The impulse to make something better by applying a database engine that you might feel for business processes, can just as easily be felt for customer interactions or the world at large.
For an interesting (and very critical) look at this philosophy I recommend The Circle by Dave Eggers.
The current EU data privacy guideline will be replaced by a regulation in 2018 and Safe Harbor has just been replaced by Privacy Shield for EU->US data transfer, but it will probably not change much.
Compared to the EU, in the US data privacy is hardly existent but people seem to accept it.
edit This is not even touching on the fact that all the data these US companies mine of European citizens is also accessible by the NSA in one form or another (no, Privacy Shield does not effectively prevent this) and the implications that arise from this.
This! Seriously, there's moral relativism and there's squabbling whether a human right "would be nice to have". They/we don't call it a human right lightly. It's to shine a spotlight on something very important that people otherwise don't realise.
> This is not even touching on the fact that all the data these US companies mine of European citizens is also accessible by the NSA
Well in a way, it does. Total surveillance by governments that openly admit you have zero rights in their eyes (as do their citizens, by the way, many times, even on HN ...) is one of the many terrible implications of the existence of these databases.
I feel that the IT world is irresponsible in its collection of data, and doesn't treat it as the liability it is.
(What's the proper word for old data/information before computers)?
A lot of that is due to a lack of training. There's two major ways new people come into programming.
1. Go to college, get a computer science or engineering degree.
2. Self taught.
Neither of those prepares you to deal with the ethics of information storage.
I happened to have an entire course on the topic but only because I took an Information Science minor with my Computer Science major. That course wasn't even an optional elective for me otherwise.
A computer science degree trains you for thinking how to do something. It doesn't teach you how to figure if you should do something.
IMO every SE curriculum should contain a mandatory course looking into historical precedents how information was used in genocides and oppressive regimes (Nazi Germany and the German Democratic Republic are two of the most obvious examples but there are plenty others).
It's ridiculous how it took Trump to get elected for the liberal techies in my Twitter stream to realise that the US government has the power to do really bad things with all the data FB & friends have been collecting.
On the other hand, the data private organisations collect is not restricted - neither what data is collected, nor how or from who.
If voter registration started to ask for skin color, there would be immediate public outrage. If credit scoring services include skin color as a scoring factor, it's a trade secret...
You pretty much need a state ID or drivers license, which lists your skin color. Political contributions are a matter of public record for anticurruption purposes. Vital records offices are more than sufficient for tracing ancestry. Welfare offices know who is poor and medically needy. Telecoms and the post office knew who you communicated with.
There was more than enough information to mount a holocaust on any of those axes long before the current crop of tech companies.
Again, this worst case scenario may not happen, but the fact that it can, even if only with a small chance, makes this massive data collection totally irresponsible.
Also it's a bit of a bizarre argument that tech companies are doing data collection on such a massively intrusive scale, we should really look at the government databases first because they're already more than enough to screw us over with? It's not even a "but they're doing it more!" ...
That said, I wouldn't consider it wrong, per se, to call it data or information these days. Strictly-speaking, old files and records do constitute data, whether they happen to be digitized or not.
Facebook doesn't sell information, it sells ads. That's not the same thing.
The companies that try to sell those types of profiles, by IP or cookie syncing or whatever, seemed to get it wildly, wildly wrong - but the role of accuracy/auditing in the ads business is another discussion. FB seems to be buying a different sort of data than we were, since they know so much more (first/last/birthdate, etc).
Anyway, this is a problem that doesn't start or stop with FB, and the brokers are the dangerous part.
As people shy away from phone calls, and with the competition of VoIP, we gradually saw the erosion of the price per minute we could charge (roughly 40% drop over the course of 5 years).
The company tried to shift by looking at the data we had available. Millions of phone calls, and we knew exactly what kind of service was being called. Banks, airlines, airports, sex lines, restaurants, customer support, whatever. We could see when people called most, for how long, and we even knew which service inside the call centre they were talking to.
It wasn't long before the company wanted to exploit this, and they started working on the ability to play ads while people were waiting to get in touch with a service representative. Targeted ads.
Based on phone habits, we could tell whether the person calling was a stay-at-home parent, retiree, teen, young professional, etc. We could also tell their gender, in 60-70% of cases.
Because of the technology, we had access to actual phone number, even when people called with restricted identity. It's just how it works when you are registered as a "network operator".
This shift from "let's provide an amazing service" to "let's mine the crap out of everyone" definitely contributed in my leaving the company.
That's not really possible. Proof: Say Alice is your client, and her ad targets gay people (even though the ad or the advertised product itself is not necessarily related to being gay). Then using your data about sexual preference, you serve the ads only to gay people. Only gay people will see the ad, and thus only gay people will reach Alice's website. Hence Alice got the data out. QED.
