
Facebook’s tracking of non-users ruled illegal again in Europe - pdcerb
https://techcrunch.com/2018/02/19/facebooks-tracking-of-non-users-ruled-illegal-again/
======
fouc
>“The cookies and pixels we use are industry standard technologies and enable
hundreds of thousands of businesses to grow their businesses and reach
customers across the EU,” said Facebook’s VP of public policy for EMEA

If it is "industry standard", does that make it ethical?

~~~
derefr
I think the implication is more, "why are you only paying attention to _us_?
If you think this is a bad practice, then you should be going after _our
competitors_ , too."

Corporations tend not to mind if you take away a business strategy of theirs,
as long as you take it away from everybody else at the same time. If you only
take it away from one corporation, that corporation will be temporarily
outcompeted by the corporations you haven't yet taken the business strategy
away from, so they heavily resist that.

~~~
colmvp
Funny. If your site drops dramatically on Google's search results, or if
YouTube/Facebook bans your account for reasons, tough luck. They are a
corporation and can do whatever they want without resorting to any sort of
internal consistency.

But heaven forbid governments hold a dominant corporation accountable in the
public interest.

~~~
EggsOnToast
>Funny. If your site drops dramatically on Google's search results, or if
YouTube/Facebook bans your account for reasons, tough luck. They are a
corporation and can do whatever they want without resorting to any sort of
internal consistency.

That's not really relevant to the parent's observation that Facebook is likely
arguing that they're being singled out in an environment where their practices
are so rampant as to be standard.

>But heaven forbid governments hold a dominant corporation accountable in the
public interest.

"accountable to the public interest" is an incredibly disingenuous way to say
"enforce their laws". The difference matters in this context because the
counter argument would be "why is the law being enforced predominantly against
a handful of American companies instead of the industry at large?"

~~~
ludston
This law has to be enforced somewhere first.

Either it is enforced against Facebook first, and Facebook complains "Why
don't all of the the small fries have to do it yet" and if it is enforced
against the small fries, they will say, "Why doesn't Facebook have to do it
yet"?

And the answer is, the justice department will probably enforce the law in the
way that the expect to have the best effect for themselves. It is not
necessary to wait until you are sued before you become legally compliant?

~~~
prostoalex
That’s not typically how things usually work.

When a government agency (think IRS or FAA) decides on a specific
interpretation of a law, rule or regulation, they don’t go after a random guy
to prosecute. They publish an opinion, a guideline, or interpretation and a
compliance deadline. The industry is given a choice to comply or present an
alternative interpretation (through courts, lobbyists or legislative
representatives).

It’s one thing if one company out of a hundred doesn’t comply, and somewhat
different when the standard industry practice goes against new interpretation.

Selective encorcement is more typical of countries with weak judicial systems
and endemic corruption, where “friends” of the current government get
compassionate understanding, but everybody else is subject to the strict rule
of the law.

~~~
anigbrowl
Europe hews to somewhat different legal and administrative philosophies from
the US, and I don't think the EU is any more corrupt than the US, arguably
less so. This subject is discussed very well in a favorite little book,
_Adversarial Legalism_ by Robert Kagan.

~~~
TomMarius
I don't know what you mean by EU, but most of EU countries except for the west
are more corrupt than the US.

EDIT: Downvotes? I'm stating facts. How can you downvote facts?

~~~
krisdol
EU stands for European Union.

~~~
TomMarius
Yeah but the great-GP's statement is incorrect if he means the European Union
as it is now, so he logically must mean something else, e.g. EU before the
2004/2007 enlargement (he might not know that it happened, the most corrupt
countries joined during those and thus moved the average) etc. He also
might've meant the EU as in the organization itself which is a completely
different meaning with completely different results.

~~~
_Tev
> the great-GP's statement is incorrect if he means the European Union as it
> is now, so he logically must mean something else

E.g. your assumptions being incorrect. You could have avoided a lot of
downvotes with showing some humility. Assuming someone does not know about
large shifts in EU membership seems like argument in bad faith.

