
Sites using Facebook ‘Like’ button liable for data, EU court rules - abbe98
https://www.euractiv.com/section/digital/news/sites-using-facebook-like-button-liable-for-data-eu-court-rules/
======
zorked
"He warned that the decision would go beyond Facebook and effect all social
media plug ins, which are important for many firms to expand their reach on
the web."

Add an image on your own website that links to Facebook. Problem solved. You
keep your like buttons, their servers are no longer involved in serving your
web page.

~~~
StavrosK
I did this and wrote about it[0]. It works really well, is very fast and
doesn't compromise your users' data. There are also libraries that make it
very easy to add.

[0]: [https://www.stavros.io/posts/scourge-web-
analytics/](https://www.stavros.io/posts/scourge-web-analytics/)

~~~
pbhjpbhj
Does Facebook allow it?

Unless you have rights holders permissions then the social links at the bottom
of that article look like copyright and probably trademark infringements. (I'm
not saying that's a good thing, just how it appears.)

~~~
kordlessagain
> Does Facebook allow it?

Who cares? Facebook is a zero sum game at this point for advertisers/content
creators. Facebook stacking the odds like a casino does chuck-a-luck. There's
only them winning here, nobody else.

~~~
downandout
_Who cares?_

The site owner that might be sued by Facebook for copyright infringement, for
starters.

~~~
Quenty
Aren’t logos fair use? Maybe a like button might be sueable, but a logo should
be fine, right?

~~~
megous
And they will be suing for what? For attempting to send more people to
facebook? What's the damage?

Facebook has no right to have their arbitrary code on other people's websites.
So they can't force any specific way to show their button. From the end user's
perspective it's all the same.

~~~
downandout
Facebook could reasonably argue that by bypassing their established use
policies for the like button, you are depriving them of value - in this case
the value of the data that their JavaScript collects and sends back to them,
and that you (the site owner) are being unjustly enriched through the use of
their copyrighted image(s) on your site.

Except in cases of fair use, which isn’t nearly as broad as people think, the
use of other parties’ images is subject to whatever licensing restrictions
they choose to put on them. You can choose not to display their images if you
do not accept those terms.

~~~
saagarjha
I feel like trying to sue someone for linking to Facebook would go down
_extremely_ poorly.

~~~
pbhjpbhj
The reason sites want to have Like buttons is because they perceive value in
that for the site. A C&D would be enough to bring anyone in to alignment that
didn't have a wish for a very expensive day trip to court.

------
facethrowaway
Sites using the like button are dumb to begin with, especially if they are in
e-commerce. You’re handing your competitors an ability to do lookalike
targeting of your customers via Facebook ads. This is one of the biggest
advantages of that platform. Surprised nobody writes about this while gasping
at Facebook’s profits.

~~~
dheera
E-commerce, possibly, but less true for journalism. Nobody browses news site
front pages anymore. They visit news article links directly from their
Facebook feed of other people sharing/liking stuff, Reddit, HN, or other
social media.

When was the last time you typed in nytimes.com or some similar foo into a
browser?

~~~
incongruity
Well, since you’re asking - Daily - news sites’ front pages are bookmarked on
my mobile but often typed as well.

------
tablethnuser
I think all these privacy protection rulings are a step in the right
direction, in that we are seeing governments respond to dark patterns similar
to how they respond to spam and telemarketing.

The loose thread now is in how the companies are required to communicate their
data mining. These twenty page privacy policies that I agree to with a flick
of the scrollbar and a button click, or these equally boring popovers when I
visit a site, are where the governmental innovation needs to happen next.

~~~
tgsovlerkhgsel
All it takes is strict enforcement. The rules are already there.

Many of the popovers (basically all that you can't easily dismiss without
giving consent to anything unnecessary) don't result in valid consent.

Twenty page privacy policies are also questionable: "the request for consent
shall be presented in a manner which is clearly distinguishable from the other
matters, in an intelligible and easily accessible form, using clear and plain
language."

I also hope that the ones that ask for consent with a modal pop-up create a
modal pop-up offering you to revoke consent on every page load: "It shall be
as easy to withdraw as to give consent."

