typed the third character, Facebook has it narrowed down to the right person.
So why even bother keeping the facial recognition data?
...I'm not so naive to think that there aren't other applications of this facial-recognition data. I'm just pointing out that FB has nearly all the non-visual data needed to guess who is in a photo without applying any computer-vision techniques.
And that non-visual data (the history of a user's interactions) has way more predictive value on behavior than a facial-recognition DB... So given that the general public is more disturbed by things relating to physical appearance, if I were FB, I'd just give up this fight and carry on collecting all the non-visual data that they have so far.
* edit:
Along the same lines...this decision seems to be based on how FB collected this data without users explicit consent. Well, under this argument, doesn't FB collect interaction data without user consent?
Say my friend Bob continually posts on my wall, pokes me, sends me direct messages, etc. FB, without my consent, will have enough interaction data to peg me as Bob's special confidante...without any interaction on my part.
Isn't this the complaint with the face data? That my friends can tag my face and thus give FB a decent idea of my appearance? Well, my friends can also give FB a decent idea of my preferences in a variety of arenas by how they converse and interact with me...so if opt-in is the issue, isn't all of FB data up for destruction?
> Along the same lines...this decision seems to be based on how FB collected this data without users explicit consent. Well, under this argument, doesn't FB collect interaction data without user consent?
Biometric data is usually a much more touchy subject than anything else. But yes there are also people who think that interaction data (logs) collection should be opt-in.
Being able to cluster similar faces together and ask me in a single question "We think this is Jon Smith. [Correct] [Incorrect]" so I can tag my entire album in one click, would be powerful and something I'd want, since my album of 100 photos probably only has 2 or 3 people in it anyway.
Sometimes I wonder if the US Government will somehow use Facebook photos to track people, even if they themselves don't have a Facebook account. I find the idea of something like that creepy.
Every database out there can be used for evil. Whether if it's facial fingerprint or anything else. I never liked Face.com and facebook's decision to buy them. The ability of a photograph being used to track me anywhere there is a camera is not the future I want to be part of.
I don't like the Facebook facial recognition thing either. Or when someone tags me on photos that they have uploaded. I think its creepy when someone else posts my photo, then I start getting comments on it. This should be opt-in, not opt-out.
Of course they realize that the NSA already has a full copy?
You might think: so what, I'm not a terrorist.
But think twice, because people opposing US interests (and the interests of some of the most powerful lobbies, like MPAA & RIAA) are increasingly being afforded the treatment you'd expect for a terror suspect.
> But think twice, because people opposing US interests (and the interests of some of the most powerful lobbies, like MPAA & RIAA) are increasingly being afforded the treatment you'd expect for a terror suspect.
While the NSA having this tech can be worrisome, there is zero chance they are going to blow their load by revealing they have it to catch someone doing copyright infringement, no matter how much control you think the maFIAA exerts.
[+] [-] daveman|13 years ago|reply
Call me crazy, but it seems like when you get to use a free service or website that costs many millions of dollars to develop, giving the company access to your data is a fairly small price to pay.
I'm waiting for one of these legal actions to cause a company like Facebook to just shut down their service in the local area, and leave a landing page with the email addresses of all the politicians who provoked the outage.
[+] [-] slowpoke|13 years ago|reply
Except I don't use Facebook. I don't use any Google service beyond the occasional visit to Youtube, either. They still try to get my data. The amount of filters, blacklists and blockers you need to be safe from these leeches is utterly ridiculous. This has nothing to do with a free internet anymore.
If you consider handing you're data over to a company a "payment" for their services, then what Facebook, Google and all these other Big Data companies are doing to the people who don't use their services, yet are still tracked, is nothing short of theft, and this needs to stop.
Besides, most people aren't even really aware of this "payment". They can't make an informed choice - and it's of course not in the interest of Google or Facebook to educate their users about this, even though it's their responsility, nay, duty - and that needs to be made the law, because otherwise they sure as hell won't move a finger.
And frankly, I don't give even half a shit for "intelligent services and minimized user experiences" if they come at the cost of essential liberties. I don't think I need to reproduce Franklin's famous quote here - it applies to convenience just the same as to safety.
