Maybe I'm over-indexing on one bad example? I'd love to hear more informed opinions about this.
And those damn cookie notices!! Because they show up in every page, everybody accepts the policy without questioning, which completely defeats the purpose. And worse for the user experience, most often the implementation of websites for those notices is dummy, and show the notice upon refreshment, even after having accepted the policy before.
That's because we had our own system established in 1984 (ELV, electronic direct debit based on the EC cards mentioned elsewhere). From a German point of view, a credit card is a downgrade.
- The system covered all German banks (private banks, public banks = Sparkassen, credit unions) because they got their act together and set up a single standard.
- It had lower fees than credit card transactions.
- Pretty soon the card was included with bank account fees, while credit cards cost extra.
- It worked with a magnet stripe and automated electronic clearing in a time when credit cards were merely a slight convenience over manually writing a check which needed to be mailed around the country (you do know why credit cards have name + card number embossed to this day, right? Check out credit part imprinters).
All that made it more attractive to merchants, and credit card companies weren't used to competing in a market that already had a big incumbent.
Not only germans use the german system. When other Europeans go to European institutions that are placed in Germany, we can't use electronic payments. A system established 34 years ago should not be an acceptable excuse for a subpar service.
It is a shame (and quite fraud-risky!) to go on a taxi and have to wait 5-10 minutes for the taxi driver to carbon copy your credit card details in the invoice (now he only needs to memorize 3-4 digits for the security number), whilst in the same country Uber, and other similar services that provide immediate payment facilities with no open handling of sensitive data, have been banned.
The system was developed in those 34 years, both on user visible features (EMV card with chip&pin in 2004) and invisible (SEPA Cards Clearing, implemented in 2015).
The latter allows any SEPA based participant (and those outside, apparently there's some interest in Brazil) to handle clearing of transactions compatibly. That should allow card based SEPA Credit/Debit Transfers (which draws from 34 years old ELV a lot).
Merging incompatible banking systems takes time, but IMHO that's better than just layering another rent seeker or two (the credit card company, plus potentially Stripe) on top.
> whilst in the same country Uber has been banned
Maybe they should have read up on the local regulations instead of spouting their usual nonsense about fighting the taxi cartel? (nevermind that the biggest player in that space is Uber itself)
A cursory reading of the relevant laws got me three different ways to try to establish a legal setup in which they could have proved their contribution to the public transport system for a couple of years (after which that could be extended or be made part of the official playbook). But it sometimes looks like reading laws is a fireable offense at Uber.
I've also noticed that not many people pay contactless, even when the terminals support it... and the cashiers tend to assume that the card is not contactless for some reason.
The merchant fees are part of the total cost, so lower fees provide a competitive edge to the merchant. (the listed price also contains VAT, so you pay what's on the sticker, not like in the US)
Aldi (a discount grocery chain) didn't accept _any_ cards for a long time to avoid these extra costs.
In short: the German market situation is rigged in favor of cash, which is "free", which is hard to compete with when you're selling credit card services for a living.
But in general, even if technically possible, not a lot of businesses accept visa or mastercard - be it that the bank does not provide the service, or that they charge extra, it is not available.
Luckily PSD2 will soon open the space to more players.
So we can use our debit cards for buying tickets for trains, concerts, cinema, money transfer, paying Internet shops, charging pre-pay phones,...
All without paying ATM taxes, regardless of the bank of origin.
So the majority of people, if they aren't traveling abroad or buying Internet stuff on foreign shops, don't have any need for credit cards.
As much as I like cards, I also prefer paying for stuff with cash.
In Portugal it is illegal to buy an expensive computer, or high-end computer monitor, or a high-end TV with cash. Similar thing in France.
Imagine yourself throwing a dinner party in a restaurant with 10 guests and they eat and drink so much that it comes to a point where it's illegal to pay that dinner with cash. Ridiculous.
It is clearly a measure created to prevent tax evasion, which in Portugal is a real issue (as in most Southern Europe countries, I'm Italian) http://www.theportugalnews.com/news/may-2016-portugal-named-....
Since, as your parent says, in Portugal cashless systems are convenient are efficient, I don't really see the issue, aside from your personal preference.
It is clearly a measure created to prevent tax evasion,
this shows the extent to which the banking system has brainwashed us, when 2 people cant conduct a large transaction directly without an intermediary and it seeming 'suspicious'
If you lived in a country where every other week you see in the news some politician caught on camera while pocketing corruption money, you probably would have another viewpoint.
I bought a house in Japan and I had to pay my deposit in cash, approximately US$10,000. Walking around with that much money, I've never been more paranoid in my life.
A few questions:
1. Are you sure it’s illegal?
2. From what value does that apply?
3. How is that enforced?
4. More importantly, who is in trouble if they do so, the buyer or the seller?
* The article is from August 22nd 2017.
* It prohibits cash payments for anything (not just electronics) from 3000€ on.
* For non-residents, the limit is expanded to 10000€, or equivalent in a different currency.
All the benefits from credit cards really come from the fact that you're paying with credit:
- Travel a lot? They sure accept Visa.
- Want to pay some street vendor? Square is only possible because they don't need to dial your bank directly.
Also the fee per transaction might be cheaper on debit cards, but the cost to acquire a debit card reader from your bank is still high. That's why virtually all larger vendors do accept debit cards in Germany, only smaller businesses are cash only (from my perspective).
The real advantages of credit are spending money you don't have, and points/cashback.
On some banks there are bank accounts with automatic credit, up to a certain limit of expenses.
My friend owns a retail business, and acquired a debit card reader for it. I was surprised at how cheap it was (ISTR 50€ -- certainly below 100€). He's quite happy with the bank's tech support, too.
I like having the option to to buy now and pay later at the same price point as paying right now.
Since bank transfers are immediate now (unlike in the past when monthly batching was cost effective) and most credit cards in Germany are managed by the banks and coupled to bank accounts, they could just reconcile all transactions immediately (and even reject those that overdraw too much).
In such a situation, credit would become a risk adjusted premium feature and you'd have to calculate if it's worth it (vs the bank's regular interest rate on overdraw).
Plus, according to the OECD Germans have somewhat higher household savings (relative to household income) than Americans, so the liquidity might be comparable without using credit.
If I have expenses of 100K a year, without access to credit I have to make 100K a year without fail, or I am insolvent. With credit, I can make 100K one year, 0 the next and 200K (+ whatever interest I need to pay for Year 2) in the final year. The optionality is more than worth whatever interest and surcharges I encountered by using credit in Year 2.
Lest you think this is insane, this is how I bootstrapped my last business.
And yes, it's probably a privacy nightmare, I agree. But at least you can make this choice in here.
Those mobile pay systems DO.
Funny, why would they ban a company simply for breaking the law? It throws me off too.
In all seriousness, Uber's business model seems to be a mixture of disregard for labour and transportation regulations and of using their endless supply of investment to aggressively drive the prices down. Do you expect the governments to sit and watch?