Strict enforcement of the existing rules is all that's needed. Getting consent
is going to be really hard, to the point where web sites may be best of not
asking for it, and only doing what they can without processing personal data.

~~~
alkonaut
This. I long for the day when regulators pick one high profile target that
uses “by entering you agree to [us giving your data to third parties for ad
purposes only]” and simply hit them with an enormous fine.

------
yashap
I get the sentiment, but wouldn’t this apply to something as simple and
fundamental to the web as including an image that I don’t host on my webpage?
The 3rd party hosting that image could be collecting a decent amount of data
about people accessing it - I really have no idea what they’re doing, or any
way to verify it.

This ruling feels poorly thought out to me. Activities on the web aren’t
totally private, that’s how it’s always been. Getting rid of 3rd party content
makes it ... kind of not the web anymore.

~~~
throwawaywego
That's a very D&D Rulebook type interpretation :). Not that rulings should be
ambiguous, but usually some common sense can be applied (and is expected to be
reasonably applied).

The Facebook like button is a web tracker, disguised as a social engagement
button. If not its primary -, then its secondary function is to
(indiscriminately) track users and non-users outside of its walled garden,
like some reversed Trojan Horse.

Hotlinking an image is just that: hotlinking an image. Facebook relies on us
and lawmakers to say: "We just can't ban third party content!", while we
perfectly could leave innocent third party content alone, and focus our sights
on the spy button. It isn't reasonable, nor common sense to conflate the two:
even if similar in syntax, the context is vastly different.

~~~
macinjosh
> That's a very D&D Rulebook type interpretation :). Not that rulings should
> be ambiguous, but usually some common sense can be applied (and is expected
> to be reasonably applied).

You can't build a business on assumptions made on an ambiguous ruling. And
while common sense seems reasonable there it has no definition. Why should
investors take the risk?

~~~
ryandrake
Lots of businesses, investor-backed and otherwise, currently operate within
the “frontier areas” of the law. Some of them step a little too far and get
whacked, others stay in the gray area for decades making money. Legal due
diligence is not about guaranteeing 100% you’re above board. It’s about
weighing the risks.

------
codysan
> Bitkom, a German trade federation for online businesses criticised the
> ruling, saying it would heap costly bureaucracy on firms without enhancing
> consumer protection.

Swap "costly" for "mildly inconvenient" and then I could almost see where
they're coming from but I think they're missing the forest for the trees here.
Let the "like button" die, rulings like this take the wind out from beneath it
and eventually it's a metric you'll never be burdened with.

~~~
raverbashing
Also the "without enhancing customer protection" is not correct. The mere act
of loading a page with the like button causes data to go to fb

One solution would be to have a "turn on like" button, but the image solution
that some comments point out seems like a good option as well

(Or fb could have data sent only when the person clicked the button, but
that's unlikely to happen)

~~~
sprafa
Corporation with financial interest in disinformation spreads it through press
release. News at 11

------
tgsovlerkhgsel
The best part:

> Under EU data protection law, therefore, a European retailer and the US
> platform are jointly responsible for gathering the data

I really hope this means that Facebook and all those stats/ads providers can
be held responsible if they don't take adequate measures to ensure that only
data from users who have given valid consent is sent.

Going after individual site operators is a fight against windmills. It would
be much more effective if they could go after a company that provides an Ad
SDK to hundreds of thousands of apps, but just tells the app developers in the
fine print "by using this SDK you confirm that you have gotten consent from
your users" \- and as a result, knowingly accepts that nobody will care and
data from non-consenting users will be collected.

~~~
ghego1
> I really hope this means that Facebook and all those stats/ads providers can
> be held responsible if they don't take adequate measures to ensure that only
> data from users who have given valid consent is sent.

Yes, it does mean that, and on top of it authorities can also go after each
web site that has a like button on it

------
sayusyz
Will EU regulate mobile apps and the two dominant platforms too? On web I'm
safe using blockers, no JS etc. But on my phone I lack alternatives to
suppress privacy abusers.

~~~
factotvm
I believe Apple is trying to get in front of this, and hopefully that means
Android isn’t far behind.

[https://www.consumerreports.org/software/apple-
ios-13-will-i...](https://www.consumerreports.org/software/apple-ios-13-will-
include-more-privacy-protections/)

~~~
jraph
Android is far ahead… as long as you only use AOSP or Lineage, avoid Google
Apps and install apps from F-Droid and not from the Play Store.

