
Facebook Locking Out GDPR Users Until They Consent - downandout
https://twitter.com/maxschrems/status/998681336427827201?s=21
======
dragonwriter
Since everything Facebook does requires consent under Article 6 (or, in some
cases, Article 9) of the GDPR, what, exactly, should they do otherwise that
would not violate clear proscriptions in the GDPR?

This isn't a case where there is non-GDPR functionality that can be severed
and provided in the absence of GDPR consent.

~~~
downandout
GDPR is quite unclear about..well...almost everything. But, for example, this
guy wants to read his own messages, which is a rather popular use of Facebook.
If they wanted to comply with GDPR, they could easily present him a dialog
asking solely for permission to process the data necessary to show him his
messages. Instead, they are asking for his consent to their entire new privacy
policy. That policy includes permissions for functions that are not absolutely
necessary to do what this user wants to do, such as ad targeting.

This kind of thing is exactly what I have been saying would happen with GDPR.
Large companies will say “take all of it or leave it” - and for the most part
they’ll get away with it. They have the power to do this, and very little will
change for them. The difference is that they are now able to run without fear
of startup competitors ever closing in on them, because no startup can get
away with this same thing.

The natural effect of GDPR will be to consolidate power and data in the hands
of the few companies that can both afford to comply and wield enough power in
users’ lives to strong-arm them into giving consent to anything the company
wants to do.

~~~
krageon
No, it won't be - because that sort of strong arming is precisely not
compliance. You may argue that they won't be punished for it (I don't think
that is likely, but you are right to think it's an option), but you are wrong
to say it is a natural consequence of compliance.

~~~
dragonwriter
A natural effect of a regulation isn't always a natural effect of compliance;
non-compliance is a natural effect of some regulations.

High illegal immigration from Mexico is, given geography and existing
population demographics, a natural effect of the US’s per-country caps on
family-based immigration categories.

------
Matticus_Rex
As much as I appreciate the sheer balls of this, it's clearly not in
compliance with the law according to the recitals; consent gained in this
fashion is not "freely given." Now personally, I think this approach should be
acceptable -- if you don't like it, don't use it. But under the GDPR, that's
not the deal.

Be right back, making popcorn.

~~~
obelix_
No balls involved here. They know the number of users that will blindly click
accept to whatever policy change popup appears.

So it's standard mo to show users shit, get the clicks, then use the numbers
to justify how much people love the platform. The rest of the herd then stands
back and says hmmm maybe this is what people "really" want.

~~~
salawat
Yeah...

No.

There may not be 'balls' here, but this is definitely the most hilariously bad
way for Facebook to handle this.

What this is REALLY saying is this:

A) We here at Facebook aren't really about connecting people. We are about
marketing, and ad delivery in order to generate revenue.

B) The goal of keeping you connected and communicating with your social graph
is so unimportant to us, that we are either technically incapable, or
otherwise unwilling to provide service to customer bases that we cannot
monetize.

C) We will hold onto, and continue selling any data we have already collected
about you, that we really never got informed consent from you on, because we
told you it was about us connecting you, and you didn't read the fine print.

So either accept, or here is a copy of your data. Excuse us while we sell what
we already have. Ciao!

This will NOT earn Facebook any "Good Faith" points in the court of public
opinion, and is adding further fuel to the international fire of "how far will
contract law be allowed to usurp fundamental rights?"

Popcorn time indeed!

~~~
codycraven
Do you expect anything else from Facebook?

"People just submitted it. I don't know why. They 'trust me'. Dumb f__ks."
-Mark Zuckerberg

------
no1youknowz
Interesting that this coincides with his appearance to the EU parliament [0]?

What's most interesting to me, is that whilst many say this is flat out
illegal under the GDPR. If after this appearance, i.e some form of lobbying to
the EU. Whether it sets a new precedent?

If bigger companies can get away with this sort of action due to lobbying.
Then smaller companies/startups will surely lose out as they are unable to
match lobbying efforts and will result in not being able to be as competitive.

I'm very interested to see how things progress in the coming weeks. Whether
there is an amendment (due to a backdown by Facebook) or this becomes the norm
and other larger companies follow.

[0]:
[https://www.theguardian.com/technology/2018/may/22/european-...](https://www.theguardian.com/technology/2018/may/22/european-
parliament-livestream-mark-zuckerberg-appearance-facebook)

------
downandout
A rough translation of the screenshot:

“Your Options:

If you do not agree, you cannot continue using Facebook. You can delete your
account and you have the option of downloading your information“

------
FollowSteph3
I believe this is the first real test as to how much teeth GDPR will actually
have.

------
headsoup
So all the previous rhetoric about users always having known what they were
signing up to and things being easily opt-out, what was that?

It's amazing (though not really) that all these companies were quite sure they
gave users informed and accurate choices, until _real_ penalties are attached
if that isn't quite true...

------
dmitriid
It may be illegal. See this thread:
[https://mobile.twitter.com/johnnyryan/status/993827965594202...](https://mobile.twitter.com/johnnyryan/status/993827965594202112)

~~~
dragonwriter
I would argue the GDPR would make _anything else_ Facebook could do illegal.
It might also make this illegal, though.

------
tinus_hn
A ‘clever’ strategy would be if they required consent now, before the new
rules kick in, and then later made it optional. Most users won’t go back and
change the permissions anyway.

~~~
Eridrus
I don't think it works like this. If your argument for GDPR compliance is that
you have your user's consent, it is required that the consent was freely
given, when it was collected is orthogonal to that.

------
ec109685
Do note that Facebook, like any large company complying with new regulations ,
have been in contact with EU representatives on their implementation, so the
idea that this is a “bold” move on their part or they are doing something
obviously illegal just isn’t true.

------
zerostar07
If facebook is making >4% of its revenue from EU, then it's worth risking the
fine.

~~~
foepys
As far as I know they can be fined multiple times until they comply with the
law.

~~~
lugg
Not only that, the fines will get exponentially more severe for repeated non
compliance.

~~~
DanBC
The maximum fine is 4% of revenue.

~~~
jononor
...per incident

------
kisstheblade
Saw this yesterday. Deleted my account. Problem solved. Recommended.

------
maym86
What do you have to consent to?

~~~
downandout
Their new privacy policy, which includes consent to all of Facebook’s standard
data processing, ad targeting, etc. You either accept or leave the platform.

------
crb002
GDPR seems like it runs contrary to information theory and will become a
crutch for censorship.

------
mtgx
They're doing this with WhatsApp, too.

WhatsApp is a dead-end at this point anyway, as they plan on removing end-to-
end encryption. That's why both of WhatsApp's founders and many other
employees have started leaving the company.

~~~
LeoNatan25
Any source on that “they plan on removing end-to-end encryption” other than
uneducated speculation?

~~~
dmacedo
It is speculation, but only to some extent; upon the acquisition they've
pledged to preserve the privacy and security of WhatsApp users.

To some extent the announcement of him leaving, following changes to terms of
service last year, make if for a very good canary in the coal mine kind of
warning, that even if bound by confidentiality or other agreements preventing
disclosure, he's leaving $4B behind for "some reason". I'm sure if it was to
launch a new venture that'd be fine to disclose...

~~~
LeoNatan25
It means something fishy might be happening, but they don't have to break e2e
encryption in order to achieve fishy things.

------
petre
What Facebook did is quite a bit like police coercion to make you confess to
perpetrating a crime.