No and if laws are broken something can be done, but there are too many cases / stories, like the one described for France in this thread, where the gov was not really interested until they got forced by some corrupt (smelling) means by the big taxi companies and their lobbies. And i'm sure (but maybe that's just cynicism from living life) those companies are not going out for 'the law' or against uber specifically; they would go after anything that is competition for them in any way they can. Uber just is easier because you can play a few cards which are internationally known; big trees catch a lot of wind as we say in NL.
> And in Germany you don't know yet what's living without cash and only with a credit card.
That's on the Germans (especially Berliners), rest of Europe uses cards a lot more. And I'm glad the US finally took their head out of the sand and are using Chip Cards
But yeah the cookie notice is pretty much useless (and I think it's been implemented badly by websites as well). Note not all cookies need the notice (which is a fact overlooked by most sites)
As a side note, I also use my German EC card abroad. Fees are surprisingly low and it is accepted in more countries than you'd expect.
"I'm supposed to pay my dinner bill at a fancy restaurant.. in.. cash?"
Nor will they - unfortunately - accept reservations in English.
Is there a reference for what kind of cookies do and don’t?
> Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29pdf include:
> user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
authentication cookies, to identify the user once he has logged in, for the duration of a session
> user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
> load‑balancing cookies, for the duration of session
user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
> third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.
It’s slower and security isn’t my problem because fraud is covered by the CC company. So I still don’t get what the benefit is or how our heads are above sand now?
User experience of debit cards is just fine, I don't carry any cash, and typing a pin code is just as fast as singing your signature. And currently in the Netherlands debit cards also support contactless payment, where you can pay small amounts of money without proving a pin code. I don't use this though, as I don't feel the need to.
Ok, now explain this:
Denmark, Holland and Norway are nobody's idea of unhealthy societies -- and households there have well over double the debt load of US households.
All debt is tracked, including the 'free' phone you get with your subscription. You can't go over a limit based on your income.
Also a large difference with for example the US is that in the Netherlands you don't need a down payment when buying a home. And until recently you could include the transfer tax, realtor, etc in the mortgage. All which make it easier to buy a home and thereby driving up the debt of a household.
So I still don’t get what the benefit is or how our heads are above sand now?
How this came about is a textbook case study in government-industrial nepotism, including the family  controlling 60% of the taxi companies (edited) literally hiring the head of the French FBI to transfer a couple of months before retirement in the transport ministry, pass anti-Uber legislation, and then retire to a cushy job as the chairman of I think the second or third largest taxi company (owned by the same family). This was exposed in a long article in the Nouvel Obs, a real piece of journalism, which was taken offline about a week after publication (edit - seems to be back! ) and before I could take a copy (only the URLs I sent friends remain as testimony of its existence).  also claims that the Rousselet family blocked a direct rail link between CDG and central Paris (my Uber on that route last week cost 99 EUR), and has kept the number of taxi licenses "near 1930s levels". edit -  claims Paris has 1/5th as many taxis as London or New York, and that no new licenses were given between 1990 and 2002, during which CDG passengers increased almost 50%.
There is an embryonic version of Pool, in the form of Blablacar, an app that arbitrages the very high cost (for French citizen) of SNCF and Air France domestic intercity travel. You post your approximate trip, and riders can ask you to pick them up for a portion of the way. I've travelled 5 hours for 10 EUR this way, and used it frequently between Geneva and Annecy (about 45 minutes, no train link, infrequent buses). Since this app is effectively useless for last minute short trips within a city, it does not compete with taxis, which may explain why it is still around.
 Note that the father of the current chairman was the executor of the will of President Francois Mitterrand - https://www.challenges.fr/entreprise/pourquoi-il-est-impossi...
 https://tempsreel.nouvelobs.com/economie/20150212.OBS2398/de... - on the former security head: "fin 2007, le gouvernement Fillon demande un rapport sur les taxis au préfet Pierre Chassigneux [...] Coïncidence ? Ancien directeur des Renseignements généraux puis directeur de cabinet de François Mitterrand, l’homme est une vieille connaissance d’André Rousselet via le corps préfectoral. Son travail, publié en avril 2008, est si conservateur que la presse le qualifie de "contre-rapport Attali", qui vient, lui, de prôner une véritable libéralisation du métier. Mieux : ce même Pierre Chassigneux devient ensuite… président des Taxis bleus, poste qu’il occupe encore à ce jour !"
When I (UK) think of France in this context I think they're strongly in to workers rights and that probably Uber aren't (based on the kerfuffle in London)? That makes it completely unsurprising to me that Uber wouldn't be doing well in France??
Uber is super-capitalism, it's not communistic, it's lowering workers (proles) wages; and using capitalist investment in order to bottom out the market and bankrupt the other players so that the market can be captured by a single player. Could you perhaps describe why you think this sort of market manipulation, particularly the reduction in wages and reduction in worker rights (through machinations of "they're not employees") makes this communist in any way shape or form??
The use of the word communism was deliberately ambiguous and a bit of a pun given the leaning of a sizeable portion of the population in the 20th century. "Commune" means a small town in French, and "commun" can mean "that belongs to all" or "shared".
The French job market is ultra-regulated which makes it relatively rigid with many people left out (and great conditions for the connected). I remember someone interviewing for selling ice-creams - there were 22 finalists! And most graduates will do year-long, low paid internships outside the regulated, cushy full time job system, which like post-docs in US academia can repeat ad infinitum if the economy is bad.
As everywhere else, UberX/Pool allows the marginalised to get an easy job that's a step up from pizza delivery, whilst drastically expanding the market for rides (and I've seen this play in a lot of countries). This is particularly helpful for the numerous people juggling many jobs, and parents (especially single parents) who appreciate the flexibility.
The market was already captured by a single player in France, the worst possible way - in a similar fashion as healthcare in the US. Other markets that have been completely captured by capitalist foreign mega corporations include web search, browsers, social networking, computers, fast food, fashion, real estate supplies, the auto industry (Renault and Peugeot are French only in name at this point)... I guess at least the Rousselet were French?
Perhaps it is time to see things in grey instead of black and white, to avoid labels, to judge companies and actions by their net welfare effect instead of saying "he's not from my team so he's bad" or "she's from my team so she's good" (I'm thinking of you, Democrats in the last election). Almost forgot - reduction in wages? The taxi companies employed many drivers on survival wages (particularly those with difficult immigration situation) and pocketed the difference. Uber's transparency is a net gain for the worker (and the state, which does not get tax-evaded).
UberPop was popular because it allowed people to car pool easily without talking about money, and decongested city centers particularly at rush hour. Enabling widespread, safe car sharing seems to have been perceived as a good thing given the high number of users. I never heard a bad comment about Uber from normal French people (drivers or riders), always from taxi drivers or the news.
While they do follow taxi regs, I don't see how they aren't "UberX", UberBlack is just called UberBerline here: https://www.uber.com/en-IE/cities/paris/
> blocked a direct rail link between CDG and central Paris (my Uber on that route last week cost 99 EUR)
Well, true, there isn't a direct link, but there is a train link, also link to other cities. Last year an Uber from the city center to CDG had a fixed price (if I estimate the fare today it gives me 45Eur for X or 70Eur for UberBerline)
I haven't used Blablacar though
The RER B is not a direct train link - it's equivalent to taking the Piccadilly Line from Heathrow, you will take a long time through many stations and share with commuters. Think instead Hong Kong's express train or the Narita Express in Tokyo: a fast, clean, premium service that takes you from airport to city centre core locations in a couple of stops (the Heathrow Express is actually pretty bad for this as it arrives somewhere far from most places of interest which is why they're building CrossRail).