------
mziel
Looking forward to May (when GDPR officially comes into force). Provided that
it doesn't end up like the cookie law (and there are explicit provisions in
GDPR and ePrivacy to avoid that) this might shake up the ad industry:

* Explicit consent for non-essential data use, you always need to provide opt-out without degrading the service

* Opt-in/out separately for every activity (no more "research purposes")

* Data deletion and takeout. Maybe in the future EU will also introduce some standards for the takeout, which will allow us to migrate between services much easier (as we now can switch between banks or telcos in a semi-automatic way)

~~~
tzs
Note: the following questions are not because I'm trying to figure out how to
work around GDPR. They are to help figure out just what the meaning of it is.
Imagining hypotheticals that try to work around a law is a common method in
legal circles for clarifying the law. My employer does not keep any data that
would be problematic, and compliance looks like it will be pretty easy for us
[1].

> Explicit consent for non-essential data use, [...]

This raises a bunch of questions. Anyone know the answer to any of these?

1\. Suppose that the data is used to pay for keeping the site afloat? Does
that make it essential?

> [...] you always need to provide opt-out without degrading the service

2\. Suppose my site is presented as a site that has basic and premium content.
The premium content is behind a subscription paywall.

On the paywall, it offers to waive the subscription fee if you consent to non-
essential data use. If you either do not consent, or, after consenting later
change your mind and opt-out, is it "degrading the service" if I no longer let
you have access to the material behind the paywall?

3\. In #2, does it matter if that's how my site works for people that I can
identify as being the EU, but works different for people elsewhere (e.g., for
people in the US it collects data on everyone and does not offer the option to
pay)?

4\. Suppose I just say "the hell with this...I don't want to deal with GDPR",
and have my site ask first time visitors if they are in the EU or EU citizens.

If they say that are not, I set a cookie that records this, and they get my
normal site, which only follows whatever data collection rules my country
imposes.

If they say they are, I just send them to a page that says EU people are not
allowed to use my site.

What's the situation if someone inside the EU lies and tells me that they are
not in the EU? Am I in violation of GDPR for keeping forbidden data on them,
or does their lying to me count as consent?

[1] In fact, most of the data we keep on EU customers is data that we don't
even want to keep, but the EU is _requiring_ us to keep it for VAT MOSS
reporting. Before VAT MOSS, all our EU sales went through a UK entity, and we
paid UK VAT on all of them, which required much less information for
reporting.

~~~
tscs37
>1\. Suppose that the data is used to pay for keeping the site afloat? Does
that make it essential?

If you use the data for bank transactions or paypal subscriptions it's
essential.

If you sell the data for profit, it might be essential but it falls under
"opt-in only" of the GDPR. So in this part; not essential in the above sense.

>2\. Suppose my site is presented as a site that has basic and premium
content. The premium content is behind a subscription paywall.

Subscription paywall is fine. What isn't fine is degrading the service if the
user opts out of having trackers included in the website when they visit.

>3\. In #2, does it matter if that's how my site works for people that I can
identify as being the EU, but works different for people elsewhere (e.g., for
people in the US it collects data on everyone and does not offer the option to
pay)?

GDPR only applies when you target people currently in the EU (citizen or not)
and EU citizens outside the EU.

>4\. Suppose I just say "the hell with this...I don't want to deal with GDPR",
and have my site ask first time visitors if they are in the EU or EU citizens.

If they say no, I would say that is okay to believe considering the GDPR also
requires a "Are you 16" question. Ask a lawyer.

~~~
icebraining
_EU citizens outside the EU._

Where is this specified? It's not what I understood from Recital 23†; as far
as I can tell, it applies if _the business_ is established in the EU or if the
user is in the EU, but not to EU citizens outside the EU (if the business is
foreign).

† [https://gdpr-info.eu/recitals/no-23/](https://gdpr-info.eu/recitals/no-23/)