Imagine the government put a policeman on every corner and they recorded the movements of every person in the neighborhood at all times. 4:36pm Mr. Jones walked to newsstand, 4:43pm Mrs Jones opens front door, looks around, closes front door. 4:45pm Mr. Smith dog starts barking. 4:51pm Unknown man shows up at Mr. and Mrs Miller's house. Mr Miller is not home. She invites him in. 5:01pm Mrs Wayne tends to her tomato garden.
Many (most?) people would feel creeped out to know they are being constantly watched and all activities logged. And yet Microsoft, Apple, Google, Facebook and a bunch of others are trying to do exactly that through your computer, your online activity and through your phone and eventually they'll probably also do it with cameras and mics
That argument relies on the collected data being closer to the truth, than the absence of it. I think that may be true for (statistically) normal people. But for narcissists and sociopaths, it may also be a helpful tool for someone creating a fake alter ego of benevolence and 'harmlessness'.
The implications and other uses and data transfers are not talked, or often known about. Just like when you look into food production or global supply chains you find many inconvenient truths there too. As age is so often correlated with cynicism it's probable that many tech applicants (to FB or anywhere) are simply not adequately cynical yet. There's quite a few cases of high profile techies suddenly and surprisingly (well according to reportage anyway :) becoming rather anti.
btw I thought The Circle far too gentle, and simplistic, about the criticism.
Perhaps it's the "cynical Brit" perspective as I felt very much the same about Black Mirror after arrival at Netflix.
Moreover, in the age of information, the one who knows more about the other becomes a potential predator (every country has secret services and spies).
Facebook (and others) knows a lot more about me than I do myself because their computers don't forget, because they analyze what I do in a way I don't.
Moreover Facebook can be tied to other companies or institutions with my consent.
So although the optimization might seem like a good idea, I think it also needs to be put in context. Is this really a good idea. Is optimizing advertisement a noble goal ? It's useful for the advertisers, true. But is it useful for their targets ?
And that's okay, so far as they're open about it. But I don't think they are, especially the sophistication of their psychology research (and experimentation).
If there's so much crap, maybe I want to be able to complain about it.
People might act on the tsunami of crap in manners that may not be profitable for Facebook.
The solution to undesirable, stupid, homeless, uneducated, etc etc isn't to hide it from your vision.
Aside from that this is as silly as "If you don't like organized crime don't buy stuff from the mafia and there's no problem."
It's the involuntary participation in facebook's arrangement that people are bothered by.
And don't use any site with the Facebook "Like" thumbs-up thingy, which is tracking what sites you visit.
Data they don't own. So I suppose, "noble" in the Robin Hood kind of way.
Also, "efficient" in what way? What metric do they optimize that lets advertising benefit society?
Information about you is not necessarily owned by you.
That's all great, but how can I opt-out? Even without a facebook account, they are collecting my data.
AOL: Hi, this is John at AOL. How may I help you today?
Ferrari: I want to cancel my account.
AOL: OK. I mean, is there a problem with the software itself?
Ferrari: No. I don't use it. I don't need it. I don't want it.
John disputes Ferrari's claim that he never uses the account.
AOL: Last year, last month it was 545 hours of usage.
Ferrari: I don't know how to make it any clearer. So I'm just gonna say it one last time. Cancel the account.
AOL: Well, explain to me what is wrong.
Ferrari: I'm not explaining anything to you. Cancel the account.
It goes on like this for 5 minutes.
Ferrari: Cancel my account. Cancel the account. Cancel the account.
IIRC, from the audio the AOL rep. just goes on about how he's "just there to help you". To me, this is the same. "We just want to give you the best advertising that is relevant to you!" So possibly these people just take them at face value. Which is usually a bad idea when there's a profit motive.
Yes the NSA takes privacy very seriously. The NSA spies on everyone else but doesn't spy on Americans, period. Oh, well yeah of course we collect data from Americans but if we find out we are looking at an American's data we're supposed to throw it away immediately.
Throw in a harmless joke about "big scary NSA" to lighten the mood. Nice salary, nice benefits. Most of the students ask for applications after class, it's a career forum for area studies majors and this is by far the most lucrative job presented in the semester.
It's honestly pretty easy to make a deal with the devil, especially if you're smart enough to argue that he's not the devil.
I feel just as violated as any American by the thought of NSA spying me.
2. A US entity is tasked with info collection on the rest of the world (and is good at it).
3. US entities funded by the US have rules that prevent them from spying on those who fund them.
Completely understandable and predictable.
Ah, so that's settled then. So, spying on normal people and prying into their private lives is ethical - as long as they aren't American?
What about American expats? How does the NSA distinguish between them and non-Americans?
What about the Five Eyes? Perhaps the NSA doesn't read about your juicy personal life but GCHQ does because the NSA handed Americans' private data over to them?