UberX/Pool in most of the world (although this is changing - e.g. license now required in Singapore) means the everyday salaryman who happens to commute by car and decides to pick people up on the way to bump up his end of month. Many people end up doing this full time but usually in between jobs. In some countries it's lucrative enough to become a career.
How nice an X/Pool car is depends on the local market. In Singapore it used to be old, entry level Toyotas but as the rental company business improved it became small SUVs (like the Honda Vezel). In Sydney you get anything from a Subaru WRX to an E-class.
Black in most of the world means "professional driver, new-ish sedan used for professional transport" and that depends again on the price locally. In Ho Chi Minh City it's a local market 8 seater van (like a bare bones Honda Odyssey with leather seats). In Singapore you can get the odd Mercedes E-class. In Hong Kong you get many Teslas, with the rest Audi A6 or larger.
In France, X/Pool now use professional drivers, and the cars are sedans: Renault Laguna, Volvo S60, etc. In that sense, the service is equivalent to Black in the rest of the world.
I agree about insurance and tax, but it really depends how you implement it. In Singapore, the license is very cheap and requires a few hours of training (for safety and to know your obligations). This is a stark contrast to 300k+ EUR/USD medallions.
There is now a project to create another direct line between the airport and Gare de l'Est (and shutting down the direct trains of line B at the same time), the CDG express (https://en.wikipedia.org/wiki/CDG_Express and more info in French https://fr.wikipedia.org/wiki/CDG_Express). The project was indeed stopped in 2011 butis now alive again, and very likely to be made. Se also http://www.cdgexpress.com
The last time I tried to take the RER (early 2010s), I was in a train full of graffiti, with drunks (or drug users?) passed out across the seats, and few escalators/lifts for my 20kg suitcase. So after this I thought it was less painful to pay for a taxi, the experience put me off trying the RER again.
This round, the problem was a strike which surge priced the fare into 8 minutes ETA and 2x the usual.
It's funny that CDG is actually a TGV station - you can probably reach other cities faster (and more comfortably) than Paris as a result.
Well a regular "taxi parisien" between CDG and Paris is 50 € or 55 €: https://www.g7.fr/tarifs-taxis-paris Uber is not always cheaper…
SNCF is often pretty cheap.
Also Uber X seems pretty similar in France and in the US to me. It is not all big black cars.
Do you guys even have chip and pin everywhere yet? Last time I was over, you didn’t, and we moved onto contactless in the UK years ago.
You have no idea what you're speaking about, do you? Uber is not banned in France. It's being investigated for multiple suspicions of breaking the law.
> Because they show up in every page, everybody accepts the policy without questioning
Well, if people can't read a notice, I can't see how that's the fault of the EU.
> And worse for the user experience, most often the implementation of websites for those notices is dummy
So now, it's the fault of the EU regulations if websites are cheating with the law and breaking UX.
Perhaps I'm misunderstanding but are you arguing that it's good restaurants evade taxes because it keeps their prices low?
Many restaurants (especially those with good service + good price) had to increase their prices a lot since then.
Sorry but what is a legit reason and it's a legit reason for what?
The EU also recently introduced and controls on credit card fees (that a merchant pays) with the aim of making it as cheap to transact as cash. That is of course only true if cash isn't being used to avoid taxation.
It fails if you want to buy food in the streets maybe, not every Doner can be paid by card.
But.. that's normal and aligns with what I see here in Singapore now: Cashless, unless small food shop/hawker place or something similar.
Germany doesn't accept _credit cards_ on a large scale. It does support paying with a card made of plastic usually..
Being able to force social networks to provide me with a physical copy of my data is alone a reason to get an EU citizenship. I don't even use the social networks, i just demand my data every 3 months to FB, Tinder and Linkedin to punish them for being so aggressive in their spamming and tracking.
Being safe from throttling, censorship and all the nice stuff that US ISPs are going to feed american citizens with is also pretty nice.
Also very efficiently getting my money back when companies try to scam me.
What does Google ship with Pixels? The same USB-C fast charger and USB-C cable, then toss in a micro-USB to USB-C adapter for regulatory compliance?
1) USB-C fast charger
2) USB-C cable
3) USB-C to USB-A cable
No adapter whatsoever. I assume it's the exact same as anywhere in the world. Therefore it seems USB-C is considered an acceptable next standard for phone charging in the EU.
On a side-related note, I wonder why Apple was never subjected to charging standards in the EU.
The maximum they can charge is set in law and is about €5.
More details for Facebook here: http://europe-v-facebook.org/EN/Get_your_Data_/get_your_data...
I believe in Germany you can have someone send all your private data once a year in physical copy and you only need to pay for undue transport costs.
Usualy it is all photos and vids yove uploaded, comments etc.
Mine was most complete. Including some sort of keywords tags i am interested in. Not things i followed but what fb thinks i like.
Other datasets did not include this but one included all the times someone connected to the account including IP and location.
Anyone who consumed the content in this message agrees to pay this user 1 BTC
Note that this isn't just about cookies. It's pretty much any information being sent from the user's computer or stored on the user's computer: "Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller."
As far as I can tell, this is mostly because member states capitulated before online advertising exchanges (it's a directive, not a regulation, so it is implemented by member states) and allowed them to work around the clear intent of the directive.
That's worrisome when it applies to people, and I'd like to think its worrisome when applied to corporations too.
> Simpler rules on cookies: The so called "cookie provision", which has resulted in an overload of consent requests for internet users, will be streamlined. New rules will allow users to be more in control of their settings, providing an easy way to accept or refuse the tracking of cookies and other identifiers in case of privacy risks. The proposal clarifies that no consent is needed for non-privacy intrusive cookies improving internet experience (e.g. to remember shopping cart history). Cookies set by a visited website counting the number of visitors to that website will no longer require consent.
> With the presentation of the proposals today, the Commission is calling on the European Parliament and the Council to work swiftly and to ensure their smooth adoption by 25 May 2018, when the General Data Protection Regulation will enter into application. The intention is to provide citizens and businesses with a fully-fledged and complete legal framework for privacy and data protection in Europe by this date.
Basically everything that isn't invading their privacy requires no notice.
True, but who bothers to actually read the legislation?
authentication cookies, user‑centric security cookies,
multimedia content player cookies, load‑balancing cookies,
user‑interface customisation cookies, third‑party social plug‑in content‑sharing
I also don't think you can think of developer time like that. Imagine how many caterers have gone into making websites work on IE6. Stuff like that happens.
This is often what happens when legislatures take a first swing and regulating something. That rule about "build one to throw away" is just as relevant with law as it is code.
Hope that's clear enough now.
I could go into a long list about the privacy restricting laws passed all over Europe, specially Britain and France. Germany is somewhat better but they are essentially fighting a flood and most politician think its far easier to go with the flow and significant measures have been adopted even there.
