
Facebook and Google hit with $8.8B in lawsuits on day one of GDPR - fortawesome
https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe
======
AdamM12
Zero surprise. Gonna be a bonanza for lawyers. We got patent trolls now we'll
have GDRP trolls. I like parts of this law like being able to see all the data
they have on me and actually delete it but imo you consent when you sign up
for the service. Don't like what they are doing; Don't sign up. If this guy
wins it legalizes freeloading which is theft by government. Infrastructure
cost money and I get it FB has the scale to absorb some of the costs but a lot
of companies likely won't when now they have to defend themselves from
lawsuits as well as added compliance costs.

~~~
firmgently
Nobody reads T&Cs. Company directors know that. Lawyers know that. They are
rarely written in plain language and they obfuscate what the deal really
consists of. Facebook/Google could easily write on their landing pages "We
provide this service in exchange for use of your personal information". People
who agree to that would be giving real, informed consent. Any of us that talk
to non-geek, non-SV human beings know that most people don't understand the
deal they're making when they sign up to these services, instead seeing
Google/FB as some kind of supercool charities that make stuff for free just to
be nice. Thankfully that's starting to change.

Pretending that clicking 'accept' under a page of legalese constitutes consent
in any meaningful way is disingenuous and as a society we need to grow past
it.

~~~
AdamM12
They write it in a certain manner because the choice of words and grammar
matters [1]. Sure no one (barely anyone) reads them but they could. That isn't
a failing of the company. They provide it. It's a contract. You can read it
and chose not to use it. My main point really is forced consent can only be
forced through violence which the state is the only one who has the legal
right to it's use. Zuck (as funny as an image of it may be) isn't putting a
gun to anyone's head and telling them to use to service. To me this seems to
enshrine FB and other services as a legal right vs. an economic transaction.
Using a service constitutes an economic transaction which the business has the
right to outright charge for (subscription/transaction fee) or in contemporary
society trade data for ad purposes.

[1] [https://www.nytimes.com/2017/03/16/us/oxford-comma-
lawsuit.h...](https://www.nytimes.com/2017/03/16/us/oxford-comma-lawsuit.html)

~~~
thephyber
> Don't like what they are doing; Don't sign up.

It's not nearly as simple as that.

The issue isn't (only) that ToCs are written in legalese (they are a contract,
after all). The bigger issue is that users don't know what Facebook collects
about them or how that can be used against them. And it's clear that Facebook
gathers a significant amount of information on you even if you never "sign up"
for an account.

In the ToCs, it is written in vagaries like "the information you submit to
us", but in practical terms, Facebook has been caught doing things that users
(even very technical users) didn't expect. When you type in the "comment" form
but delete the comment, Facebook has actively analyzed what text was deleted.
The first Facebook iOS app transferred the entire contents of my contacts list
(it's possible that this was messaged previously, but I wasn't aware of this
permission). It's pretty clear that LinkedIn pilfered my GMail contacts
without my permission or even my knowledge.

It's not reasonable to assume that users know what Facebook 2018 might do with
their data when they sign up in 2008. This counts 2x when it comes to M&A --
if a company is purchased, the new company can completely rewrite the ToCs and
I, as a consumer, have no ability to withdraw my previously submitted data to
them (without components of the GDPR).

GDPR's "Right to be Forgotten" is interesting to me because it's a foreign
concept in US law. As an engineer, I find it difficult to deal with corner
cases. As a consumer, I feel like the foundations of what we call "privacy"
are only eroding without the GDPR. Congress is willing to defend the privacy
of children under 13 (COPPA), medical patient records (HIPPA), some financial
account records, but little else.

> Zuck isn't putting a gun to anyone's head and telling them to use to
> service.

This isn't about coercion (or the lack of it). It's about transparency of
operations and information asymmetry.

And I don't mean to hate on Facebook. They have been the target of more
reports, but there are precious few companies in the same industry which don't
have many similar offenses.

~~~
AdamM12
But the lawsuit in question seems to be that the guy doesn't like facebook
using his data for any type of analysis which is different than disclosing
what they are doing with it. I am all for more details of what they do with it
but again from what I read the guy wants to use FB and other services without
allowing them to use his data for anything.

As far as what FB is going to do to use it against me I am not sure what
exactly they can do that will actually be a detriment to my life. Can they
throw me in jail for a mean comment? No. As long as there is proper due
process for government's access to my data (which GDRP to my knowledge doesn't
address and is a whole 'nother legal issue imo) I'm not terribly concerned.

------
jgowdy
Cue the apologists claiming this isn't going to be a money grab very largely
targeting American tech companies, and that GDPR regulators are going to be
very gentle, rational, and friendly in shepherding companies towards privacy
compliance.

I agree with the GDPR in principle, but the manner in which the enforcement
was setup, and the way it didn't phase in the aspects over time, and the way
the fines are subjective from painful to destructive without any clear
guidance as to how they will be levied, and considering the regulations were
written in such a way that people seem to have a very poor understanding of
what the actual rules are unless they have legal teams giving them the answers
leaves me with doubts that this isn't yet another European regulatory money
grab at the same time that it's a much needed advancement on privacy reform.

What's even better is all the non-lawyers posting blog posts saying STOP
FREAKING OUT!!! Stop interpreting the rules wrong!!!

When you create a system that could amount to a severe financial risk, in the
way this was done, I can't exactly rest easy given the advice of Jon Q.
Blogspam Esq attorney from Wordpress School of Law.

If GDPR were clearly and rationally written, if it had a explicit grace period
and progressive fines rather than instant potential massive liability, if
regulators had front loaded more of the official clarifications prior to it
taking effect so that everyone wouldn't have to pay law firms to ask the same
questions, etc then we wouldn't all be flooded with stupid emails and misfires
by every company we do business with. And saying that anyone who is afraid of
GDPR is doing something bad with user data is just unfounded slander.

I am _extremely_ pro-privacy and what they're trying to do for privacy here is
great. The execution could have been much better. And I highly doubt the
apologists will be around to explain why they were wrong when people operating
in good faith, trying their best to be compliant are fined for non-compliance
in an audit.

~~~
slededit
Facebook and Google flagarantly skirted the laws. Facebook ignored the whole
bit about how you can't make consent contingent on providing service. A dialog
forcing people to click "I Agree" like it was any old EULA flys in the face of
both the letter and the spirit of the law.

------
clay_the_ripper
Unsurprising. As an American small business owner, the American market is
plenty big for me. I would not take a European client because it’s not worth
the risk.

------
emiliobumachar
In the heated GDPR debates in Hacker News over the past few weeks, it was
argued again and again that no lawsuits would happen because that's the US
way, In Europe it's different, and the law is phrased in such way as that
people can only complain to the regulator, who will serve as a free sanity
filter. Only if the regulator decides there's a violation, then lawsuits can
occur.

Is that plain wrong, or am I missing something?

~~~
craftyguy
Is not the fact that folks have brought lawsuits against these companies proof
that you're wrong?

------
domakidis
Visiting [https://facebook.com/gdpr](https://facebook.com/gdpr) allows me to
use the chat, though I can't get to access anything else.

[https://i.imgur.com/Kw38lOB.png](https://i.imgur.com/Kw38lOB.png)

------
craftyguy
[https://news.ycombinator.com/item?id=17157649](https://news.ycombinator.com/item?id=17157649)

------
jacquesm
Ironically, the page on theverge.com does almost the same thing.