You'd have to be pretty blind to not see they in fact are the devil.
Keyword emphasized, and anyway ahat safeguards are there to ensure that they won't turn against "undesirable" Americans at any point in the future?
Like how the American citizens of Japanese origin were more-or-less extra-judicially just herded into camps back around WWII, and the perceived "risk factor" of American Muslims right now.
Now. I watched hundreds of technical presentations from Google and Facebook engineers. Did a presenter ever got into the details on how they track the user for what metric, and so on. Not a single freaking time.
Andrew Ng recently told in a presentation, that all data must be accessible in one place. Did he came across creepy? Not at all. He is such a professional person, that he can even weave in a remark about privacy just right beside the talk about the uber-data-warehouse.
That is professionalism. I expect Facebook to have a silent policy about talking about things developers and admins see on the inside.
Apart from this complex issue. Who inducts ethics for managers? Why do people come up with bad ideas (track all users all the time, or buying such data for that matter) in the first place? Hint: The problem is not developer ethics.
This is a human trait, people do not see the wrong on the things you benefit from.
For example, did you ate beef or fish lately? When was the last time you thought about the animals that were killed in order for you to eat them. Have you seen the sacrifice of an animal needed for eating it. In Mongolia or Middle East nomads will sacrifice the animal in front of you before eating so you know what you eat is the best they have.
Imagine that cows were able to think like humans, and remember what you did to their veal. As a children I worked feeding cows and they are not as stupid as people believe, and they like horses have emotions and personalities like humans have.
When humans personally benefit from something it is very easy to just rationalize it. Humans rationalize everything.
Workers on facebook are multimillionaires that are pretty happy about their life becoming the new central intelligence of the World. They will rationalize it as a good thing focusing on this service being needed and useful for the world, as it is.
The problem is that even when the best of intentions, Governments, and secret services of countries want to use this service for nefarious purposes in the same way that if you centralize money in one place, some people want to take it by force if necessary, if you place too much personal information in some place, some people will want to take it for their own use.
The question of ethics is weighing hard on me, even normally rational people who talk about human rights etc turn off their ethical circuits when question of meat comes up .. I think this points to a deeper question of how rationalising can affect morality ..
Does average human consider their wants above ethics he seems to subscribe? , why is hypocricy not making many upset? Many won't consider themselves as beings who put only themselves above others, they cry out for morality, but when question of ethical boundaries they themselves cross, it becomes question of rationalisation.
One has to really ponder, did a slaver in the past (sad that its not that ancient) who cared about ethics of his fellows , rationalised away his slavery?
If people really thing about this in terms of past people rationalising stuff away, if they feel upset about that, maybe it will lead to them thinking about ethical problems they too rationalise away
No, people very frequently do see that things have downsides. Only idiots think in black and white of 'right' and 'wrong'. For example, you just commented on a site that requires electricity to operate. This usage induces electrical demand and you have therefore contributed to global warming and assisted in killing polar bears. Will you choose to kill more polar bears to respond to me, or do you think it's not that simplistic now?
>Workers on facebook are multimillionaires that are pretty happy about their life
There are tons of people that work at facebook that are not millionaires at all. Most hires at facebook today are making standard SV salaries that could be made working for other companies.
> When was the last time you thought about the animals
> that were killed in order for you to eat them.
SoftGooFace: You don't have to worry about employment ever after
Soft: We are so powerful, we can dump unwanted OS upgrades on people
Goo: We are so powerful, people are terrified of linking to other sites
Face: We are so powerful, even heads of state better watch out before criticizing us
SoftGooFace: Every time someone makes a critical comment about your employer, you can look at your bank account and tell them to f-off
SoftGooFace: And we open source everything
Engineer: Oh, where do I sign up?
Note the sheer desperation to keep the pay secret so it doesn't turn into an auction for scarce resources for engineering talent the way it does with lawyers, bankers, MBA's. If you're in it fore the money don't work for facebrick.
Only to people who don't understand economics. I know the salaries in NYC are high as well, but I understand the cost of living that drives that.
the only reason the cost of living is so high in SF is because of grossly over paid employees who drive up the cost of living. its a private little island of inflation.
Sure. Like they open sourced their Blu-Ray cold storage system. Oh, wait, if they do that, people will realize they should be sued for using the word "delete", since you can't remove data from Blu-Ray.
It's worth remembering that ethics go beyond software rights.
I know what you mean though, it's like they're trained not to discuss topics with outsiders or something?
Pretty standard amongst companies to discourage employees from talking politics about the product.
Methods like this seem to be effective, but creepy and invasive.
Speaking for others is formulating emotional responses for someone else and then constructing a dialog that elicits those feelings in that person. Today, that can be done with software as has been shown time and time again with Facebook. In the past it's been the tool of choice for those who control others. Narcissistic parents or greedy corporations, the end result is the same: loss of choice for all.