I am far more afraid of being arrested because I violated some EU regulation about 'hacking tools'(yes, those are iligal in Germany, whatever it means), 'drugs' or any of many other freedom restricting or plain nonsensical polices in the EU.
If I can pick who can have all my data I would pick google, facebook and so an before I would ever, ever pick the EU (or most states). Mostly because google and facebook have little interest or care about my political views, my consumption habits or who I am sleeping with and who I associate with, unless it is to offer me deals to get these things easier.
While I know for sure that I am indexed on many list from the government about a potential problem because I was at Snowden and other political lectures and events that explained what happened when the state became angry at you. There are no lecture by people who hide out in Russia unable to see their family becase of google evil data collection.
The EU on the other hand seem very interested in pretty much every single aspect on my live and and am actively in violation to lots of these 'laws' already, indeed most people are. Not to mention that they have a continent wide security service, special forces, many spy agencies and large armies.
A further point relates to the problem that once states gain such control of how any company deals with data it is not gone be long before all companies are legally required to give standard access to all this data (a view already expressed by many, many politicians, police union chiefs and burocrates on al level all over Europe).
So I'm sorry I can't join your positivism about good guy Europe finally going after evil US cooperation (who have given me free services for pretty much my whole live, not to mention lots of Open Source code that I literally use every day).
The EU has no special forces, spy agencies, or army. Let alone a large one. Yes: the EU's member states have armies. But so do the member states of the CERN cooperation. That doesn't mean it's a particle accelerator with an air force.
Nor does the EU have any impact on criminal law, so you won't be arrested for anything anytime soon.
It is also a myth that EU enforcement of privacy rights (or antitrust laws) is used for protectionism. The number and sums of fines levied on companies from the EU/US/Asia, for example, closely track each country/regions economic activity in the EU. If anything, EU and Asian companies are hit more often than their US counterparts–possibly because the US actually has rather high standards for corporate governance.
> A further point relates to the problem that once states gain such control of how any company deals with data it is not gone be long before all companies are legally required to give standard access to all this data
Stuff like this is purely conspiratorial. And it doesn't even make sense: If there's a "you must share user data with the government"-law in the making, how do privacy rules make it easier to pass today than at any point in the past? With privacy coming up in the news any time the EU picks a fight with one of these companies, it seems as if their actions would only serve to educate the public about the value of privacy. And would such rules not actually lessen the value of the data amassed by companies, making it less useful to gain access?
> a view already expressed by many, many politicians
Hi there, Mr. President!
While its correct that the EU does not have these things, even if they want to have them. The agreements for information exchange and other programs alonge these lines do get negotiated above the state-to-state level and the EU is absolutly involved.
Second, privacy laws that pass on the EU level are required to be implemented by memeber states.
Preventative saving of connection metadate is an example where germany had to pay fines to the EU because they did not comply (I can give more resources if you want). This caused the issue to come back again and again in Germany because compliance with EU level rules is a major political goal of many parties.
So yes, the EU is not yet as powerful as I made out. But the agreements between the member state make compliance to a common framework far more likely.
> It is also a myth that EU enforcement of privacy rights (or antitrust laws) is used for protectionism.
Your arguments don't confine me. Just because the EU also goes after its own cooperation very often as well, does not mean that all of these actions have the same motivation.
You can go and read in detail about how large media groups tried to use EU regulation against google, specifically google indexing of their results. They advanced HIGHLY privacy threading solutions and a large number of politicians go on board of of the anti-google train.
This is well documented in the German hacker community, there are lots of talks, podcast, write ups about this and other issues like it.
Now you can argue that the politicians were just good willed Samaritans but if you choice to believe that we don't really have to argue anymore.
> Stuff like this is purely conspiratorial. And it doesn't even make sense: If there's a "you must share user data with the government"-law in the making, how do privacy rules make it easier to pass today than at any point in the past?
You think regulation of internal company data usage of a foreign cooperation does not serve as precedence for further regulation about usage and law applying to that exact same data?
Again, this sort of things have been document again and again. The government starts collecting data for one reason, promising it will not be used for other things. Once it is established and the data exists, political pressure mounts because everybody wants it.
If the EU/France government has exact information and monitoring ability of all Facebook internal data movement, it will make it far more likely that will go further. That is simply public choice theory. Also, again, there are lots of examples, this is exactly what happened with the Maut system in Germany.
> With privacy coming up in the news any time the EU picks a fight with one of these companies, it seems as if their actions would only serve to educate the public about the value of privacy. And would such rules not actually lessen the value of the data amassed by companies, making it less useful to gain access?
The value lots is a far, far less then what you assume. These news are bigger in our bubble, most people in most of Europe know absolutely nothing about these data regulations and they don't know that France is trying to do anything. Even if they did, it would have no impact on the profit of google or Facebook. They have been in the news about these issues over and over again and there is absolutely no long term impact on their stock prices.
tl:dr; There are examples of all these mechanism in the EU and between the EU and members
Initially you seemed to be objecting to the EU's privacy actions against private companies such as Facebook, based on what appeared to be the idea that it's hypocritical for the EU to do so while invading privacy themselves. You also suggested that EU privacy rules are drawn as part of a strategy to make it easier to get access to such data themselves.
I still fail to see any mechanism for these arguments to work: It's perfectly possible that the EU takes a hard line of private company's use of data with purely good intentions, while not living up to those standards themselves. That is, in fact, what Occam's Razor would suggest, considering we all see our use of user data as benign, at least in comparison to others'.
I still disagree with the idea that the EU itself is a bad actor with regards to private data. Conflating legislation in member states in your criticism only serves Anti-EU populism, when the EU has in reality been a force for citizens' right across the continent.
To use your own example: the EU's Data Retention Directive was actually invalidated by the European Court of Justice in 2013: https://en.wikipedia.org/wiki/Data_Retention_Directive. In the course of that case, it also established "that general and blanket data retention is no longer possible".
This has a lasting effect on efforts in member states to create their own data retention laws. Quote: In a television interview, the EU Advocate General Pedro Cruz Villalón highlighted the risk that the retained data might be used illegally in ways that are "potentially detrimental to privacy or, more broadly, fraudulent or even malicious".
As to the second point, namely that action on private data collection somehow makes it easier for governments to access such data, you fail to give a mechanism for this process, as well.
Yes, the toll-road example shows that any collection of data will sooner or later attract the attention of, for example, law enforcement. But how does action against WhatsApp/Facebook make any efforts to access WhatsApp/Facebook data easier? Everyone already knows that Facebook's data is incredibly valuable for law enforcement, yet also sensitive. Law enforcement agencies have for years accessed that data via court orders.
Toll Collect happens to be a great example showing that the best way to keep law enforcements' grubby hands off our data is to never collect such data in the first place. That's something called "data minimisation", and it's the cornerstone of the EU's privacy directive, and also at the heart of this WhatsApp/FB action.
Also there is ongoing effort to make many of these laws standard for the whole EU. For example, the saving of all phone and internet metadate for multible month is now mandetory for all EU states.
