We believe these changes further our goal of creating a product that is used and loved by the world, and that the best way to do that is for a price everyone can afford -- free.
Edit: added a word
For example, lots of companies have been hacked(Target, Equifax), and AFAIK there hasn't been credit card fraud on massive scale that has been reported in the media. It kinda makes people think that media is over inflating the issue(which it lots of time does), and just not care. We have been hearing about how this data will be used to say deny loans etc. but nothing has happened.
I mean even Snowden spying scandal just revealed the extensive spying. What exactly are the agencies doing with the data and how that negatively impacts me is not really clear for a general person. And I am speaking as somewhat tech literate person. Why exactly would an average person care?
Giving up privacy has, I think, almost become 'normal'
The worst PR issue Facebook has in Zuckerburg.
Worst case scenario, he steps away and they hire a new likable CEO with a higher EQ. That's exactly what Uber did.
I don't get it - he knows what our private conversations look like. Why don't we know his?
He also spent 43 million dollars buying all his neighbor's houses, in order to tear them down, and tapes his webcam. For a guy who supposedly believes privacy is dead, he sure does value it.
However, pointing to this "offhand" bragging remark he made long ago is actually very useful, because it clearly shows that his attitude to privacy and lack of respect for his users is a persistent problem with his moral compass.
That tune of "your privacy is very important to us" they've been singing for over a decade as well, it wasn't very believable then, when they kept changing privacy options that you basically had check your profile settings every few days to see if there was a new opt-out option you had to disable. I had a FB profile for a few months back then, before it creeped me out too much and I deleted it.
Today we find that Mark has a special superpower feature that allows him to delete private messages from other people's mailboxes. They try to cover this up by saying it's an upcoming feature to be rolled out to the public. Just to make sure, are there any people here that actually believed that excuse?
Normally I'd be in complete agreement with your point. I don't think it's right to judge people for stuff they did when they were young and stupid and arrogant. I said some cringe worthy stuff when I was young and arrogant too (though my moral compass was quite solid, I just lacked the experience to apply it well).
Mark Zuckerberg probably grew and learned too. But it seems he mainly learned that he shouldn't brag about these things in offhand remarks. Not much else.
Pointing to this remark therefore actually serves a very important purpose: The attitude displayed by Zuckerberg's actions is still the same as 10 years ago, he just sharpened his skills on getting away with it (until now), and it's foolish to assume he'll be better, it's foolish to assume they're really sorry (except for being found out).
Going by http://techblog.bozho.net/gdpr-practical-guide-developers/ anyway
What's even the point of opting out after that? That's some evil genius machinations.
I work in the public sector in Denmark mind you, we have quarterly audits and despite having had a law that was pretty much GDPR levelalready, we’ve passed all audits. I don’t think we should have, I won’t go into details on this, but how do you audit 300+ systems, some of which the central IT department doesn’t even know exist because some rogue manager bought them? I have no idea, and I have even less of an idea on how you’d audit the cloud.
This can include you having to directly contact the company in a way that isn't clearly visible within the app itself.
The GDPR is quite clear on this.
A discussion of derivative data and models was sadly and sorely missing from Zuck's recent Congressional testimony.
> The Hamburg data protection authority on Tuesday ruled that Facebook’s facial recognition feature, which attempts to identify people in photos uploaded to the site, violates German privacy laws.
> Johannes Caspar, the head of the authority, said Facebook should not be collecting users’ biometric data – such as their face shape and the distance between their eyes – without getting their explicit consent. He has demanded that the social networking site change or disable the feature. All data collected so far should be deleted.
> Mr Caspar has given Facebook two weeks to respond. If the company is unable to make changes, Mr Caspar said the Hamburg authority would consider bringing legal action against it.
GDPR enforces fines of 4% of their global revenue so that's the only reason for them to respect it.
It seems they ask for permission, so the title that users are auto-enrolled may be misleading. But if they do auto-enroll: It is against the privacy laws already, no need to wait for GDPR.
About respecting local laws, I find this a difficult issue. What to do with draconian local laws that forbid ridiculing a president? But if it has to be a yes-no: I'd say, yes, obey local laws when you serve users there. Remove comments from Turkish IPs that slander their president, but keep comments from German IPs that ridicule Turkey's leader.