~~~
mrtksn
That's not the Android that people are talking about.

~~~
lol768
Even on the Google Play Store, there's a browser called Firefox that supports
the concept of "add-ons".

I know these are a novelty on Android where most people use Chrome because
it's pre-installed - but add-ons are small, self-contained downloadable
additions to your browser. There are multiple such add-ons that will block ads
for you. They also work in-app where the Firefox WebView/custom tab is used.

~~~
pmlnr
> I know these are a novelty on Android where most people use Chrome because
> it's pre-installed

I still don't understand which law allows _not_ to show a choose your default
browser installer, like Windows had to after the court decision.

~~~
enedil
Are you in Europe? I am and recently I was asked this exactly question out of
blue, and I was given 5 options (if I recall correctly).

~~~
pmlnr
Yes. 5 options on Android and on iOS? Because if Windows had to, they should
too.

~~~
enedil
I don't have access to iOS devices, but this happened on 3 different Android
phones. It wasn't on setup though.

~~~
lol768
That's interesting, I've never experienced this myself. Wonder if there are
any screenshots floating about on the web.

------
mattkevan
How much value does like and other sharing buttons provide to anyone other
than Facebook/Google/Twitter these days? I’d argue very little.

I used to work for one of the larger social sites in the UK with many millions
of unique users and we found that the social buttons got next to no
engagement. Before I left we began the conversation about removing them
entirely as they were just dead space on the page.

~~~
hanspeter
I agree that for most sites these buttons have very little value both because
of lack of relevance and because of low conversion placement.

However there are whole businesses that have been built around these buttons
(fx Upworthy).

------
the_arun
Wouldn't the same logic, apply for users clicking on ads?

~~~
whydoineedthis
this is a great point. it would be awesome if indeed sites had to gain my
permission before showing me an advertisement - or at least a custom one.
someone should sue!

~~~
TheCoelacanth
Or at least showing an ad that they don't host themselves. A first-party
hosted ad wouldn't give away any user data.

------
abbe98
I wonder if this will end up being applied to the usage of third party CDNs as
well such as Google Fonts.

~~~
flukus
I hope it applies to CDN's, I suspect data collection is the very reason they
exist and that many are already collecting data, but even it tech circles it
flies under the radar. On top of this there's potential issues with any third
party and we'll need stronger guarantees from cloud hosts, data centers and
the like.

CDN's are especially nefarious when it comes to privacy because they make it
so hard to block third party content while retaining functionality.

------
Zenst
It is interesting how with the many copyright and data protection acts and
rules, that the EU is, in effect creating a whole new type of decentralised
firewall for content for want of another way of perceiving it all.

Though this is a firewall for the people against business
practice/malpractices. Which is a good thing. I'm sure there will be many
cases of this causing issues, but on the whole, it does fall in the favour of
the end-user, us the people.

I say firewall, more an IDS that reacts to breaches. But it is good how they
are at least not ignoring and overlooking such details and this is a fine
example of it being well thought out.

------
EGreg
What exactly is the data being transferred? It is that the user has visited
the site, correct?

The only way the third party site can know that is via third party cookies, or
attempting fingerprinting as a third party iframe. Do you see any other way?

I thought that the EU already realized that this is a matter of cookies - in
this case third party cookies of a site that you HAVE logged into. Browser
makers should just let the user make a decision whether they want the requests
to be automatically sent with third party cookies in this case — OR to
explicitly approve every single time they log in using oAuth or want to share
something.

Whatever happened to this proposed law from 2017, which correctly realized
that it’s the Browser’s responsibility to let the user select the cookie
policy they want:

[https://www.kitguru.net/channel/generaltech/matthew-
wilson/t...](https://www.kitguru.net/channel/generaltech/matthew-wilson/the-
european-union-proposes-law-to-stop-browser-cookie-pop-ups/)

~~~
peteretep
> or attempting fingerprinting as a third party iframe

That's essentially what a Facebook like button is

------
ishan1121
Do facebook Like button really matter anymore? I mean my page has over 5000
likes but there's almost nil traffic on my blog through my page. I have
removed like button from my website and nothing has been impacted

~~~
alexpetralia
It matters for Facebook tracking users in exchange for the "opportunity" of
increasing traffic. Of course most of this traffic only occurs if you pay for
it.

~~~
unicornfinder
Not to mention that from what I've seen most of the traffic you'll get from
Facebook originates from click farms.

------
PavlovsCat
[http://panzi.github.io/SocialSharePrivacy/](http://panzi.github.io/SocialSharePrivacy/)

IMO, decent websites have been using something like that for a long time (the
small subset of them that have like buttons, that is), so nothing will change
for them.