[+] [-] anigbrowl|13 years ago|reply
People in the EU (and Germany in particular) don't care for massive privately held databases that can be used to target individuals. They have had enough bad experiences with secret police forces, and that's why there are strict limits on data gathering and retention.
[+] [-] graue|13 years ago|reply
Unfortunately, using Facebook is hardly a free choice anymore. I personally don't use it, but I have no delusions about the cost that comes with resisting. You miss out on events, news and connections. And because of Facebook's ubiquity, no other social network is a complete substitute. Some employers and dating advice columnists even find it "suspicious" when someone isn't on Facebook:
http://www.forbes.com/sites/kashmirhill/2012/08/06/beware-te...
So there's a lot of pressure to use it. And while you can choose not to have an account, you can't choose to live in a world where Facebook doesn't exist. Even if you never touch the site, people can take photos of you and write status updates about you and post them there, and that affects your privacy. A sociologist I follow has written a good (slightly more theoretical) analysis of this problem:
http://thesocietypages.org/cyborgology/2012/05/21/a-new-priv...
As for giving away your data being a "small price to pay", we'll have to disagree on that. Some people value their privacy more than others. And due to the above, we're limited in our ability to make an individual decision to preserve that privacy. Hence, I applaud the strict EU privacy laws and wish we had stronger privacy protections in the US as well.
[+] [-] Atropos|13 years ago|reply
If the personal data price is such a small to pay, convincing your users of that shouldn't be too much of a problem?
[+] [-] forgottenpaswrd|13 years ago|reply
Hahaha. You are thinking like an American, not as an European.
If facebook is shut down in Europe you will be surprised at the outcome. People here trust the government and distrust companies. In USA it is the opposite.
email addresses of the politicians? :-DDDDDDDDDDDDD
No, seriously, you need to live some time in Europe to understand the culture here.
[+] [-] swalsh|13 years ago|reply
If we're going to think of privacy invasions as "fees" for the service, let's consider another scenario. Imagine facebook was a paid service and you gave them your credit card. You had already consented to a price of $3, however without telling you they added a new service and changed the price to $5. Automatically you're billed for the bigger amount next month. If you don't want the new service you have to opt-out. Would that be equally okay?
[+] [-] stfu|13 years ago|reply
This would be really interesting. But judging by the notorious German copycat startup industry, they would most likely develop a replica of that site.
On a more serious note: I noticed recently that a massive amount of music related videos are blocked on YouTube for all German IP addresses. Instead they show a notice, that the German music-rights organization is preventing this video to be played, i.e. Google has already entered the naming and shaming game. But there seems to be relatively little outcry and people apparently just accept it.
I guess people from outside of the US are already used to the fact that US based companies are often not acting in their best interest.
[+] [-] kamjam|13 years ago|reply
With a combined population of over 500 million inhabitants, or 7.3% of the world population, the EU, in 2011, generated a nominal gross domestic product (GDP) of 17.6 trillion US dollars, representing approximately 20% of the global GDP when measured in terms of purchasing power parity.
I'd like to see which company has the balls to pull out of that market.
[+] [-] iamben|13 years ago|reply
[+] [-] rmc|13 years ago|reply
Just to note: The "right to be forgotten" is not EU law yet. There are some changes to the EU Data Protection law coming up, that's one of them, but it's not EU law now.
[+] [-] thinkingisfun|13 years ago|reply
Same here! They'd be heroes overnight.
[+] [-] coldarchon|13 years ago|reply
[deleted]
[+] [-] forgotusername|13 years ago|reply
[+] [-] Irishsteve|13 years ago|reply
Therefore I'd imagine a similar response will be generated by FB if they are forced to comply with the latest complaint.
[+] [-] rmc|13 years ago|reply
Clarification, in Ireland "Freedom of Information" is for government bodies. It's "Data Protection" law (which is the personal data of you held by anyone, government & private companies)
[+] [-] swang|13 years ago|reply
[+] [-] mtgx|13 years ago|reply
[+] [-] chmod775|13 years ago|reply
[+] [-] sanxiyn|13 years ago|reply
To be essentially the same, first US would sign Data Protection Directive, then Germany would request FBI to cooperate, and FBI would raid Facebook HQ.