Is the EU going to hire the Big4 in the U.S. to do this? Who is going to pay for that?
Then again, it's American congress, and what's the stat, how many of those congresspeople has he "donated" to?
You’ll find that there were plenty of statements that were on the line, crossed it or omitted key detail.
Saying ‘I don’t know’ is also a lie if you do know, and there was a lot of that.
He wasn't under oath so the stakes for lying aren't too bad.
The more I hear about this, the more the "GDPR" seems like mere "PR."
If you use any sort of automated system to make decisions about a EU customer that impacts their life in a significant way (like whether to ban them or not) you will also need to have some sort of appeals system where they can appeal to have the decision looked at by a human and potentially have it reversed.
Huh, now _that's_ interesting. Do you have a source for that? I know some guys at work that'll be upset if I can prove that to them, given that their pet project is a MI personalisation system making heavy use of just watching everything everyone does in an identifiable manner.
(I'll be honest, part of the draw is being able to say 'I told you so'~)
This area is one that gets more legal-y than other parts of the GDPR, because in some cases you can use data without consent if it's legitimately required to provide the service the user asked for, and as far as I can tell there's not a lot of guidance on what counts as being a different business use. But yeah, personalization is usually not a strictly necessary feature of most platforms, so you're gonna need the user to opt-in to using their data that way.
This guidance is kinda spread out over the GPDR, but one area of relevance:
Pay attention specifically to (3), but also (1)(c) and (2). Part (3) quoted below:
Where the controller intends to further process the
personal data for a purpose other than that for which
the personal data were collected, the controller shall
provide the data subject prior to that further
processing with information on that other purpose and
with any relevant further information as referred to in
> When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
From https://gdpr-info.eu/art-7-gdpr/ paragraph 4
And the definition of consent is here:
> ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
From https://gdpr-info.eu/art-4-gdpr/ paragraph 11
'specific' and 'unambiguous' in combination seem to disallow the "bury it in the TOS" cop-out.
'informed' and 'specific' in combination seem to disallow the opt-out cop-out (since a opt-out permission is never specific, and basically never informed).
Article 7 paragraph 4 (the first quote) seems to disallow the usage of data unless it is necessary for the service.
Of course this is still all pretty untested in the courts, and IANAL but to me it seems pretty clear. If your primary service is not building a machine learning model based on your own users data you will need to get your users to opt-in for that specific use-case.
In short, aggregated data or statistical summaries is not constrained in the same way. I think you still need consent into to perform the aggregation/summarization, and said processing needs to ensure "statistical confidentiality," but such results are not PI.
(IANAL, and I'm still trying to understand this myself.)
(Also IANAL, and also trying to understand)
At my previous employer, we took a pretty comprehensive view and tried to play it safe, so at the very least any non-anonymous data in training sets would qualify. That does, however, already beg the question of why on Earth you'd need to train a model with non-anonymized data in the first place!
I think facebook, google and all the other big tech companies have already "war-gamed" this out and I think that they will comply without saying that there are special circumstances as much as possible, so that they can save that card for when they really want to use it.
Article title is now "Facebook starts its facial recognition push to Europeans".
From the correction:
"This article was updated with a series of corrections after Facebook confirmed the notifications are in fact the rollout of its new consent flow, not part of the earlier tests. It has also told us categorically that no users were auto-enrolled in facial recognition tech in Europe — even in the test. So we’ve updated this article accordingly."
TechCrunch has been one of the leaders of the anti-Facebook bandwagon recently, so it must be serving them well. I’d imagine they are getting lots of clicks to these articles, and, ironically, are making substantial amounts of money from showing lots of highly targeted ads on them. They are also undoubtedly using just as many if not more third party tracking tools than the sites they like to skewer for this practice. One would be wise to read their anti-Facebook articles with the understanding that they have an economic incentive to play to their audience by placing a negative spin on everything the company does.
This attitude is mirrored at Facebook, in Zuckerberg and throughout its culture: Abuse the user to (and past) the limits of the law. It is why nothing will change until the EU or the DoJ break Facebook up.