* Zuckerberg has grown up and matured. We've all done stupid things at that age so we shouldn't measure him by his infamous line about how his early users were gullible idiots.
* There's no harm in retaining that kind of data. FB is handling the data responsibly because it's their competitive advantage. The only people who could get access are the government and we don't need to worry about the US government doing anything evil with it because that could never happen in the US.
* If you don't want to be on Facebook, don't use Facebook. Nevermind that Facebook will still track you with a shadow profile if any of your friends are on Facebook and staying off Facebook means you have no way to take down photos of yourself shared by others.
* If you don't want something about you ending up on Facebook, don't do it. If you have nothing to hide, you don't have to worry. And you can still ask for your information to be taken down if it does end up on Facebook.
* Facebook is just a company. They don't have any ulterior motive beyond creating a product users want. Market forces prevent Facebook from doing anything bad.
* Civil rights organizations like the EFF may be complaining about Facebook, but they just have a different opinion. They don't understand how Facebook works anyway.
* Who cares about politics? Facebook has a lot of interesting tech problems and it's a great opportunity. I can still go somewhere else if I decide I don't like it.
In other words: the Banality of Evil at work. Same reasoning that allows people to work for organisations like the NSA with a clean conscience.
Maybe I should add a disclaimer that all of the people I talked to were on the younger end of their 20s and most of them were likely drawn in by the opportunity to work on cool tech and the salary & benefits (like being hauled to conferences all over the world where speakers are often treated as celebrities).
Facebook hasn't actually done anything here that is harmful, not with the non-shocking data collection from third parties and not with the data you willingly give them by using their service.
Even the fake news situation, which is another supposed reason why Facebook is evil, is purely a result of the hubbub over having human editors. When the human news editors were around, the news links were interesting, of decent quality and unbiased.
Facebook really hasn't been on the wrong side of any moral or ethical debate, just the wrong side of public opinion (or at least the opinions of writers who need clicks/pageviews).
Imagine I am a producer of sugared water. Do I want you to delve into health issue associated with that? Not necessarily. As a owner of a site that lives from user interaction, do I want my users to go out without their phone and have fun without me? Well, do it, but only if you really must.
There is a conflict of interest here, but that's too disturbing to communicate. Period.
Most people don't have the time and money to check facts anyway, so let's just claim facebook is the internet (for example) - because, you know, without all this livestock, our investors get unhappy. Business as usual, I would say.
Who is it then that allows facebook like buttons and social widgets to be integrated into other sites?
That is actually an intended purpose of many social widgets.
I have no financial stake in Facebook (don't work there), but really don't see many moral problems with what it does. And I think their mission of connecting the world in a single easily discoverable network is absolutely world-changing and noteworthy. It's changed my world for sure.
I just think it's unfair to assume that these issues automatically make Facebook evil and that there's no good they do.
Will we see a Democrat apply anti-trust laws?
This story is utterly baffling.
In this particular case I cannot even see any shade of grey. I apply for a credit card. The application form states that the credit card company may pass the information about me to third parties. The credit card company tells Facebook my income. Facebook does not reveal to me that they know my income. Where is the deception?
As a general rule, I'm a lot more bothered by actual bad actions rather than hypothetical future ones. Facebook collecting all the data they want just doesn't even register as even sorta bad to me. (And no, I don't work there.)
Regarding hypotheticals, if you collect data, it is always there for someone to abuse, whether they are technically "allowed" to do so or not by laws, company policy, or otherwise. It can and does happen more often than we believe as I came to find out from friends and family who work in government and legal roles. I am more of the cautious sort and would rather try to make a best effort that might not be perfect to simply mitigate and minimize the issue of the wrong thing happening. Though these cases may never happen, I am in the camp of "let's not make it easier."
As an aside, a lot of feelings towards these issues can be influenced by environmental and contextual reasons. For instance, I was raised in a family that lost a lot of people due, but not limited to things like data collection, humans selling each other short, supposedly good people making bad choices, and individuals acting highly in self-interest despite their "ethics." Further, I also grew up in a country more under constant and tangible threat than the US for part of my childhood and served in its army against very real threats during wartime. I'm certainly no action hero as my job was more of the engineering and intelligence nature, though I have seen first hand what people can, will, and tend to do with data, especially if there is money or physical security involved. Especially on the other side of things (i.e. our enemies) if they are losing. As such, I am more sensitive than most when it comes to people knowing things about me. I assume "they" know everything, but as I implied, I try not to make it easier than it needs to be and I actively throw in disinformation about myself. It helps if you know a thing or two about algorithms and the best ways to confuse them :)
If you want a peek into a small section of this type of data, go build a facebook ad. You can see all the targeting options. You can upload a list of email and build a "look a like" audience of people who are similar to your customers.