~~~
marbu
Yep, I seen this on Bruce Schneier's blog[1] back in 2013.

[1]
[https://www.schneier.com/blog/archives/2013/03/changes_to_th...](https://www.schneier.com/blog/archives/2013/03/changes_to_the.html)

------
olliej
The important crux of the problem is that the current model for _all_
“like”/“social” buttons is that simply including the link grossly violates
your user’s privacy.

Why should I have to surrender my privacy to read an article on your site? Why
do you think that it’s ok?

The _only_ time a your site should be sending tracking information to someone
your user’s have not explicitly stated they want _you_ specifically to share
is when they have actually interact with the bottom. Not a mouse over, not a
resource load, not an invisible overlay.

The use has to consciously opt to do that.

If you can’t ensure that your site isn’t abusing users/readers you need to
gate _all_ your pages with a page stating that you will be providing other
companies with tracking information that provides your browsing history. You
should also list all of the companies you will be sending that data to.

If you don’t want to do that because it will hurt “engagement” or “conversion”
that’s your problem.

Alternatively you could have a banner that says “you’ve used our site so we
sent information about your browsing history to these companies, and there is
no support for deleting that information. We recognize that you may not like
that but we don’t care about your privacy, and have no intention to preserve
it”

~~~
zzo38computer
That is an issue with the browser implementation, I think.

~~~
olliej
No. A browser is required to load resources whether or not they come from they
come from the same domain (otherwise you break all sites using CDNs, multiple
servers for load, etc)

The browsers (well Safari at least) actively work to break those things being
used for tracking, but fundamentally (and the reason FB, etc require you to
embed JS that loads their trackers) tracking companies treat user privacy
systems as an adversary and continuously update to defeat it. Look at Google
circumventing it in the past (and being hit with fines because of it).
Nowadays they’re simply more clever in not crossing legal lines.

~~~
zzo38computer
That is a different problem, of requiring too many resources just to load a
document.

------
mic47
Would this include ad-tech, like advertising cookies and other tracking stuff
(specifically, not Facebook / google ones)?

~~~
M2Ys4U
Almost certainly.

Read paras. 71-81 in the judgment[0] - it sounds to me like 3rd-party
adverting would be covered by the same logic.

[0]
[http://curia.europa.eu/juris/document/document.jsf?text=&doc...](http://curia.europa.eu/juris/document/document.jsf?text=&docid=216555&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=5673263)

------
tracker1
What bugs me, is most sites dealing with the issue throw up an "Accept" button
with whatever blurb in place, but they're already including the metrics/etc
scripts before accept happens.

I mean, I get it... but the whole point was to stop the behavior, not side
step it.

------
polskibus
Can this verdict be extended to cover Google analytics and all other 3rd party
tracking?

~~~
luckylion
Sure, but that's already covered - you need to have a data processing contract
with Google to use GA while being GDPR compliant. You'll have to do the same
with Facebook for their buttons now, FB will provide an agreement and you sign
it pro forma and that's it, I guess.

~~~
downandout
_you need to have a data processing contract with Google to use GA while being
GDPR compliant_

That is true...unless you are not based in the EU and don't "envisage" (a term
used in the GDPR) serving EU customers. Then you don't have to deal with any
of this nonsense and are free to add whatever like buttons/analytics solutions
you would like. A US site that doesn't offer translations in European
languages, doesn't accept EU currencies, and doesn't use an EU domain
extension, is not subject to GDPR - even if EU users can access it.