Many times. The FTC consent decree , the violations of Belgian law  and the violations of German law  come to mind. (In each case, a court ruled or supervised a settlement. In each case, Facebook continued breaking the law.) There are many more.
Facebook's culture is broken. The precedence for such lawless cultures is they get broken up or they go Enron.
With regard to the European countries, I guess I should have been more specific in my question in limiting it to the US. Finding of fault by European courts/governments against large US corporations is nothing new and doesn’t imply any illegal intent on the part of the accused. Cash-starved, often socialist governments found throughout Europe will always find ways to use their broadly written laws to obtain badly needed government revenue from US corporations. In fact GDPR is just a massive expansion of this strategy.
Facebook broke laws, was fined by courts and regulators in multiple countries, kept breaking laws, made a mess on both sides of the Atlantic, lied about what happened and then tried to throw it under the rug. Meanwhile, leaks from inside show zero repentance or even cognizance among employees of something having gone wrong.
The EU is addressing this failure with regulation; we'll solve it more decisively by breaking Facebook up.
Good luck with that. Facebook is not based in a socialist country. In Europe, by now they’d have undoubtedly been broken up or even taken over by the government, with revenues either flowing directly to the government or collected through high tax rates, fees, and fines.
That is not the case here, where Facebook is based. I barely use Facebook for personal purposes, but I respect their right to exist, innovate, and make a profit. I also have a sense of logical personal responsibility that seems to be missing the the anti-Facebook folks. When I share something publicly, I fully expect that it will be...shared publicly. When I agree to be bound by the terms of conditions of a website...I agree to be bound by their terms and conditions. Somehow that is lost on all the people whining about it. How can anybody do business with or even employ people that publicly state that they do not recognize contract law?
Large companies based in Europe that haven't been "broken up and taken over" by "the government":
Royal Dutch Shell (UK & Netherlands)
BNP Paribas (France)
Banco Santander (Spain)
Well, the EU is the second largest world economy, by GDP. Maybe some destitute developing world nation might need such a trick to bring in some cash. The EU? Not so much.
>> Do you think that is a coincidence?
What is certainly an amazing coincidence is that this kind of legislation was passed in the EU and not, say, the US, China, or Saudi Arabia, or some other nation with their impeccable human rights record. It's almost as if the EU is actually trying to protect the rights of its citizens.
The EU as a whole is the world’s second largest economy. However, the GDPR is up for unique enforcement strategies and legal interpretations in the courts of 28 different EU countries. Having users intentionally set up a company to be subject to fines under such a broadly written law is a trivial matter.
Picture this: A local government attorney simply looks for technical violations of GDPR according to their own country’s strict interpretation of it that even the corporation themselves couldn’t have envisioned. Then they simply have a government agent sign up for the site and take screenshots as proof of the “violation” that the specific country has invented. They put the matter in front of a patriotic local judge who is aware of how much his town could use a new park and is tired of reading about how rich US internet entrepreneurs are getting. Boom, instant millions - they might even name the town’s new park after the judge.
The poor EU countries will use this to suck up as much revenue as they can from what to them are faceless US corporations. The larger ones will use this to give local competitors a leg up by fining international competitors to death. It’s a smart strategy I suppose, but as with most heavy-handed government attempts to control and exploit the free market, it is quite likely to backfire.
I assume next we'll be talking about Strasbourg judges pocketing a cut of the fines imposed on Facebook etc?
That normally happens when a case has been appealed all the way to the highest national court. So for this little money-grabbing scheme we're discussing to work out, the higher courts of -some? all? many?- member states of the EU must all be in on it. This, in a region of the world with some of the lowest corrpution globally.
I don't want to say the words "conspiracy theory" but that's where this whole discussion has been heading to, from the get go.
If the local implementation is in line with the regulation (and as I said, GDPR is extremely broad and allows extremely strict implementations), the Strasbourg court will say that it's perfectly OK - there is no need for other countries to be in on it. They might feel like it's bad, but they can do nothing, their job is to judge whether it's against the regulation or not, nothing else. If they wish to change it, they have to go through the usual route of gaining support in EU commission and EU parliament - and that change will not be retroactive.