In germany the suprme court shut the initiative down and germany had to pay fines to the EU. Last I remembered this idea has come back in germany and all the fight german hackers (CCC) and co have put up did not work.
There is a large number of things here, and many have long lectures add Chaos Communication Congress during the last 10 years.
In other words, in terms of things you care about absolute data privacy may be #1 on your list, others may be willing to accept less privacy for an internet that can continue to exist on an ad supported business model. Why should you have your way (enforced by the government) and others not get their way. We already have strong disclosure laws in both the US and Europe about data use, and at the end of the day it's your choice.
A strictly libertarian viewpoint would say that no disclosure should be required and you should just choose to avoid any service that doesn't provide full disclosure. After all, it's their right to not provide that information to you and it's your right to not use that service as a result.
So while I agree that people should be free to trade privacy for other things like getting a free service, I do wish there are stronger regulations to protect people who choose to opt out. And better transparency on how your data is being used.
If Facebook declines to pay these fines, then presumably their execs would be arrested if they ever travelled anywhere in the EU.
While FB can claim that it “is only subject to the legislation of [the US].”, that is obviously not the case, and once the EU regulators gain their teeth, I'm sure we'll see FB change their tune.
It's interesting how many people here believe that there is no other possibility other than "we get what we want to happen".
Your faith is, IMHO, misplaced.
There are many cases in history where other companies decided it wasn't worth the cost of doing business in certain countries.
Or they just successfully coopted the governments!
Facebook (the website) is not rocket science. As for Google, replacing it could take time, but in the long run it's good to destroy their monopoly in Europe.
Not for some of us just starting our companies. "Worst" case scenario is smaller players that would otherwise play globally will now not play in the EU market.
I was told the other day, "don't worry about it if you don't have sensitive data." That misunderstands risk management. I have plenty of customer potential on this side of the pond, why even risk it until I am large and have saturated my pool? I plan on handling my data completely within the spirit of that law, I just don't want to risk it. Seems on risk alone, others will have to make the same decision as me. We're not losing out really (we can only grow so fast) but those in the EU that might want access to the global market, big or small, might be.
I get that regulations make it more difficult for companies to enter a market, but if that means more protection for the user privacy (in this specific case), I cannot see how that could be a problem.
The fact that the EU might have more data protection than, say, the US, could also be an added value to a service. Case in point: protonmail. It's not EU-based, but they use Swiss privacy regulations as a selling point. Some people are willing to pay more for that.
Anyone who thinks RTBF wont create internet graveyard is delusional. GDPR needs to explicitly exempt legally-obtained/user-submitted public PII ASAP.
 Which is obviously very low number. Imagine GDPR for 7 billion people.
> I cannot see how that could be a problem.
This is a cost/benefit calculation, but not an easy one. In general a given set of regulations will have both costs to the consumer such as reduced choice and increased prices (due to regulatory costs being passed through), and benefits such as better protection of personal information in this case.
Now, the fact that users in the EU seem to currently be supportive of these regulations suggests that they are willing to pay that cost to get that benefit. And that's their decision!
But consider the scenario where this trend carries on, and startups are increasingly not able to get a toehold due to incredibly high compliance costs. That could stifle the economic development in the EU, and lead to further concentration of power as only large companies can afford to pay the lawyer bills to meet the regulations.
Yup, that was the point.
> And that's their decision
Some at least. It's modern European federalism. The same people that the lawmakers believe aren't able to make their own decisions about which services are good or bad for them are, yet, able to determine that these regulations will be beneficial.
That's a valid argument in a perfectly transparent world with even negotiating power. But companies are opaque or change their handling of data (that one is the basis of this story!) and there's a race to the bottom where most options are severely lacking in privacy.
And these regulations are a very minor impingement on free contract-making. You can still give up privacy, you just can't give it up irrevocably.
> And these regulations are a very minor impingement on free contract-making
Agreed, but it's a question of cost vs benefit. They may not be a minor impingement on smaller companies and consumer choice and may make minimal impact anyways. I think we can all see that, if the law is evenly applied, smaller companies stand to lose most. Granted, the EU tends to subjectively choose when to bring the hammer down and it's mostly on larger companies. But it's still not worth the risk.
> All this data
What, from my two large customers? So EU says I violated article 5 and the personal data wasn't "processed lawfully, fairly and in a transparent manner in relation to the data subject". Ug, such subjectivity. It is so sad to see so many people want solutions to these problems that they assume the GPDR is it. I can't do business there just praying I don't misstep and go bankrupt or subjecting myself to the whims of these loaded terms like "transparency" until I am large enough to absorb the blow.
I think it's fair. You shouldn't break the law. That regulation may be overkill in terms of punishment, but that doesn't mean that the regulation itself is wrong. Laws are imperfect. Regulations exist in every industry and there's a reason for that. Over regulating is a burden for a business, but under regulating is bad for customers (or the environment, or whatever).
The reality is, no board will in any circumstance quit doing business in the largest economic area in the world by far , at least if they want to keep their job. Thinking otherwise is just naïve, I'm afraid.
In fact, my impression is that these policies encourage all involved actors into developing a better business model that can accommodate different sensibilities, and hopefully explore new revenue sources. I'm sure something good will come out out of this for FB and the rest of data moguls. The 'we sell your privacy for peanuts' is a rat race no matter how you look at it, and it is in fact slowly declining for everything but mobile according to some .
I don't really see how this is comparable. Google has had a subset of things available in China forever (translate, as a clear example), and interacts with China for certain things (AlphaGo). That doesn't change the fact that none of its "moneymaker" consumer products have operated there for years.
No, that's absolutely not going to happen.
Additionally, they'd never risk withdrawing from a market and letting a local competitor develop, take hold, expand, and attack them on home turf. Look at social networks and search engines in China.
EDIT: I see you are fairly highly placed in Google. I'm quite surprised if you genuinely think what you wrote, given the raw numbers you must surely know, but given your legal training, I am not at all surprised that you would posture as if you were unaware of this.
Character assassination, awesome!
Please leave the company i work for this out of this, always. I never speak for my company on hacker news unless i say otherwise. I've been very clear and consistent about that.
However, given the personal attack, i'm done.
This kind of stupid bullshit is one reason i've stopped contributing as much lately.
It's nice for you to present your opinion as if it was the only true possibility and everyone else is an idiot.
It's not, however, a great way to foster a discussion.
Tacking on a personal attack makes it even more welcoming.
Firstly, you have not responded at all to my comment on your comment. A sensible and worthwhile discussion may come out of addressing those observations.
Secondly, crimes are in the eye of the judge, but as the accused perpetrator holding my own council, referring to your role in Google and your legal training was a kind of awe. I am a game theorist (the bridge between my applied mathematics and macroeconomics careers) and so I am well aware of the importance of signalling and posturing. I fully expect that a lawyer, schooled and practiced in the manner of approaching a debate, is equally attuned to how what is said and what is not said. The game theorist in me saw something closely resembling strategic pre-positioning, and entirely without second aims, I called it out for what it looked like. That is not character assassination (in my eyes) but just a tiny bit of critical reading of your prose.