 _" Whereas the mere accessibility of the controller’s, processor’s or an
intermediary’s website in the Union, of an email address or of other contact
details, or the use of a language generally used in the third country where
the controller is established, is insufficient to ascertain such intention,
factors such as the use of a language or a currency generally used in one or
more Member States with the possibility of ordering goods and services in that
other language, or the mentioning of customers or users who are in the Union,
may make it apparent that the controller envisages offering goods or services
to data subjects in the Union."_

------
VvR-Ox
That's what I really like about the EU. At least sometimes it tries to serve
it's people.

~~~
ghego1
Agree, IMHO the EU government is the most concerned with citizen's/users'
rights. As it must deal with the pressure from so many different member
states, more often than not is acts only when it's actions can have positive
effects on citizens and users, even if many times that is not fully perceived
at national level

------
neilv
This sounds like a great precedent.

A side project of mine, starting in the Junkbuster days, is fighting cross-
site tracking/profiling, and almost every Web site does it at least a little.
Legal precedents suggesting liability for that seems huge, and maybe end the
technological arms race (which I think the privacy&security people will
otherwise ultimately lose).

------
lugg
> Bitkom, a German trade federation for online businesses criticised the
> ruling, saying it would heap costly bureaucracy on firms without enhancing
> consumer protection.

What cost is involved by not embedding third party bescons on your website?

How does it not improve consumer protections? It's literally stopping doing
the thing that is causing harm.

> “With its decision, the ECJ places enormous responsibility on thousands of
> website operators – from small travel blogs to online megastores and the
> portals of large publishers,” Bitkom CEA Bernard Rohleder said.

Yes, this is exactly how serious this situation is. I'm glad you're getting a
handle on just how damn huge this problem really is. Aren't you glad we're
finally doing something about it?

> He warned that the decision would go beyond Facebook and effect all social
> media plug ins, which are important for many firms to expand their reach on
> the web

Uh, yes, that's the the idea? Your firm's right to expand their reach does not
overrule my right to privacy.

People can still share and like your links on the social platforms. It doesn't
require me to be forced into it.

~~~
DyslexicAtheist
Bitkom criticizing it would be expected as it's a lobby group for "Neue
Medien" and "Digital Transformation" and many of their members are AdTech and
Analytics companies.
[https://lobbyfacts.eu/representative/3d75bcd811c04ccfbfa6d0c...](https://lobbyfacts.eu/representative/3d75bcd811c04ccfbfa6d0cd61af1c39/bundesverband-
informationswirtschaft-telekommunikation-und-neue-medien-e-v)

~~~
lugg
> it's a lobby group

With weak arguments like those it seems it's not a very good one..

------
matreyes
And Google Analytics tracking system?. I guess every site on earth has it!

~~~
jammygit
Simpleanalytics is a nice alternative with a lot less tracking. It’s still
analytics, just a bit less invasive

~~~
9HZZRfNlpR
Simpleanalytics is extremely expensive for what it does.

------
jacquesm
Good. The sooner the like button and all the other 'social media' plug ins
disappear the better. It's trivial to host the button and the link on your own
pages. That way only the actual likes get counted.

------
meattle
For those that want to show official Share Counts on their Share Buttons while
maintaining User Privacy, take a look at Shareaholic's Share Count Proxy -

[https://www.shareaholic.com/blog/social-share-count-
api/](https://www.shareaholic.com/blog/social-share-count-api/)

Share Count queries to the Social Networks are proxied through this service
securely and visitor privacy is protected... like an anonymous VPN.

~~~
SahAssar
I'm not sure a company that says "Imagine being able to capture, analyze, and
re-target any person on any ad platform that clicks on any of your links on
any marketing channel" is one that should be trusted with anyones privacy.

~~~
meattle
Shareaholic offers many different types of marketing tools. The product that
you're referring to is the URL shortener, which is independent of the Share
Count Proxy product -- [https://www.shareaholic.com/link-
manager/retargeting](https://www.shareaholic.com/link-manager/retargeting)

This URL Shortener service is also GDPR compatible as retargeting pixels are
not set for EU subjects regardless of what customers want to set. In the
roadmap is to add an opt-in message on the redirect.

