
GDPR: noyb.eu filed four complaints against Google, FB, Whatsapp, Instagram - buster
https://noyb.eu/
======
makomk
The odd thing is that lots of companies are abusing forced consent, but Google
isn't one of them from what I've seen. Instead it's mostly publications like
the Washington Post, Forbes, and Fortune just to name the last three I
encountered this on. Google seems quite happy to let you refuse to let them
use your personal information for ad targetting or any kind of personalisation
of results and continue using their services, whereas a lot of publications
just plain won't let you view their site unless you agree to this.

~~~
Sylos
Because Google needs the reputation. And if publications like Washington Post,
Forbes, Fortune do it on behalf of Google, because ultimately what they deploy
is Google Analytics, Google Tag Manager, Google Ads and so forth, then that's
a double win for Google.

------
riantogo
So what exactly is the overall outcome that people (in the support camp) are
expecting from GDPR? Obviously targeted content and advertising is not going
to stop. But maybe the 0.01% of the population that wants to opt-out of
targeting or download their data can (BTW most of this was already possible
with most big players)? And they want this at the cost of much higher cost of
compliance for hobbyists and startups? And what does all this mean in terms of
net gain to society?

~~~
JumpCrisscross
GDPR would have been a sensible regulation if it only applied to large
companies. With respect to complaints against Facebook and Google, I have no
qualms.

~~~
GordonS
As a small business owner, I disagree - _all_ businesses should be mindful of
their user's privacy.

~~~
JumpCrisscross
Regulatory interactions are inherently costly. It doesn’t matter if you do
everything correctly. People will mis-understand and file complaints; you’ll
need lawyers earlier than otherwise. This inhibits business formation. For
large companies, whose data represents the greatest systemic threat, I think
the trade-off is worth it. For smaller companies, having an EU lawyer on staff
is not.

~~~
GordonS
> you’ll need lawyers earlier than otherwise

The EU is not the USA - the majority of small businesses will never need a
lawyer at all!

------
spullara
GDPR could end free internet services. Maybe it is the outcome that the EU
desires, I'm not sure, but I don't see how you can run non-transactional, free
services without monetizing them via the best possible advertising. Do they
want everyone to go back to punch-the-monkey and mortgage ads exclusively?

~~~
whatshisface
Free services existed before megatracking. Advertisements will go back to
being targeted contextually, which will raise the value of views on "Tom's
Train Fan Web Hub (and camera reviews)" at the expense of "Zuckerberg's
Universal Website for Everyone." Look at Duck Duck Go for an example of
advertising that is contextualized only with the current page, as opposed to
the entirety of your personal history.

~~~
TomMarius
I don't remember anyone running services with offerings similar to e.g. Gmail
back then without income from targeted advertising. Back then, my mailbox had
10 MB capacity while Gmail offered 1 GB thanks to the money from advertising.

~~~
whatshisface
The current state of your mailbox seems like a good corpus for memory-less
targeting. Other than your emails, which the email provider obviously has to
store, no personal information would have to be kept. As a result I'm not sure
that the GDPR would impede Gmail, except to make it more valuable by
increasing the scarcity of having that much data in one place.

~~~
TomMarius
I wasn't talking about email harvesting. It was their targeted ad income in
general that made it possible to bootstrap this service at the beginning and
then make use of the e-mail data to further improve their otherwise free
offering.

------
thedevil
For the proponents of GDPR, do you think that these are good ideas? edit: Why?
What's the argument for them?

> The GDPR prohibits such forced consent and any form of bundling a service
> with the requirement to consent

> a penalty of 4% of global revenue

edit: On the first, if companies use (for example) personalized ads to pay for
the service, why should they be forced to provide the service without the
source of funding? If you disagree with that, you can just not use the
service.

~~~
sbov
Not all business models are legal. If the companies don't want to abide by the
rules of the EU, they can opt not provide services to people in the EU.

~~~
thedevil
> Not all business models are legal.

But why make this one illegal?

We can make wedding planners illegal if we don't like them and then just say
"not all business models are legal.

But that doesn't explain why. Why stop people from engaging in a transaction
that both sides consider to be a win?

~~~
icebraining
Because "in the EU, personal information cannot be conceived as a mere
economic asset: according to the case law of the European Court of Human
Rights, the processing of personal data requires protection to ensure a
person's enjoyment of the right to respect for private life and freedom of
expression and association".