A company called cartalytics will let a brand purchase lists of people who have bought a specific product in the past 6 months and show them ads. Ex. If you've bought a big mac (with a credit or debit card) in the last month, I can show you McDonalds ads.. but they are super expensive.
With so many data sources, it should be easy to find proxies for protected classes (race, sex, etc). Indirect discrimination was (and still is) used to enforce racial segregation ("redlining"). Facebook was recently caught enabling direct discrimination. I wonder if your roommate cares that his company is probably doing the same thing indirectly.
But then they'll tell you that these employees are very happy to work at such factories, because they make way more money than they would ever make on the farm in their hometown, and often work there a year or two to save as much money as they can before moving back to where they lived before.
(Apple actually does way better than most other companies on that front - see http://www.apple.com/supplier-responsibility/)
Does it open an entire rabbit hole about the ethics of globalization? Sure. Is it a strictly black and white issue? ...heh.
I'd presume that they do absent a credible source they don't.
Also, they colluded with other companies to, effectively, keep employees' wages down. Amount of money they saved was probably a rounding error for them in this case too.
Do you happen to know the law that caused them to stop trading PII? Is it only the networks, as opposed to the issuers who trade information?
Moralist? No, I'm just not into feeding the monster.
But, they've worked extremely well for my niche SaaS. We currently focus 60% of our ad budget on FB.
The amazing thing is that hedge funds trade on aggregate credit card purchase data.
This is a race-to-the-bottom. Everyone in this whole area has to compete with whoever is the scummiest exploiter unless they really go out of their way to sell their service with privacy and ethics as the top feature. So, some ethical niche services can exist, but meanwhile, everyone else is screwed, and network effects make any niche thing stay pretty irrelevant.
The only way to avoid races-to-the-bottom in a competitive market is with real enforceable regulation that outlaws the worst shit and requires truly effective disclosures otherwise. That's not easy, sometimes it's impossible, and it often has major negative side-effects and problems, but whether or not we determine that regulation is worth it or not, we know that races-to-the-bottom are a real thing, so we can give some leeway that each company isn't actively trying to be malicious — they are just competing in a race-to-the-bottom situation (and we can reject the dogmatic free-market people who deny that this and all sorts of other natural market-failures exist).
And if you do win the regulation battle, you only win it for the current generation of tech. There will be more, and every decade the power of information collection will get stronger.
I believe that we need to embrace the loss of privacy and ask ourselves how to transition to a world where one's personal history and daily life is freely available to the general public. I give it 30 years until we get there. The tech is certainly not going away.
In Norway we have an independent administrative body of the government called Datatilsynet, known in English as The Norwegian Data Protection Authority. Wikipedia has a very short article about it in English  and a longer article in Norwegian . For a translation of the Norwegian article, see .
Notably, the King and the Ministry may not instruct or reverse Datatilsynet's exercise of authority in the individual case according to law.
So while some parts of a government might want to maximize data collection and surveillance, it is still possible to have other bodies of the government work to protect the privacy of its citizens.
If US didn't bomb Japan, the general public would not have the same fear of nuclear weapons that we have today.
There are some mitigating factors though, like if we push for software freedom and get rid of legal support for DRM… that at least will allow some level of control by technology users.
I've been saying this for years. It's pretty clear that if Facebook told regular users just how much they knew, those users would be seriously creeped out (though, these days, probably not creeped out enough to do anything about it). I expect that another example of this would be the ability of their facial recognition system and the breadth of the database behind it.
Users are Facebook's product, and they should expect to be treated as such. The Facebook site and associated services are just infrastructure designed to a) collect information on users and b) give advertisers optimal access to those users.
edit: also, obviously, Facebook is not the only company engaged in this sort of thing. It's all around us.
I read up on "eigenfaces", and it sounds like Facebook is most likely subtracting my face from the mean and then projecting it onto N different face-like and orthogonal images to obtain numbers like this, and so these numbers would represent the weights used to reconstruct an approximation of my face from a linear combination of basis images. But N=3 is way too small for this method to be useful. It seems silly to share these values with a user but not tell them what it means.
I stopped using Facebook not because I was worried about privacy (although that did help) but because it was just a waste of time. It wasn't doing anything positive for me. All the features that I had once enjoyed had been removed or drowned under a torrent of advertising and aggressively "curated" (calculatedly manipulative) content.
Like, how about this: I pay $1 per month and I get a product that's actually built with me in mind, for my benefit, that I enjoy using. I recently switched to Fastmail (while I don't hate Gmail, it's not been great recently) and guess what: Fastmail is better, clearly more interested in catering to me, and it's dirt cheap. A product built for me... imagine that! Crazy talk, really, in today's ad-subsidized world.
It's perfectly possible today to pay for a service and be the product.