~~~
SahAssar
I get that you offer different types of tools, but my point is that trusting
one company that markets tracking to anonymize the tracking of another company
that markets tracking seems backwards regardless of if you say that this
specific product actually does tracking or not.

~~~
meattle
Coming in cold, that's a very fair concern/comment. I generally believe that
products can be privacy-first but still serve the needs of marketers while
providing _consumer choice_. Consumer choice is the key in my opinion.
Shareaholic tools do what the customer sets them to do, with opinionated
safeguards to prevent customers from missteps with regards to GDPR and
consumer choice. For example, Shareaholic is one of the very few that also
respects DNT signals (even though DNT is now defunct).

Btw, Share Count Proxy is also whitelisted by Firefox which provides the added
advantage of share counts actually showing on Firefox if you use the proxy
while direct calls to Facebook.com, Pinterest, etc are blocked.

------
rhacker
The entire Cookie warning fiasco should never have been about cookies. That
scared people from using cookies - even authentication related ones. It should
have been about connecting your browser to unrelated domains owned by a third
party. I mentioned this in a previous post, but when you're logged into your
CVS pharmacy account I get tons of connections to Facebook.

------
tempodox
Everything that stops them from feeding my shadow profile to FB is welcome. I
never gave my consent for that shit.

------
DyslexicAtheist
what's really missing in all this GDPR and privacy discussion is a technical
way to enforce it. If you have a large multinational company with 50 TLD's you
might have several hundred (including all the subdomains) that are Internet
facing.

For a company on that scale to remain compliant to things like cookie law
(mention every cookie and what it does for opt-in) there is no easy way to see
if you're compliant. We need some standard (like security.txt) which defines
how cookie data, impressum or other site specific links are expected which has
to be machine readable. Right now every company creates it's own mess of html
which is no fun scraping to figure out if the company is compliant or not.
(yet scraping is what everyone in compliance expects to happen).

I wonder how these laws can be enforced without creating a huge administrative
backlog.

~~~
mqus
for this there's a e-privacy regulation in the works[1] but it already took a
lot of time... GDPR only got as much support as it did because the snowden
leaks happened shortly before the vote.

As I understand it, it will include things like Do-Not-Track and a better
cookie banner legislation, which makes the banners less common.

Enforcement is trickier. Let's wait for a few more rulings and see if that's
enough.

[1] [https://ec.europa.eu/digital-single-market/en/proposal-
epriv...](https://ec.europa.eu/digital-single-market/en/proposal-eprivacy-
regulation)

------
suyash
This is a great ruling, big win for privacy advocates and Europeans!

------
buboard
a side effect of the ruling is that now facebook is NOT liable for that
consent, and google is not liable for analytics / adsense. Will the EU start
going after the little guys now?

~~~
M2Ys4U
You are wrong.

Facebook and FashionID are _joint_ data controllers, and FashionID aren't
liable for additional processing that Facebook does with the data.

If consent is the legal basis upon which the processing is based then _both_
entities must have consent.

~~~
buboard
Since facebook does not interact with the user, fashionId is responsible for
getting consent to send that data to facebook. It's how all the ad cookie
prompts work.

------
d2mw
Tears of joy.

~~~
macinjosh
As the very structure of the Internet crumbles due to over regulation?

~~~
james_s_tayler
Maybe the internet was a bad idea. Maybe the whole neolithic revolution was a
bad idea.

~~~
acheron
In the beginning, the universe was created. This has made a lot of people very
angry and been widely regarded as a bad move.

------
matreyes
And google analytics tracking system? I guess every site on earth has that.

~~~
luckylion
That's already covered, FB is now treated more like GA in that you need to
have a valid data processing agreement with FB if you're embedding their like
buttons or you're not GDPR compliant.

------
alkonaut
GDPR needs to be sharpened to state that you can’t even show a different
service _at all_ based on consent relating to third party data sharing.

That is: “to give you this service we need to store some info” - OK.

“To give you this service we need to share info with advertisers” - not ok.

That is: you need to be able to provide the service using only non targeted
ads if the user wants it.

------
ancymon
I think GDPR requires website owner to inform users what exactly is being
processed and by who. The problem for website owners is that Facebook won't
really tell what data they process and who will they share it with or they do
not seem to allow to revoke consent.

------
conroydave
oh lordy

------
macinjosh
The EU is out of control and is ruining the Internet.

~~~
Avamander
The EU is the __only __actor that has taken a hard look at itself as to what
it has let happen to people 's privacy and security online.

~~~
macinjosh
This is asinine. If you don't like websites including resources from a 3rd
party you can block third-party connections, install a blocking extension. We
don't need an authoritarian government to make these decisions for us.