If you really want your employer to be left out of this, you can signal that to us all by removing any references to Google on your (already impressive) profile. Or perhaps leave the reference to Google but also ad something to the effect of “leave my employer out of this".
Anyway, returning to the main argument: I doubt any internet behemoth can afford to pull out of the EU and lose access to 740 million affluent consumers because they'd instantly lose revenue that would ruin their bottom line while also giving local European companies a neo terra nullis to develop their products experimenting on their captive audience until they are ready to take the fight back to the behemoths’ home turf.
The internet blue-chips hate being excluded from anywhere because whenever they are excluded from somewhere their revenue drops and some new competitor starts to simmer.
Haters are disproportionately represented in replies.
I have no side in this debate, and I’m sure you already realize this, but having the company you work for (especially when you are at a higher than IC level) is the surest way for people to not do that.
Plenty of folks on HN know i'm happy to participate, even in contentious topics.
I can get that kind of 'discussion' on Reddit.
(IE Where the response would be someone pointing out that claiming someone else is posturing is itself posturing, etc).
Meanwhile, i'll stick to HN discussions with people who assume good faith and actually want to talk about the topic. When that stops being a possibility, i'll delete my account and go do something else with the time.
It quite literally was (ie it's literally dictionary definition character assassination), and if you don't understand that, i'm not sure what to tell you
"However, it's a very convenient cop-out for you to duck out of the discussion. "
So, just to get this straight, your way of having a "discussion" is:
1. slag on someone's character and background for no reason.
2. drag irrelevant stuff into the mix.
3. Cast aspersions on their motivations for refusing to participate as a result.
Yes, if that's how you have "discussions", please, feel free to keep me the hell out of them.
I've participated in plenty contentious discussions on HN with actually civil people.
I'd be very surprised if the case described in the OP was the last straw for FB in the EU though. By "change their tune" I really just meant that they will have to take another position than "your laws don't apply to us even though we do business in the EU". Exiting the EU would also be a change of tune as well!
(I don't have any numbers here, and would be interested in your thoughts, but I'd be very surprised if regulatory compliance was eating as much as 10% of FB's profit in the EU. I'd guess it's more like 1%. But that's just shooting from the hip based on my experience in a more regulated space than FB's. I'd expect FB to remain in the EU until regulatory costs made it unprofitable; it would seem hard to justify any other approach to their shareholders.)
If they turn off access for the EU, then many people will try to produce a new social network that can play by EU rules. You already know the features that are needed, just look at what FB does now. Social networks are very suspectible to the network effect. This/these new companies will be able to operate in the USA and EU, whereas facebook chooses to avoid EU. So what happens when there is another social network that's about as big as Facebook? Is that a good move for FB?
Facebook Ireland Ltd is a company in Ireland (an EU member). Every FB user outside the US & Canada has a legal agreement with them. I don't know who you pay when an EU entity buys adverts on FB, but if it's to FB Ireland Ltd, then there's the money you take. FB also has offices all over the EU. That's the property you sieze and charge.
A tangential, but political relevant point: tech companies are in a particularly bad spot in the US because they are hated by both sides; republicans hate them because they are perceived as having liberal bias while democrats hate them because of tax avoidance, worsening inequality, job losses due to automation etc. So a political action against them would be easier to pull off compared to some other sectors like energy or finance.
Worked for universal healthcare, right?
Whether this is jealousy, or its because people in Tech understand better the power, control and knowledge these companies have than the regular joe is something that isn’t clear to me.
CNBC compiled a lost of fines handed out by the EU and some of the largest ones concern companies from the EU:
Part of the reason you will mostly hear of companies outside France running afoul of the rules, is that companies that is incorporated outside French jurisdiction is generally out of reach of French authority, and they try get away with ignoring them.
In the case with Facebook described in the article, Facebook refuse to even provide samples of what data they send, stating that they consider themselves not bound by French law and EU rules, but only by US rules.
French companies are more unlikely to get into that situation in the first hand, as if they would break data protection laws and ignore legal requests for information, the police could (potentially) walk in one day, only to walk out with all your storage arrays.
Given the history of Europe, it's almost certainly not all about protectionism, and part of it might also be about a different kind of protectionism then economic.
As the US election seems to show, availability of mass amounts of personal information can be a threath to democratic process itself, and Europe has seen information turned into weapons of population control long before internet was a thing, and the democracy we have is at the cost of tremendous amounts of blood and death.
Sure, having the information only available within a country doesn't negate the risk for that country, but it helps reduce it for all other. Privacy laws help ensure democratic processed is not as easily hijacked by either foreign states, or multinationals.
(Are you counting protectionist immigration laws as part of countries' industrial-governmental complexes?)
I'd say both are protectionist and both are wrong. My interpretation of your parent was simply that it is protectionist of France to be doing this (and I'd argue that makes it as wrong as the American protectionism that you brought up).
US tech companies (and in many cases the US government) have been operating as if the national laws of the rest of the world are sub-ordinate to theirs, or just in the way. Succesive UK governments have turned a blind eye due to the Special Relationship. However things are starting to catch up in the EU. There has been a distinct change in opinion towards the US in Europe I have detected. Bush jnr made the US look sub-intellectual, Obama made it seem inward-looking. I don't know anyone in Europe who thinks Trump is anything more than a deeply cynical character. People don't see the US as the land of opportunity and commerce anymore. They see it as self-serving and insular.
Great empires all come to an end. It takes time, but this one is in decline.
FB wouldn’t have grown (that way) in France in the first place.
Also, I don't agree with the protectionism part. We (unfortunately) don't even have the beginning of a french competitor to facebook or whatsapp, even in the whole Europe. So asking whatsapp to comply can not possibly be seen as a way to favor the local brands. In that sense, it's completely different from what China is doing in the field.
Edit: ironicaly, the fact that FB doesn't pay any tax in France also makes our government 100% free of all pressure :D
After watching that recent video by TechAltar where he speaks about the EU not having a lot of tech companies, I was feeling a bit low. But your point actually makes sense, and makes me think that perhaps it's for the best since the EU will actually have the political means to reign in big tech. companies - basically the big oil of this age.
Let’s be honest, Facebook would have never had a chance as a French company.
I’d be remiss not to mention it saddens me that every time the US has faced internet-related difficulties (SOPA, PIPA, this latest FCC decision), I’ve seen multiple Europeans making noise in support, yet I haven’t observed the reverse to be true at all. In our own fight for Net Neutrality or against the VAT reform that hurts mostly small business, what I saw from the US was crickets.
I agree with you that the EU is better than the US on these types of issues, but with every threat it faces, I see less results.
: Which I appreciate and have taken good advantage of already, but would gladly give up for Net Neutrality.
He asking for random access to every device is like the minister of agriculture asking for stable and higher milk prices. Expected.
He's unfortunately not just sputtering what he wants, he also wants stupid and dangerous things and likes to play the "think of the children" (his predecessor really liked that one), "fight the terrorism" cards.
Every country has loonies.
I wish we would get a true liberal in that position soon, but our liberals are more concerned with deregulating companies than with citizen's rights.
The US is a lot easier, a two party system is heaven for corruption.