The sad truth: they wouldn't. They'd simply ignore it, because it would shatter their current beliefs.
I did this with my bank a few years back and got back a box file full of credit scores, lending decisions and other stuff they'd never normally expose. Facebook's data for a busy user is going to be enormous by comparison - has anyone done this lately (and published / summarised the results?)
Since then, however, the commission seems to have simply stopped processing requests, without any legal justification to do so .
I just created a new Facebook account after maybe 4 years of radio silence. Two years ago, I had a job doing IT contracting; often I would go to businesses and repair laptops or run cable to a COM room. We had very very few residential clients since they weren't worth our time; the few that we did have were really just courtesy for doing business for so long. I went to one residents home a SINGLE time, hardly interacted with the man, and he definitely did not know my last name.
Guess who pops up on my "Suggested friends", with no mutual friends or place of work or any similar "liked" pages? Yeah, that one client.
Similarly, we worked in a small office in a cold storage facility, and Facebook also suggested that I add their accountant as my friend.
It's really creepy, but if Facebook was able to know that I worked at that employer then it's possible that it was able to make the connection.
If you or one of your contacts uploads their address book then your friendship/connection can be inferred from the emails now in their database.
I'd guess your client has messenger installed if you didn't install it.
LinkedIn did this. Registered, also after years of silence on any kind of social media website other than email: "Would you like to connect with your ex-girlfriend who only emailed you one time at a different address?"
I wrote about this a few days ago. Basically, new Facebook accounts that you run on the app with location services enabled will provide creepy location-based friend suggestions by default.
The link provided is: https://m.facebook.com/help/494750870625830?helpref=uf_perma....
LOL. The amount of personal information requested at those "opt-out" links is suspicious and/or ironic.
Examples of information requested to "opt-out" of the USA partners' reach include: Social Security Number (!), date of birth, "all variations" of full name, all recent mailing addresses, ... (!!)
This is outrageous. Why is the onus on a user who never gave permission to a data broker in the first place? They deal in digitial domain when it comes to selling your data when it comes to consumers rights and concerns they operate exclusively via snail mail?
Don't expect this to change any time soon. These brokers have the US Electorate in their pocket. Bought and paid for.
Facebook and Oracle aren't the bad actors here, if you think there is a bad actor. The baddies are the people giving Oracle (and others) that data about you.
(And now I have to hang my head in shame for saying something that sounds like it is a defense of Oracle. They're baddies for many, many other reasons, just not this one)
So, yes, they have a legal responsibility to not have that data about you, and you can at any point require any company to delete any and all data they have about you, or created by you, and any data derived from it (oops, does that mean training neural networks on your private data means they have to be deleted, too?)
But if the ownership right to your data is centered on the information itself, and not the company part, that raises issues. I can't simply destroy the memory of reading the message you wrote - is someone to cudgel me until I do? If I write in my diary that I saw xyz person walking down the street and they had blue hair, could they demand that I destroy the entry? Would they have to know about the diary entry before they could make such demands, or could they simply say, "destroy all information regarding me"?
Further, as I understand it, municipal security cameras are in wide use, particularly in European cities. Could I demand that the city/town/council/etc delete all footage of me ever? Could I deny them permission to make those recordings?
And last but not least, how on earth would this stance on data ownership not ruin data retention? E.g. this would seem to open up a pretty big hole where I could commit fraud or launder money, and then demand that my bank destroy the evidence.
These are all awkward questions that come up when you try to protect very broad definitions of privacy. Privacy is a thoroughly unnatural concept; In the physical world, it takes a lot of work to do anything in private, and even then, you're just making it easier for people to avoid stumbling on what you're doing.
In fact, that is required automatically – all recordings have to be deleted as soon as possible, the maximum retention periods unless there is specific evidence against you is usually a few weeks or months.
> And last but not least, how on earth would this stance on data ownership not ruin data retention?
That’s literally what happened. The European Court of Justice has ruled that data retention unless technically required is illegal.
If a user didn't agree to their data to be stored in the first place, you don't get to retain it at all.
Whether you can discard data about a user "against their wishes" is likely covered by your terms of service. If you're a commercial hosting provider, there's probably a higher barrier than if you're a free doodling website. This has nothing to do with privacy, though.
If a user tells you to destroy their information, you need to destroy all information about them. There's obviously some wiggle room (e.g. if you keep a flat "view count" on an article, there's likely no way to argue that you should have to deduct the user's views but if you're keeping a record of "views" linked to user IDs the user ID may still be personally identifiable if it can be correlated with other data).
But most companies fail at deleting even the most obvious data. If you "delete" someone's account and they're unable to sign up with the same username or e-mail address again, you're likely not properly deleting information.