What you're saying would be needed if the strict implementation was against the regulation - then it would require a change of the regulation and yes, that needs cooperation of other countries; but the regulation already is broad, there is no need to change it if someone wanted to make this "conspiracy theory" a reality.
And lastly, we're speaking about money making schemes of the poorest or most indebted EU governments, you're talking about low corruption, but in these countries, it's the exact opposite - they have much higher corruption indexes than the average: https://en.wikipedia.org/wiki/Corruption_Perceptions_Index - see stats of e.g. Macedonia, Greece, Italy.
So we're talking about malicious action by higher court judges in Italy and Greece, specifically and only in those two countries? Or are there more countries that have high enough corruption that their higher order judges might think to make a bit on the side by applying the GDPR too broadly?
How many poor EU countries are we talking about here? And which ones exactly? Greece, Italy- who else?
This is not about judges applying GDPR. The lawmakers will apply it, and then the state could sue a corporation for breaking laws. Local highest court will then eventually look into the intent of the local implementation and see that yes, this was the intent - and the corporation will need to pay up, because the court can't change laws, they can only cancel them in a few special cases (specifically if a law is ruled unconstitutional by a majority of the country's constitutional judges). The corporation then has an opportunity to go to Strasbourg, but since GDPR is very broad, its chances would be very slim - and most probably none.
About Makedonia - you're right. Croatia is entering the EU though.
The GDPR is a directive- it doesn't need to be passed into national law.
Are you talking about national laws that implement regulations similar to, but distinct to the GDPR?
>> I'm not sure why you're talking about judges making money on the side when the original "conspiracy theory" was about governments making money, not about corrupt people making money for themselves.
For the government to make money, the judges will need to find against the various companies. But why will the judges sit idly by and watch the government making money out of a racket they themselves make possible, without asking for a cut?
Or, to be more precise- what is the incentive for the judges to do the government's favour and interpret the GDPR in the broad manner required for the conspiracy to work?
>> About Makedonia - you're right. Croatia is entering the EU though.
So it's three countries- Italy, Greece and Croatia? Is that right?
Not true, it's not optional.
> Are you talking about national laws that implement regulations similar to, but distinct to the GDPR?
The GDPR is a directive - it sets sort of a framework that the local implementation have to be based upon. It sets some boundaries, but in case of GDPR, the boundaries are very broad (compared to other directives).
> For the government to make money, the judges will need to find against the various companies. But why will the judges sit idly by and watch the government making money out of a racket they themselves make possible, without asking for a cut?
No. The public prosecutor will fight (and for these guys, it's about the ideology that the law must be followed, most of the time), the judge will just... judge. Their job is to judge whether someone follows the law, they would be doing their job. Are judges (or public prosecutors) asking for cuts from compensations to road crash victims?
> Or, to be more precise- what is the incentive for the judges to do the government's favour and interpret the GDPR in the broad manner required for the conspiracy to work?
None, because that's not their job and no one is asking them to do that. It's the lawmaker's job to implement the directive and the output of that job is a law - and judge's job is to judge whether a person (legal or not) follows the law - as in the local implementation, not the GDPR directive itself.
This works like this: Countries are required to implement EU directives into their local laws, but the directive itself is not a law - if the country doesn't implement a directive, even if someone violates it (inside the country, cross-border is another issue), the company will not be persecuted (but the government will be - by the EU).
> So it's three countries- Italy, Greece and Croatia? Is that right?
I don't know, it's not my "conspiracy theory". I'm just talking about the inner workings of the EU and have said that not every EU country is pristine clean. But I suppose you could add some of the Baltic states, Romania, Hungary and maybe Poland (if they continue their way down with PiS). We will have to see what happens in Slovakia, for a while it looked really bad but now it seems like they're back on track. In the Czech Republic, the German/Austrian corporate owners wouldn't allow it.
>> Not true, it's not optional.
Actually, I was wrong. The GDPR is not a directive, it's a regulation (the R in the name is for "Regulation"). As such it requires no national legislation to be passed and is immediately applicable in all member states:
A regulation is a legal act of the European Union that becomes immediately enforceable as law in all member states simultaneously. Regulations can be distinguished from directives which, at least in principle, need to be transposed into national law. Regulations can be adopted by means of a variety of legislative procedures depending on their subject matter.