I liken it to capitalism 2.0 or a new form of corrupted monarchy where the 1% of royalty will protect their castles by slowly diminishing the power of the population’s representative government.
In China there seems to be at least some anxiety amongst the wealthy that the Comunist party’s eye of Sauron might gaze upon you and your life tossed into the flaming lava as it’s harder for a system without elections to be corrupted by lobbyists.
In the US the big money interests are supremely defiant.
Europe still scarred by the wars seems to understand the need for opportunity and decency on a much deeper level.
What is needed is simply competition and for people who care about the things you care about to have influence among end user communities.
I had been cultivating the two as separate networks, to avoid the algorithm’s tunnel vision and interact with a wider circle of people. I never linked my IG and FB accounts together. I use both of them for my business as an artist, and have thousands of people that I’ve never met on both. On instagram, they started emphasizing the posts of people I had recently interacted with on Facebook, and vice versa. Presumably, the algo does this because it deduced I’m particularly interested in those people. It’s an incorrect guess and is actually the opposite of what I’m trying to achieve by using the two apps.
When Instagram was purchased, I presumed that Facebook was going to slowly turning into Facebook and ruin it. It’s a typical story – a new product comes up that is successful or special for reasons that a large company can’t understand, and since they didn’t understand it enough to create it, once they own it, they can’t continue the recipe. Filtering the feed, ads, video, the snapchat copy, messaging... Turning Instagram into an extension of the Facebook network actually makes it a lot less useful. Once my parents are posting on there, I’m done.
When will companies figure out that a brand has value by itself and should not be auto-merged with the rest of the universe?
It just makes me want to avoid doing pretty much anything, for fear of the next purchase out of my control just mixing things together.
That's a very interesting quote from Facebook, and explains why the GDPR has a special section explaining that it also applies to foreign companies that process data of EU citizen.
In general, Facebook is trying to set a dangerous precedent here. A company operating in our countries, taking our data, owning property in our countries, having employees in our countries, owning critical infrastructure in our countries (WhatsApp has basically replaced SMS and other messaging infrastructure), yet refusing to acknowledge the laws of the countries they operate in.
If you want to simplify the system, lobby for multiple nations to adopt a good standard, or move on.
Don't want to comply? Don't accept users from that country. That's the reality of a multi-national...
Yes, if you want to provide services on the Internet and don't want to comply with the laws of some countries, then you have to make sure you don't provide services to those users.
You see it all the time in copyright related situations, where companies lack the rights to distribute something in certain countries -- so, Spotify doesn't work in every country, for example. Neither does Amazon Prime Video. Netflix has a different selection in each country it operates in, and is also not available in every country.
What's the difference?
Perhaps you meant to say that other countries shouldn't enforce their laws just because you communicate with their residents?
That's especially true here in Spain where SMS prices dropped long after 3G appeared. There's even road/trafic signs showing Whatsapp's dominance.
Is such a clause enforceable and/or valid? How could the EU punish a non-EU business for violating this? I guess they could block/get an injunction against them within the EU, but that seems like the sort of thing that would get challenged legally.
Any non-EU business worth enforcing such a law against will very likely do business inside the EU (e.g. selling ads to local companies). Any money transferred can then be froozen to enforce this law.
Facebook in particular does business as an Irish company for its EU users, so no problem at all here.
Respecting local regulations is not a mind blowing fact. A foreign company cannot sell heroin in the USA under the pretext it is legal in their country.
I know it's an extreme case, but yeah, of course countries expect people who do business in them to respect their laws.
Hang on. You're GIVING it the data. People want "free" services, so I'm genuinely curious what people actually expect is going to happen when they use WhatsApp. Is it just something provided benevolently? How does WhatsApp make money? Are people really so ignorant to think that they can get a free lunch?
There's an implied quid pro quo -- you use a free service in exchange for providing data used to sell you products from advertisers.
You want to protect your privacy? Stop using so-called "free" services where you are the product.
Why should this even need regulation? People are making a choice to use Facebook/WA when they could be using conventional SMS or iMessage. But they get mad about paying for SMS -- so they trade privacy for "free." That's on the user. Who's supposed to pay for WhatsApp to run? Other than the early days when people paid $1/€1, it's free to users. Who pays for it?
> having employees in our countries
So providing jobs is a bad thing? What's the unemployment rate in France? It's over 10%. It seems like FB/etc. are actually providing a benefit to the country. Those employees also pay taxes, and buy stuff, thus benefiting the economy. You should be glad they have employees in those countries. I'm sure the employees are glad to have a job!
> owning property in our countries
And paying property tax. And making improvements. And attracting further economic development.
> owning critical infrastructure in our countries
?? They don't own the phone companies -- it's people's choice to not use conventional SMS, but conventional SMS and phone lines still exist. WhatsApp is hardly 'critical'. Any nontrivial use of WhatsApp (i.e. by emergency services) is just stupid. That's on the population, not the fault of Facebook and friends.
And yet, this now happened.
The regulation applies if the data controller (an organization that collects data from EU residents) or processor (an organization that processes data on behalf of data controller e.g. cloud service providers) or the data subject (person) is based in the EU. Furthermore the regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
The US doesn't sue foreign pot shops because the sale happens abroad and they have decided to not bother with that but they absolutely could enacted such a law if they wanted. Who is there to stop them? The US actually does apply some of its laws abroad. Here is an example that is similar to yours https://www.insightcrime.org/news/analysis/as-us-prosecutes-...
Again, the problem is only enforceability. If they can't get hold of any money, a verdict is useless.
Some day you’ll wake up, and notice all your corporate bank accounts are empty and frozen.
* It was never about all cookies. It was about 3rd party cookies.
* An agreement was only necessary if you were transferring a user's private data to a 3rd party.
It was a huge privacy leak. The EU tried to shut it down, so the world's corporations decided to keep doing what they were doing without changing a thing, whilst mocking cookies, and by proxy, the user's whose data they were fleecing.
You might own the database, but you will never own the personal data that is stored in it. And in France (and in the near future the whole EU with GDPR) this personal data has a specific set of allowed uses (explicit or implicit when the user provided the data) attached to it, that you cannot change without asking the owner of the data (the user).
So you own the database, but you cannot use the personal data inside for purposes that were not allowed by the user when they provided it.
Edit: that's from a US perspective. Sounds like France (& the EU) put additional restrictions on how personal data may be used even after it's voluntarily provided.
That feels wrong. The personal data was provided under a contract. Now, you can pretend you're Vader and change your deal, but people can still attack you for changing the contract to terms they have not agreed on.
And so far in court, long lengthy legalese Terms & Conditions haven't always held up to scrutiny, and nor has any contract that states "we can change these terms at any time". 
Just buying the database doesn't let you do anything with it - you just bought the responsibility of fulfilling the contract.
 One example: https://law.justia.com/cases/federal/appellate-courts/ca2/11...
Especially not in the EU, many ToS that are completely legal in the US wouldn't see the light of the day in the EU due to consumer protection rights.