~~~
majewsky
I read your link, and I think it depends on what "being in" means in the
phrase "data subjects who are in the [European] Union". It could refer either
to physical location (as in "I am in Germany") or to membership (as in
"Germany is in the EU"), or possibly to both. I would also expect it to refer
to physical location after reading this, but I'm most definitely not a lawyer.

~~~
icebraining
Germany is not a data subject, so I don't think it can be read that way.
Others agree: [https://www.linkedin.com/pulse/gdpr-does-apply-eu-
citizens-g...](https://www.linkedin.com/pulse/gdpr-does-apply-eu-citizens-
gregory-albertyn/)

------
dalbasal
Two kind of related points.

The jurisdiction stuff is disturbing. Having separate rules/rulings for
Belgium, Turkey, Venezuela, etc... It's (a) not practical and will end up
helping incumbents .(b) It really curbs the internet's ability to promote an
open information norm.

Privacy _is_ an issue and we need to do something about it. But, I have a real
feeling cencorship, corporate-protectionism, copyright and other agendas
_will_ tag along, once the legislature-courts-enforcement complex is up and
running. The sorry state of international law/governance isn't helping,
including even the EU.

Meanwhile, the recent history of legislative action (eg, the "cookie laws")
are not encouraging. I don't think legislators were even aware that it would
amount to nothing more than nag screens and terms of use. Don't use incognito,
or every site will nag you again, your consent is mandatory and stored as
cookie, for extra irony.

Ultimately, these things would have been better dealt with at the
standards/protocols/browsers level, but I think that ship has sailed.

~~~
jakobegger
I’m looking forward to the GDPR. It seems to target all the failures of the
cookie law.

The GDPR will not allow blanket consent statements, it will not allow
“permission bundling” (eg. allow acces to everything or you can’t use the
site).

The changes Twitter rolled out in preparation of the GDPR look like a good
thing.

We’ll see how it turns out, but I think the GDPR will actually force companies
to change, beyond cosmetic changes. And since it is valid for all “data
subjects” in the EU, companies will have to consider that. The EU is too large
a market that companies can ignore it.

~~~
zmb_
> it will not allow “permission bundling” (eg. allow acces to everything or
> you can’t use the site)

This is something I have not been able to come to terms with. I can understand
requiring express consent to each item individually, rather than burying
everything into a long ToS. But what I cannot understand is forcing me (as a
service provider) into a contract with a customer even if the customer rejects
some of my terms.

~~~
Angostura
> But what I cannot understand is forcing me (as a service provider) into a
> contract with a customer even if the customer rejects some of my terms.

I'm not sure what gives you that impression. If the customer rejects the
terms, you are free to walk away.

~~~
PeterisP
GDPR requires consent to be freely given. If customer A rejects the terms and
you "walk away" and deny the service, then if customer B clicks accept, you
still can't interpret it as freely given consent and nothing customer B does
will give you the permission to process customer B's data.

The GDPR position is that the privacy rights are not something that customers
can "trade away" in a contract, they're not for sale. If the customer
genuinely wishes you to do that processing, you're allowed to do so; and if
they don't, then that processing shouldn't be done at all.

The way it's written it has some similarities with sexual consent - just as a
valid signed contract stating "I'll allow you to violate my arse for $1000000"
legally cannot be a binding contract term (even in places where prostitution
is legal) doesn't really give you the unconditional permission to violate my
arse and that consent can still be withdrawn at any time; in the same manner a
contract stating "I'll allow you to violate my privacy for $1000000" cannot be
a binding contract term in any consumer contract according to GDPR. Just as
many, many other terms in EU consumer contracts (e.g. binding arbitration
clauses, voiding of warranties, excessive penalty clauses, unilateral changes
in terms, etc) - even if the company puts it into the agreement and the
consumer signs, they are considered automatically unfair and unenforceable.

~~~
Angostura
> GDPR requires consent to be freely given. If customer A rejects the terms
> and you "walk away" and deny the service, then if customer B clicks accept,
> you still can't interpret it as freely given consent and nothing customer B
> does will give you the permission to process customer B's data.

Are we conflating two things here?

There are _agreements_ which you ask the customer to sign which are required
to provide the service: e.g "In order to send you the goods you required, you
have to give us your postal address. These must _only_ be used for the
purposes of the business - you can't sell the addresses, without consent.

Then there are _consents_ which are for non-essentials. e.g "We would also
like to send you our newsletter and for that you need to give us your e-mail
address".

The agreements are things that everyone needs to sign in order for you to
carry out the business with them. Consents are the optional things and should
be separated out.