Mark my words. This is going to have enumerable unintended consequences and
the Internet will suffer for it. Fuck the EU.

~~~
zzo38computer
I agree; if you do not want cookies then you can just disable it in the
client, and if you do not want it to load third-party scripts or images, then
you should disable that, and so on; the cookie warnings and all of that stuff
is not helpful.

(Perhaps a better requirement would be to require the browser distributors to
include warning labels about such features if they are done automatically.)

~~~
llukas
I don't see the reason why tracking and data collection should be opt-out.

If you do not like the idea that you own your data, not companies then you can
give your consent to process data to everybody.

~~~
zzo38computer
That is not quite what I meant. What I meant is independent of opt-in or opt-
out, but is rather saying that such features in the browser should be and must
be configurable, and that is separate from the issue of consent. (Maybe they
should be disable third party cookies by default, or whatever, but it will
work either way.)

What they will do with the data you give to them, is a separate issue than the
web browser. The company you are dealing with still needs to have a proper
policy for that, but that is different than the issue of the client
configuration.

Requiring a warning message about cookies on the web page is not helpful,
because that is the wrong place to put it; the browser can provide its own
such warning, and the user can configure it. (Lynx provides the possibility to
ask when a cookie is received.)

So, the actual problem is the browser providers designing them stupid, and
making them such complicated that it is difficult to make up a new one which
is actually good.

------
jimmaswell
This is totally insane. Stop ruining the internet before it's too late, EU.

~~~
jraph
This is totally sane. I don't ever want my browser to contact Facebook and
Twitter when I'm visiting unrelated websites. This was bullshit from day one.
Please do continue!

edit: I hope that this will also hold for Google with reCAPTCHA and Analytics.

~~~
luckylion
That part won't change, though. It's now just that the website owners need
either your consent or legitimate interest as defined in GDPR + they need to
have a data processing agreement with Facebook. It adds a formality, but it
won't have a lasting impact.

~~~
jraph
Well, I hope that at least some websites will opt for using an image they host
themselves instead of adding this formality. This has to hurt user experience,
no?

On the other hand, I guess this is only one more checkbox to tick among the
checkboxes we already have to tick.

~~~
luckylion
A self-hosted image + link adds friction, so I don't think that a lot of the
mainstream sites (that aren't privacy conscious and do it already) will do it.
And, of course, many shops already use Facebook tracking pixels to target
visitors that didn't buy anything, so they have very little interest in keep
FB out.

------
macinjosh
From the article:

> According to the European Court of Justice ruling, a site that embeds the
> Facebook “like” icon and link on its pages also sends user data to the US
> web giant.

This is categorically false. The site that embeds the like icon is sending
absolutely nothing to Facebook. The user's browser is the one sending
information. You have control over your browser. You can do something about it
if you don't like it.

The EU's regulations infantilize the public and removes consumer choice.

~~~
icebraining
How is it removing consumer choice to ask for their consent?

~~~
macinjosh
Many sites who just don't want to deal with the regulation will simply not
offer anything from a 3rd party on their site. That is least risky approach
and most businesses paying attention will do that.

~~~
icebraining
Yeah, stupid business people abound. If those offers are really interesting to
the users, those sites will be replaced by better run ones, who correctly
calculate the risks.

------
codingslave
EU shooting themselves in the foot with all these data rulings. Innovation
will never happen there, US tech products will slowly suck the wealth out of
European nations, much like China manufacturing sucked the wealth out of the
us manufacturing sector.

~~~
tannhaeuser
Needing consent for sending data to Fb is only consequential and consistent
with the law's goals. It's been good practice on decent German sites for a
long time to present social media buttons as greyed-out icons to indicate
tracking code by those third parties is only embedded on the linked page.

~~~
abraae
Interesting, I would have thought that one of the few UI conventions that is
fairly universal is that buttons are greyed out if they are inactive. I'm
certain that many people will never click a greyed out button for this reason.

~~~
tannhaeuser
Not quite greyed-out as in disabled. Not sure merely using a b/w logo without
logotext will work out with today's flat designs and usage habits. I remember
it being used when minimal design wasn't as common as today, and the icons
would stand-out (or rather fade into the background).