And that's if you even offer the option of deleting an account at all. It's horrifying how many (especially American but sometimes even EU) websites don't offer any such option at all or even simply offer an option to "close" an account, marking it as disabled but still retaining all data forever.
> Could I demand that the city/town/council/etc delete all footage of me ever?
Yes. Security cameras have strict regulations and generally recordings have to be destroyed eventually unless there's a good reason to keep them (e.g. they're part of a criminal investigation). This even extends to police cameras: if a police officer makes a recording (e.g. at a demonstration) and the recording isn't relevant to any investigation, you can ask for it to be destroyed ASAP (rather than waiting for them to destroy it). This also extends to other information like your name and address.
> I could commit fraud or launder money, and then demand that my bank destroy the evidence.
There are special laws for financial transactions and criminal investigations. There is such a thing as a "permanent record" but it is clearly defined what goes on it and what doesn't (and at what point it has to be destroyed). There are also very strict laws for handling such information, similarly to the strict PCI rules for handling credit card information.
You're basically arguing that privacy is a slippery slope but in reality it isn't. Privacy may be an "unnatural" concept but the expectation of privacy is a human right (like, officially, as part of the UN Declaration of Human Rights). The EU actually has very few "absurd" policies -- most of them only appear absurd when taken out of context. I assure you that EU privacy laws are not part of them.
Except for the cookie notice. That's not only ineffective but outright ridiculous.
You literally have the cookie notice in your post, too, as the law simply states:
If you collect any tracking data about a user that's not technically required, you have to let them opt in.
This obviously means tracking cookies have to be opt in, and that's how the cookie notice came to be.
Technical cookies, such as login cookies, are exempt, obviously, but other tracking methods, such as storing in localStorage are included.
This is one of the few situations where a technical solution would have been better, e.g. having each cookie come with a specified purpose and letting the browser prompt per issuer and displaying the purpose to the user:
* 3 cookies from ads.google.com: "Personalizing the advertisements you see on this page" [Allow] [Deny]
* 1 cookie from share.facebook.com: "Social media integration" [Allow] [Deny]
* 1 cookie from analytics.example.com: "Anonymized site analytics. For more information see http://example.com/privacy. We value your privacy." [Allow] [Deny]
* 1 cookie from www.example.com: "Keeping you logged in as kuschku on www.example.com" [Allow] [Deny]
But this would require passing an actual web standard and getting browser vendors on board (and Chrome has a conflict of interest making them unlikely to support it without sufficient pressure).
This would have satisfied the legal requirement without creating the obnoxious obligatory "Please click 'okay' or we'll keep showing this message on every page" experience we have now. It would also be less error-prone because the failure state would be "users might deny unjustified cookies" rather than "site will send cookies regardless" when not implemented correctly.
Besides, browsers already ask for permissions for things like desktop notifications or geolocation.
EDIT: I'm not saying this shouldn't have been passed into law. I'm saying the EU should have involved browser vendors and investigated a technical solution before making the notices mandatory. Compliance would have then be easier ("just add these headers") and adoption would have been faster ("it's easy to fix and it's the law").
EDIT2: Unlike the old Semantic Web problem of websites being liars I don't think deceptive purpose statements for cookies would have been a noteworthy issue because it would be literally against the law in the EU to deceive users. It would also have imposed the burden on the actual cookie issuers and created incentives for EU websites to hold their advertising providers accountable to comply with EU laws (rather than build a kludge around them to make their scripts opt-in).
And the StaSi, with constant surveillance of everyone in East Germany, also is still in collective memory, and another reason why no one wants that much surveillance (although acceptance for surveillance went up since the Berlin attacks, quite a bit, actually).
What is the evidence that acceptance of being surveilled went up since the attacks? Opinion polls? Newly proposed legislation? Germany seems to be the bastion of privacy advocation these days so I am curious to hear. I hope that Germany resists letting politicians exploit a heightened emotional state such what exists while the country is grieving a terrible tragedy.
I had never heard this before about the Netherlands and the registry. Do you know why they would have had such a registry?
And no, I don't know much about why the Netherlands had such a registry — just that they did.
It's not black and white, I'm afraid. Those companies writing up the unfair contracts (Oracle, Visa, etc.) deserve a decent share of the blame, too.
Back in November I started getting Facebook spam on my Gmail account, the "people you might know" your emails, and there were people I knew. I clicked on an unsubscribe link that led me to a login. Out of interest I used my Gmail account and reset my password, and within thirty seconds I was back in my account. It was exactly the same account as I had permanently deleted.
My assumption is that someone screwed up at Facebook and ran a query that updated permanently deleted accounts. I'm not sure what else could have caused this to start so spontaneously after years of peace.
How do you know? If FB can't be trusted to actually delete your account (and they can't) how can they be trusted to stop collecting data on you?