Or am I misunderstanding you?

~~~
PeterisP
You're right, that's the whole point - the commonly accepted (pre-GDPR)
practice conflates these two things; and GDPR now requires them to be
separated, which is a major change both in practice and in attitude.

You can have "take it or leave it" agreements, and you can have consent, but
these are two separate things; it's not possible to obtain consent by putting
some words in a "take it or leave it" standard agreement.

------
kerng
One of the good things about HN is that the engineers working and building
these features are likely reading these posts too, I'm curious how one
implements these things. Are engineers (some of the brightest ones) not
realizing that some of their actions are ethically questionable, or is the big
picture not visible to the average engineer in a large company like FB? I
assume that many have the exact same reaction and don't think it's okat when
discussing this topic - can hardly see anyone defending the current status
quo.

~~~
anaganisk
Afaik software will be sane untill Lawyers and Finance execs are involved.
Once they are into your company no more great software.

~~~
Tarq0n
Is this a parody of the engineer's mindset?

One thing that always stands out to me on HN is how obsessed Silicon Valley is
with money, from top to bottom. There's plenty people on here that would
happily implement invasive tracking if they were compensated well enough for
it.

------
YeGoblynQueenne
Ironically, DuckDuckGo Privacy Essentials blocks 15 tracking networks on
TechCrunch, including connect.facebook.net.

~~~
Giroflex
Was about to post the same. Ghostery for me reports 22 trackers on the
website, 3 of which are from facebook, including the "pixel" tracker that is
mentioned in the article.

~~~
propogandist
Ghostery was bought out by another company looking to expand a privacy
browser, but original firm (now called Evidon) is in the business of data
mining information from Ghostery plugins -

"Ghostery’s B2B Digital Governance solutions will reassume the company’s
original Evidon brand, which focuses on monitoring and consent solutions
...Evidon will retain aggregated data about trackers, ensuring no change to
the service currently provided to its enterprise clients..."

Stick to something like uMatrix

~~~
christophertino
We no longer have any affiliation with Evidon, nor do we collect or sell any
data for third parties. Please feel free to review our source code.

[https://github.com/ghostery/ghostery-
extension/](https://github.com/ghostery/ghostery-extension/)

------
bryanrasmussen
What is Facebook's end game here, I don't get it. GDPR is around the corner,
it certainly won't fly under GDPR so why the jurisdiction argument even, the
days for tracking people without consent is numbered - a rational organization
would realize this.

I would think just say ok we stop doing it because we're going to have to stop
doing it anyway. But they're not stopping, what is the plan?!?

~~~
cantagi
If Facebook's business model is built around collecting and selling personal
data, and more than 4% of their revenue globally comes from EU citizens, then
they could decide to wilfully flout GDPR and just pay the maximum fine every
year.

Another way they could deal with it is by disputing the EU-US privacy
shield[1] or disputing the decision that overturned the original privacy safe
harbour[2]. IANAL so I have no idea how they would do this, but it will be
costly for ECJ and FB.

[1] [https://en.wikipedia.org/wiki/EU-
US_Privacy_Shield](https://en.wikipedia.org/wiki/EU-US_Privacy_Shield) [2]
[https://en.wikipedia.org/wiki/International_Safe_Harbor_Priv...](https://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principles)

~~~
Sylos
If a court rules that something you're doing violates the law, then that also
means that you actually have to stop doing it. Not stopping with it would be a
felony.

So, you can't just continuously pay fines whenever a court rules another time
that it's illegal. The fine for a felony is much higher and at some point,
you'd also simply be thrown out, or blocked in the case of Facebook, I
suppose.

------
halukakin
By saying "cookies and pixels" they are trying to downplay what they are
really doing. On a website where facebook pixel is installed, they track
pretty much every form submitted and even the contents of those form
submissions.

~~~
lotu
I think you dramatically overestimating the value that you might get from form
submissions, provided you are intending to commit identity fraud. Which
literally no-one is suggesting ad tracking is doing.

------
StreamBright
"enable hundreds of thousands of businesses"

sure, I guess the entire tech industry would be dead without tracking users

------
John_KZ
In order to make these decisions enforceable we need to collaborate with ISPs
to anonymize traffic. Government action is necessary. I've contemplated far
too long on this problem and there's no other solution. You can make them
_say_ that don't store your data, but that's pretty much always a lie. We can
build browsers that reject cookies, but you can't get rid of your IP. All
these services can simply track you through your IP. A significant change in
networking infrastructure is required, and I'm hopeful that quite a few
countries will resort to that soon for reasons of national security.