[+] [-] rmc|13 years ago|reply
Just about all extradition treaties require "double criminality", where the person is extradited on a thing that's a crime in both countries. The USA does not have these data protection laws, so the USA is highly unlike to extradite to a country where that's illegal.
[+] [-] fleitz|13 years ago|reply
[+] [-] ihsw|13 years ago|reply
[+] [-] rmc|13 years ago|reply
As a result, I wouldn't be too suprised if some squeeze was placed on the Data Protection Office. "Oh you want more funding... Well..."
I wonder if this is one of the reasons the EU wants to overhaul the Data Protection law so that EU citizens can complain to their national data protection office, not just the one the company is in.
[+] [-] aggronn|13 years ago|reply
[+] [-] gsnedders|13 years ago|reply
[+] [-] gioele|13 years ago|reply
"Collected in Germany". It is nice to see how politics and law keep applying physical verbs to non-physical infrastructure. If you ask around you will see that there are almost as many definition of "done XXX in contry YYY" as the number of country out there: some national law see it as "the client is in YYY", other as "the server is in YYY", other as "the infrastructure is in YYY", other as "both the client and the server are in YYY" and so on.
It is very hard to be a law-abiding citizen or business on the Internet when there are heaps of contrasting laws.
[+] [-] danso|13 years ago|reply
But this is a minor convenience. If I really do want to tag a photo, then I'm already in a curation mindset and willing to put up with the precious second it takes to type in the first two-three characters of a friend's name.
At this point, FB, with those two characters, has enough information to make a 95% accurate guess...because it also has my entire history of interactions with friends, including all past tagging behavior. It obviously can derive a prediction that weights more recent tagging behavior (on the premise that I'm likely to have hung out with the same friends as I did last week)...and bingo, by the time I've typed the third character, Facebook has it narrowed down to the right person.
So why even bother keeping the facial recognition data?
...I'm not so naive to think that there aren't other applications of this facial-recognition data. I'm just pointing out that FB has nearly all the non-visual data needed to guess who is in a photo without applying any computer-vision techniques.
And that non-visual data (the history of a user's interactions) has way more predictive value on behavior than a facial-recognition DB... So given that the general public is more disturbed by things relating to physical appearance, if I were FB, I'd just give up this fight and carry on collecting all the non-visual data that they have so far.
* edit:
Along the same lines...this decision seems to be based on how FB collected this data without users explicit consent. Well, under this argument, doesn't FB collect interaction data without user consent?
Say my friend Bob continually posts on my wall, pokes me, sends me direct messages, etc. FB, without my consent, will have enough interaction data to peg me as Bob's special confidante...without any interaction on my part.
Isn't this the complaint with the face data? That my friends can tag my face and thus give FB a decent idea of my appearance? Well, my friends can also give FB a decent idea of my preferences in a variety of arenas by how they converse and interact with me...so if opt-in is the issue, isn't all of FB data up for destruction?
[+] [-] tonfa|13 years ago|reply
Biometric data is usually a much more touchy subject than anything else. But yes there are also people who think that interaction data (logs) collection should be opt-in.
[+] [-] orijing|13 years ago|reply
[+] [-] RexRollman|13 years ago|reply
[+] [-] spoiledtechie|13 years ago|reply
I so welcome their input and applaud their effort!
[+] [-] salimmadjd|13 years ago|reply
[+] [-] mike_ivanov|13 years ago|reply
[+] [-] andyl|13 years ago|reply
[+] [-] andrewpi|13 years ago|reply
[+] [-] tedunangst|13 years ago|reply
[+] [-] ta12121|13 years ago|reply
[+] [-] rmc|13 years ago|reply
[+] [-] hastur|13 years ago|reply
You might think: so what, I'm not a terrorist. But think twice, because people opposing US interests (and the interests of some of the most powerful lobbies, like MPAA & RIAA) are increasingly being afforded the treatment you'd expect for a terror suspect.
[+] [-] philwelch|13 years ago|reply
[citation needed]
[+] [-] jlgreco|13 years ago|reply
[+] [-] chmod775|13 years ago|reply
[+] [-] danielweber|13 years ago|reply