[https://edps.europa.eu/sites/edp/files/publication/16-09-23_...](https://edps.europa.eu/sites/edp/files/publication/16-09-23_bigdata_opinion_en.pdf)

~~~
thedevil
It's a little unclear to me how this answers the question. Can you connect the
dots here?

I don't think not giving you services if you don't opt in violates your
"enjoyment of the right to respect for private life..."

Are you saying that you shouldn't be allowed to trade use of your personal
information for services?

If not, how does your quote tie in?

~~~
icebraining
_Are you saying that you shouldn 't be allowed to trade use of your personal
information for services?_

That's the principle behind the GDPR, yes.

~~~
KozmoNau7
No. You are still allowed to do that, but you have to explicitly opt-in.

------
xtrapolate
What happens when a GDPR claim is dismissed by a court? Are the plaintiffs
required to compensate the defendants? Can Facebook/Google counter-sue for
damages?

What's stopping anyone from randomly filing GDPR claims against every other
website? How many such claims can the system handle at any given time before
succumbing to years-long queues?

~~~
oldcynic
There's no court case here yet.

In these 4 cases they have been reported to the regulator. For 3 of them the
reports will be passed to the regulator in Eire as that's where they have an
EU presence.

So if it is "dismissed" that essentially means the regulator decides no action
is required. Or the regulator might decide a phone call or letter will suffice
for a first offence.

Max Schrems _could_ take a case to court against Facebook or whoever, with all
the usual costs, penalties and potential for appeals etc.

------
he0001
What about github? What happens if someone that have been a contributor to
several projects and then says to github that they have to remove the data
that is in those repositories. However they just cannot go in and erase
history in companies repos?

~~~
extra88
There are a number of exceptions to the Right to be Forgotten provisions.

~~~
he0001
The exceptions are if there is an different law that supersedes GDPR. However
none of them are indefinitely so sooner or later GDPR will apply.

~~~
extra88
From Article 17, Right to erasure (‘right to be forgotten’) [0], "the
controller shall have the obligation to erase personal data without undue
delay where one of the following grounds applies: (a) the personal data are no
longer necessary in relation to the purposes for which they were collected or
otherwise processed;

If one can argue the personal data _is_ still necessary, e.g. for the purpose
of attribution in a repo, then the controller is not obliged to erase it.

Paragraph 3 is all about exceptions including ones for freedom of expression
and "establishment, exercise or defence of legal claims," e.g. copyright or
other IP.

[0] [https://gdpr-info.eu/art-17-gdpr/](https://gdpr-info.eu/art-17-gdpr/)

~~~
he0001
But attribution is not permanent legal requirement it’s eventually going to
expire. And copyright or IP is about the owner of the repository, but not the
personal information in a repository. I find it hard that “copyright” or IP
applies to personal information unless you are the one owning it, which you
don’t if you work for a company. However it could be kind of funny if you work
another company contributing to a project owned by another company.

About “defense of legal claims”, removing people from the history will only
strengthen your claim as the owner of the repo?

I’m not convinced that paragraph 3 actually applies here, not sure what exact
claims can be done for keeping that information as it is. And can github
“hide” behind such vague exceptions?

~~~
extra88
GitHub may have to add some capabilities but I'm thinking about the people
running the repo; retaining attribution of submissions as a defense against
accusations of code theft. I was also mainly thinking about public repos open
source, not code contributions by employees in a work-for-hire situation.

------
JumpCrisscross
What is the process between this complaint and a fine / order to rectify?

~~~
tombone12
The national agencies evaluates the complain and take a decision, which I hope
will happen before the end of the year. Exactly how it happens depends on the
country, as the GDPR leaves room for national legislation also on the section
on the Supervisory authority.

------
forcer
can someone explain how would this make consent popups go away? I think
consent popups are here to stay, what this lawsuit may change is what buttons
will be on them

~~~
anonymousab
Since things have to be opt-in, in theory you could ignore or block all such
popups and benefit from the default of not having given consent.

In practice, companies will continue to assume the opposite, and we'll see how
things shake out with the regulators and courts.

It's the cornerstone behind any teeth in the GDPR.

Exciting times.

~~~
GW150914
I think The Atlantic’s version is a great example, with a bunch of opt-in
options clearly laid out. In the end the rest will probably end up looking
more or less like that, or go down in much-deserved flames.