~~~
dpwm
There are many situations, think university or corporate networks, where you
cannot rely on the IP address for tracking. There are ISPs that don't have
enough IP addresses for users so they many-to-one NAT them and most users
won't even notice.

Even behind an ISP or corporate NAT with cookies disabled, there are other
ways of tracking. If JavaScript is enabled, browser fingerprinting can be very
disturbing in its ability to single you out, depending on your configuration.

More generally, I always found this obsession with tracking non-users one of
the creepier aspects of Facebook when I finally used it circa 2011 - 2012. The
amount of information it had about me that could only have come from web
browsing before I had signed up, such as local takeaways and restaurants I had
used, was impressive but unnerving.

~~~
koolba
Less so on a corporate network ad the vast majority of the machines are
running the exact same build, plugin sets, and usually hardware too.

------
pishpash
Good thing the EU exists as a human rights and consumer watchdog, even if some
may argue the protectionist angle, as the US is sure to do f all about it.

------
Monk_NT
It appears that the article was removed.

~~~
dschuetz
Can't read the article either w/ and w/o adblock. Briefly shows 'article not
found' then redirects to overview.

------
sxates
I just updated my home city to Brussels.

------
2aa07e2
My question is, will I be able to use gmail without my google searches being
tracked? Google did a great job to "bundle" its ToS into a single generic
agreement for all the services under that "Your Google account" umbrella. I
would love to opt out of that agreement, retroactively, and still be able to
use gmail.

~~~
Sir_Cmpwn
You can't interact with Google in any way without being tracked. Use
DuckDuckGo and another mail service like ProtonMail or your own self hosted
solution.

~~~
andrepd
Alternatively, if you find it hard to abandon Google's great search engine,
use a privacy-protecting intermediary, like startpage or searx.

------
sirmoveon
Morals and ethics are just a temporal deterrent in a social markup. We should
grow out of that fallacy and start facing issues directly. Until this is not
technicaly impossible to achieve, we will keep going down this path.

------
obblekk
It seems like there have been many recent setbacks for FB on the privacy side.
When do these setbacks begin to have material impact on the stock price?

~~~
Sylos
I'd be surprised, if it hasn't yet had an impact. As you say, there's been a
lot of losses for Facebook recently. I think, we're now up to 4 rulings of
Facebook's data use being illegal in the past two weeks.

People considering to buy stock and people owning stock should hopefully be
informed enough that noticed this.

There's also the GDPR upcoming in May. I cannot imagine that Facebook won't
make losses when that hits. They might be able to defer the impact by mostly
ignoring the law until they get sued, but ultimately it really just seems like
it's going to be downhill from here on, which is not what anyone looking to
buy stock is after.

------
billysielu
404 Not Found

------
anentropic
Yay Europe!

------
JepZ
> Facebook Comments Plugin

Just awesome...

------
xtf
Consequences?

------
vpribish
moral panic over cookies? cookies?! This has to be just some sort of populist
tribal signaling.

------
allthenews
You know, I am a pretty staunch supporter of minimalistic restrictions on
corporate behavior, putting faith instead in markets. But this seems like the
kind of problem I'd consider looking to solve through legislation.

Although I should say, not without hesitation, given the extreme discrepancy
between rates of change in tech and law. I would hate to see seemingly well
meaning legislation passed for something like this and then turned against us
by our friends at the NSA, for example.

~~~
dmix
If you're a supporter of minimal legislation then what's wrong with the courts
handling it, as in this case?

A major tech company tracking users across the web beyond their own limited
use-case platform is a relatively new phenomenon but now that it's been
established in the courts as a big financial and PR risk then there is a big
deterrent from future companies doing it. And often courts in other western
countries take note of precedence defined in major foreign courts to define
their own.