I don't think the change of ownership matters. If I say that I won't allow anyone else to query the database, that statement isn't about restricting others from wandering into my offices and pulling up a Python prompt. What I'm really saying is that I commit to not querying the data with the purpose of sending it to others. Maybe that means I commit to not building something to query it for them; maybe it means I commit to not running a mysqld that accepts connections from them; maybe it means I commit to not doing a database dump and sending it, but in all cases, I'm the one not doing a thing.
So, the fact that you "own" the data doesn't mean you have the right to use it how you want - because if you could in fact use it how you want, you could send it to anyone you want. And if you transfer it, e.g., by selling your company, you don't transfer rights that you never had.
Nobody's arguing with that. The problem is that there was no commitment to avoid querying the data with the purpose of sending it to yourself.
And when Facebook bought WhatsApp, they ceased to be "someone else".
And those include among others that data should be collected for specified purposes, and should only be used for the purposes the person consented to, unless you obtain additional consent.
If I consent to sharing my data for use on site A, and site B buys site A, the fact that they are now owned by the same company is not necessarily relevant unless the permissions collected very explicitly allowed the data collected by site A to be used for purposes related to site B too.
That the sites suddenly have the same corporate owner is no guarantee that the consent collected made it expressly clear to users of site A that they could expect that their data might be shared with site B in the future.
Some sites do collect very broad consent and make very clear to their users that data may be transferred elsewhere, but even if they do this, they also do need to ensure the data is still treated in accordance with EU Data Protection regulations.
It was voluntarily provided under the requirement that said data will not be shared with third parties for commercial purposes.
Once that restriction does not apply anymore, as the data ends up being shared with third parties for commercial purposes, neither does your right to use that "voluntarily provided data".
Imho private information should be handled like a license; Sure I can allow you to use it, but if you break against the rules we agreed on I reserve the right to revoke your license to use my personal information because at the end of the day it's still MY information.
It's not your data.
It's your users' data.
So no, you may own the database, but you do not own the data.
You don't own your users' data. Your users do. You may be allowed to use it in highly limited and regulated ways.
This means that for a colloquial understanding of "owning data", you don't own it (since you can't do what you want) but they do (since they can limit the uses to what they want).
The EULAs will just all be amended with terrible terms as take it or leave it for all services just like they are in the US.
The user has to explicitly give you consent to use the data for a purpose for you to be able to.
Basically, for every purpose you want to use the data for, you’ll need a separate button.
If the user chooses not to consent to data usage for some purposes, the rest of your service still has to work.
In the U.S. terms of service are usually the latter. You'll get a notification of revised terms, and you can refuse. But as a consequence every company I'm aware of will then terminate service. Examples include insurance, banks, and (perhaps infamously) iTunes which had more revisions than the average number of needles on a pine tree.
Yes you can send them a note saying you do not agree to their new terms, and they'll send you a note your account is closed.
(32) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
(42) Where processing is based on the data subject's consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation.
That's enough to deny the claims, which is what is happening here.
Which isn't a huge issue since most users will accept any data privacy declaration.
Consideration was always in interesting discussion by our company's general counsel when going through training.
On thing that stuck out to me was the company would always review entry criteria if it may any requirement beyond what would be commonly available to the lowest ranking member of society. This was typically considered to be a computer with internet access as it was likely to be available at a public library.
While mail has become a more accepted means of non-consideration entry, I believe there was a time where it was considered consideration. Counsel argued that mail-in entries required the submitter to own or purchase a stamp, a postcard, a writing device, and potentially an envelope for the postcard.
An "app only" contest was given extra scrutiny because it required the user to own some sort of smartphone or mobile digital device.
While, that was contests and promotions (in which case, they needed to avoid running an illegal lottery), I imagine a similar argument could be made for WhatsApp. WhatsApp is only available if you own a smartphone capable of downloading the app.
Of course, German contract law is very strange and alien to every other legal tradition (except Japan, I think, and that‘s only because they modeled their civil law on ours).
> A valid contract needs the following elements: People entering the contract must intend the contract to be binding. An offer is made by one person and is freely accepted by another. Some price (money, right or benefit) is paid in return for a promise. 
So the fact WhatsApp is providing a service, means some price has been "exchanged" (for lack of a more precise term). The price does not need to be financial, any benefit can be viewed that way.
So yes, it does appear that a legal contract was formed. Even in the US. 
(A financial benefit is not required, but it makes it more clear that the contract was valid. Hence the habit of ridiculous $1 contracts.)
 See under Consideration: https://www.entrepreneur.com/article/175238
Then Facebook gobbled them up, they removed the small subscription fee (not even giving an option to keep on paying it) and went: "All your data are blong to us".
Ironically thats what I loved about Whatsapp:
I paid them, they provided an awesome messaging client.
No spying. No ads.
I wish they would still offer this as an option, tho I'd probably be skeptical of Facebook actually holding up their end of the deal and not tracking people who pay for WhatsApp.
That was a few years before they were bought by FB.
Goldman Sachs used to be a partnership, not a corporation wih publicly traded shares. They most definitely took fewer risks when the partners were personally liable for wrong doing than once they became a corporation.
Not in France, personal data is collected with a specified purpose (and bullshit/overly broad "purpose" can get you sued), using said data for other purposes is illegal.
You (as a company) never own personal data per-se, you are lent that data by the subject, if you will.
As a side not, this gets into the whole "Right to be Forgotten" which the EFF is mostly against, since in the EU it can be used by many as a form of censorship.
I was watching anime in a old TV without any internet connection and at the same time browsing reddit on my laptop. Things like this make me feel no guilt for using ad-blocks.
I don't think that's something they can easily disable by region without breaking way too many things.
Some Googling led me to the trial of some German woman who was quite notorious among the anti-scammer community for running several spam rackets. People would spend a lot of time figuring out her connections between different font companies, data brokers, and whatnot.
Until one day Googling her name wouldn't give any results at all; Couldn't look up any addresses anymore, couldn't look up company registers with her name anymore, it all just came up blank with a notification on the bottom of the search results, informing me that Google removed some results due to the EU right to be forgotten.
It's very likely this woman is still running a very profitable spamming business with a side-business of selling data caches. Sure, one could argue that it's actually government agencies job to handle something like that, but these agencies also depend on search results, especially with something as obscure as the spam industry.
Politician does something corrupt. Then they order takedown notices across the web, because it is about them personally.
The Right to Forget allows them to obscure their dirty deeds.
sadly this is only in the french wikipedia
Not quite. They said it's "technically impossible" and the EU fined them for $122M after Facebook did "the impossible" and started sharing WhatsApp data with Facebook.
When The Coca Cola Company (the folks who own the secret sauce) bought Coca Cola North America (N. America's largest bottler) there was an entire floor that TCCC empoyees weren't allowed into. CCNA had bottling agreements with TCCC's competitors.
The restrictions were strict!
>The parent now owns everything anyway.
does not (perhaps surprising to some) allow you to break laws or agreements entered into with other parties without consequences.
Data may be used only for the purpose it was collected and transfer to other legal entities require consent. In May 2018, the data orotection regulation ebters into force and the mandatory rules will be even tougher.
Maybe one day one or more of those companies will even have to pay a bit of tax in the EU.