In addition to the standard protections of the adblocker and privacybadger, I also generally set a full block on all content from facebook[.com/.net] and any identifiable facebook subdomains. I really have no use for facebook, so it is zero imposition on me, and if I ever want to view something on facebook, I can open up a new private window in an alternate browser as a one-off (or, if I'm feeling paranoid, spin up a VM).
The curious consequence of the willful ignorance on one's own actions is the continued posturing and stark dissonance in expecting ethical behavior from other segments of society. If you can't behave ethically you can't expect it from others.
That level of dissonance is untenable and ultimately every intelligent person has to realize not recognizing and confronting unethical behavior is a race to the bottom and will reflect in every aspect of life around you.
When I got married my husband pretty much immediately showed up as my spouse on my transunion credit report as my spouse. How did they know that? Our names are different. At the time we didn't have any loans together. We lived together but so do siblngs and roommates. We didn't register for any wedding registries or send out any announcements. Our wedding consisted of signing some paperwork at city Hall. They also marked me as "Active Duty Military or Dependant" (hubby is in the army so I became a "dependant" when we got married). So the only logical explanation is transunion can access DEERS, but I would hope the DoD doesn't allow random private companies access to DEERS... They DO have a website where you can lookup if someone is covered under the SCRA but dependants aren't covered under the SCRA and don't show up when queried (I tried).
Again this is my credit report. I didn't report a change in my martial status to any of my financial institutions. Not banks, not credit cards, and we already had a joint account for two years before we were married.
I don't know why you think this would be a creepy thing, social security and credit scores are stongly connected to the legal and taxation system. Its only obvious that the information gets connected. If tomorrow you were to divorce and claim alimony/child support the wages and tax return of your spouse would be garnished, How would that be possible without linking SSN.
Transunion is a private for-profit company; it has nothing to do with Social Security or the legal or taxation systems. Transunion gets its records from institutions that voluntarily report to it, as a business arrangement, (credit card companies, mostly) or they pull from publicly available sources. They don't have direct access to any private government (or non-government) databases unless the owner lets them have access. The reason they collect information about you is for their own business purposes. We aren't talking about the IRS here.
In other words my spousal information got in some company's database somewhere which was relayed to transunion, probably through a few other company's databases. It was surprising that information got to Transunion that fast because, as I said in a reply to a sibling comment, marriage records do not appear to be publicly available in my state. It's creepy to know how fast, far, and wide random information about you spreads. It's also scary to think about how false information about you can spread.
After reading this article it seems like that information almost could have indirectly come from Facebook (we did update our status!)
Just because some information is not "publicly available" does not means Government wont share it with third parties, especially credit bureau.
As far as information coming from Facebook posts thats just ridiculous.
They are constantly checking public records like this and that's how they would have found out. Still a little creepy though.
I can't see if my friends are legally married but I can easily see what they paid for their house.
Divorces are public though and very easy to find on the court's website.
(likely due to a script having a bad reaction with one of the browser extensions granting me a small illusion of privacy)
I am honestly more ok with the government having this data to keep tabs on me than these hundreds of other companies treating my personal info like it's a trading card.
I moved to Norway a few years back, and married a Norwegian man. He has trust in government that me, as an American, simply doesn't have. But to be fair, nearly every time I've contacted government - even being searched at customs and going through immigration - has been a decently pleasant experience. Things just get done. It isn't perfect or anything, but it seems to work.
Whereas in the states, it seemed like every effort was made to screw me over - from the government. Companies, on the other hand, didn't want the bad publicity, so tended to treat folks slightly better.
Another aspect to this is things like health care and infrastructure and things like that. Part of the company relationship - jobs, anyway - is healthcare and decent pay. There isn't much of a safety net, so folks rely on companies' and churches' charities to keep them afloat. Americans see companies bring them the things for life where here, a lot of that stuff is simply provided by the government.
Actually, I think some companies kind of are in some aspects. They may not have the military, but some definitely have a hand on the reigns.
I recently encountered a friend suggestion for someone that I only know online (IRC and later, Google Hangout). I don't really know who they are other than a name (as exposed by GHangout). I've never met them as they are in a completely different country. I don't have the facebook app and the messenger app is forbidden to read my contacts as per CyanogenMod's Privacy Guard. I fail to understand how FB can suggest this? The only possible reason I can think of is when they searched my name on Facebook. How else can they do it?
The sad thing is that you can be completely privacy conscious, but if just one of your friends, family or acquaintances uploads their contacts, and you're part of that upload, they've screwed your privacy via the back door.
The fact Facebook is aggregating all this to make for better advertising options is discomforting, to be sure.
The most concerning aspect of the article is that these data brokers are able to correlate my purchases. It seems inevitable that insurance companies will take all of these individual data points into account: "We're sorry Mr. Register, because you buy McDonald's every week we'll have to raise your life insurance rates."