Formalizing this in legislation always seems to sound like a good idea in the
short-term. But in practice it's often really hard to define preemptive
regulatory systems that work efficiently (and relevant to todays realities),
especially in technology, as well as more expensive to enforce via
agencies/auditors, and will likely end up wastefully crossing over into many
areas/situations which are totally harmless in practice or having negative
side-effects which outweigh the benefits, such as harming innovation.

I'd rather we deal with negative behaviour on a case-by-case basis.

~~~
EggsOnToast
The enforcement of laws matters just as much as the quantity of the laws in my
opinion. In this case the argument being made by Facebook is basically
"everyone does this so why are we being selectively targeted?" Obviously it
makes sense to start with the biggest offenders but it's hard to believe that
the EU's apparent tunnel vision on applying the law to American companies is
because of a lack of resources.

~~~
cyphar
But Facebook and Google are the biggest and most flagrant offenders. It
wouldn't make sense to go after anyone else first, and you want to have a
precedent so you can go after other companies (or other companies will stop
committing crimes of their own volition because being litigated against is
expensive).

As for your belief that American companies are being unfairly targeted, this
also doesn't make much sense to me. European companies wouldn't break the laws
in the first place, Asian companies don't really compete in the European "web
services" market, so the only major source of rights violations is going to be
American companies.

If American companies don't want to follow European laws, they shouldn't be
doing business in Europe. And why are you complaining about in which order
those companies are being punished for breaking the law?

~~~
EggsOnToast
>European companies wouldn't break the laws in the first place, Asian
companies don't really compete in the European "web services" market, so the
only major source of rights violations is going to be American companies.

European companies are just as capable of violating the law as American
companies. Part of the argument being made by critics is that there's been
little sign that comparable effort has been made by European governance to
investigate its domestic companies as rigorously as it's been investigating
America's.

>If American companies don't want to follow European laws, they shouldn't be
doing business in Europe.

The counterpoint would be that the companies are only breaking the law because
the EU decided that its laws can be applied globally.

>And why are you complaining about in which order those companies are being
punished for breaking the law?

Because it's difficult to believe that there's only enough resources to
prosecute a handful of companies at a time.

~~~
cyphar
> European companies are just as capable of violating the law as American
> companies.

I never said they aren't capable, I said that they would generally choose not
to (not to mention that "hosted in Europe" is actually now becoming a bit of a
selling point because of the pro-privacy regulations there).

> Part of the argument being made by critics is that there's been little sign
> that comparable effort has been made by European governance to investigate
> its domestic companies as rigorously as it's been investigating America's.

European regulators are very strict with European companies in a variety of
ways. Just because it doesn't make international news every week is not proof
that it doesn't happen (I work for SUSE remotely and my impression is that the
German government is very meticulous about verifying that companies aren't
breaking the law.)

> The counterpoint would be that the companies are only breaking the law
> because the EU decided that its laws can be applied globally.

Facebook and Google do business with people in Europe (provide a service and
use them as ad-fodder). This is similar to exporting goods to Europe -- you
need to obey the laws of the country if you want to do business there. They
actually have an even better deal than than that, because there are no tariffs
for online communication! Not to mention that Facebook and Google have
physical hardware in European countries.

They aren't enforcing their rules globally, they're saying "if you want to
engage with our citizens you have to play by our rules." Facebook and Google
can always choose to block those countries (like they do Iran).

> Because it's difficult to believe that there's only enough resources to
> prosecute a handful of companies at a time.

This case was by a privacy watchdog, a private organisation. I find it very
believable that they don't have enough resources to sue the likely several
thousand American companies that are potentially violating EU laws. I also
would be surprised if the Belgian government had enough cash lying around to
do that too.

~~~
jcranmer
> European regulators are very strict with European companies in a variety of
> ways. Just because it doesn't make international news every week is not
> proof that it doesn't happen (I work for SUSE remotely and my impression is
> that the German government is very meticulous about verifying that companies
> aren't breaking the law.)

The obvious counterpoint here is the Volkswagen emissions scandal. Europe
generally went "oh, maybe we should make it harder to cheat on emissions"
whereas the US went "here's the fine for not meeting emissions, here's the
fine for cheating, oh by the way, you can't sell these cars anymore since they
don't meet emissions, and mind the class action lawyers on your way out." That
said, it could well be the cause that the EU would have been equally
nonplussed had GM been the heart of the scandal instead of VW, but there is
room to argue that Germany isn't treating domestic companies with the same
vigor that it does foreign ones.

~~~
cyphar
I think that's a fair point, and I completely agree that the emissions
scandals were horribly handled by the EU. For the record though, Germany
actually did an arguably better job than the EU commision (actually doing
investigations into the fraud and raiding several car companies), while the EU
appears to have done very little.

But neither have not done as well as Switzerland (banning VW diesel cars
entirely), South Korea (criminal case against VW executives), Netherlands
(class action and investigating the reacquisition of the subsidies paid to VW
previously), Australia (forced recalls and class action lawsuits), or America
(as you've already mentioned).

I don't know whether the car industry is the best example of "EU
interventionism" done right, given how central the car industry is to Europe's
enconomy (which is a whole different issue). I'm not sure whether they
would've treated non-EU companies differently.

------
fwdpropaganda
I'm genuinely surprised that in this thread we're not seeing the usual idea
that this is just the oppressive EU trying to exploit poor American companies.

Is it because the article relates to evil Facebook and not Google?

~~~
simion314
So if a court in country X finds the fact that tracking non FB users is
illegal the Americans should side with the criminal because X!=USA, Google and
FB are the biggest companies that do this illegal things so it is so obvious
that citizens and organization with sue this big companies and not some
obscure forum in country X(if there is such small company that can even track
users outside it's own website)

Also give me examples of EU companies that track users on most of the
internet.

~~~
fwdpropaganda
> So if a court in country X finds the fact that tracking non FB users is
> illegal the Americans should side with the criminal because X!=USA, Google
> and FB are the biggest companies that do this illegal things so it is so
> obvious that citizens and organization with sue this big companies and not
> some obscure forum in country X(if there is such small company that can even
> track users outside it's own website)

Not sure if I understood what you meant. I'm not saying that they should, I'm
saying that they often do. At least on HN.

~~~
simion314
US has many internet and software companies, you have FB, Google, Microsoft,
Apple , I can't even name an EU company, I know that SUSE Linux is in Germany
so it makes sense that on HN front page you will see this big companies and
not some small EU company.

As an example in Romania, Microsoft was caught doing illegal things, they
corrupted government people to buy tons of licenses, we should not wait for an
EU company to do the same before investigating this MS issue. The fact that
some other companies also bribed some other people should not affect the MS
case.

I am not sure if the MS case even reached MSW top page, but if it were some
small software company outside US it would not appear on HN at all, only on
local press, so HN from page has a bias for big US companies

~~~
fwdpropaganda
Again I didn't understand what point you were trying to make. That small
companies outside the US don't reach the front page of HN? Of course not. Is
that your point?

~~~
simion314
Yes, and then US HNers complain that they never seen EU punishing the small EU
software companies and they only see Apple,Microsoft, Google and FB.

------
nukeop
Even if thousands of businesses across Europe depend on tracking users, I do
not think it's enough of a reason not to fight against it, and i would be very
happy if those businesses go belly up tomorrow if tracking is outlawed. A
business so dependent on completely immoral, outright evil intrusive
surveillance does not deserve to be kept alive by exploitation of our rights.

------
Kenji
You all are rejoicing now but you will see that the laws will have unintended
consequences and doesn't help much, just like the cookie law.

------
polskibus
I suppose US could tax those non-US users so that using fb would cost them
something.... Oh wait...

~~~
simion314
Tax how? FB users do not pay, and this case is for non FB users, will you tax
non FB users because they do not use FB?

Maybe send the army or CIA to change some governments, some citizens dare not
have FB accounts, they must have something to hide /s

~~~
polskibus
I was jokingly referring to recent tariffs announced by US administration,
trying to think how a potential retaliatory action from US gov could look
like. By the way tax doesnt have to be % only, it can have an absolute minimum
too.

~~~
simion314
Ah, I am not from US so I did not understand the joke, but no tax or EULA
could have an effect for people that are not FB users.

Even if I have an FB account I do not want FB to follow me and say scrape my
HN comments and mine them for data.