So it seems like the conspiracy theory is dead in the water. The local governments can't legislate as they wish and the local judges can't interpret as they want. I hope we're all happy now that justice won't be perverted?
>> I don't know, it's not my "conspiracy theory". I'm just talking about the inner workings of the EU and have said that not every EU country is pristine clean. But I suppose you could add some of the Baltic states, Romania, Hungary and maybe Poland (if they continue their way down with PiS). We will have to see what happens in Slovakia, for a while it looked really bad but now it seems like they're back on track. In the Czech Republic, the German/Austrian corporate owners wouldn't allow it.
OK, it's not your conspiracy theory- but all this is wild speculation and it is your wild speculation. There is absolutely no reason why you would expect the countries you list to do the kind of things you say they would. And these are not the "inner workings of the EU". It's all just fantasies.
Which one is Germany? "Cash-starved" or "socialist"? And Belgium?
> Facebook has introduced this [facial recognition] function in Europe without informing users and acquiring the necessary consent. Unambiguous consent from those affected is required by the European as well as the German data protection law.
> For users whose biometric facial characteristics have already been incorporated into the database operated by Facebook, this consent needs to be acquired retrospectively.
> The preliminaries for legal action are now being prepared,
-- The Hamburg Commissioner for Data Protection and Freedom of Information, 2011.
As for the current bandwagon of hate, this is basic news cycle stuff, and it would be hard to single out anyone. In my opinion, Facebook deserves this extra negative scrutiny, and has to make up for this lost trust with better privacy controls and privacy-friendly PR pushes. This latest breach of the EU data protection laws is not helping users and public perception (but probably helps Facebook gather data while it can).
My profile photos have always been untagged group photos or me in a Halloween costume, etc.
Upload stock photos:
1. Go to https://www.shutterstock.com/search?searchterm=person+model&... Play with the search terms to get people sort of like you.
2. Download a few dozen images (or more). The site gives you the options of finding other photos of the same model. I figure it's probably good to have the poison data be somewhat self-consistent.
3. Upload them to Facebook and tag yourself and your friends in them. I kept them in a non-public album, so I wouldn't spam my feed with this stuff. I suppose I could make them public later, once they're a little old.
4. I've also done this on my girlfriend's account, as well as a couple close friends.
When I used to upload and tag real group photos, I'd swap the tagging (e.g. tag a friend as myself and myself as my friend).
I also try to keep the volume of poison photos far larger than real ones. I don't personally upload and tag any photos of myself anymore.
I've always kept the facial recognition stuff like this turned off, but I don't trust Facebook to not to reverse the setting just because it wants to. Eventually I want to delete my account, but I can't just yet due to event invites.
That way (even though she's still tied to me), their system can't determine which is hers vs mine - thus it probably has some really funky results. I no longer appear in auto-tags for reference.
Also, leaving Facebook doesn't do much to remove pictures of you. On my feed, most people are posting pictures of their family and friends (& pets & sometimes food) moreso than of themselves. To get your face off of facebook you need to get your friends & family off of facebook. (& your pets since evidently they can have accounts and post pictures).
Couldn't this potentially assist in their facial recognition software improving?
 One of many versions: https://gist.github.com/thomasbilk/1506210/2d20f47bbcca75b2f...
Also, editing a hosts file does nothing on FB's end (which is what this article/discussion covers).
Overall, I found the UI pretty good, the buttons for the alternatives (non-consent) were clearly labeled, and they explained well what they were going to do with the data.
Because for christs’ sake, Facebook is one of the most OPEN and transparent tech companies around when it comes to data privacy. Many companies out there are far shadier when it comes to this stuff.
Let’s face it, no one wants to pay for Facebook. Personal data for advertising is pretty much the only way Facebook can exist.
The issue here is not the business model of FB but the sneaky ways it tries to make it seem something completely else. While the audience here at HN and similar forums are more than aware of the business model, I'm pretty sure if I asked my mum about it, she'd draw a blank or would not be completely informed. It's to a population like this who are most likely to fall for dark UX patterns and other shady ways FB uses for getting an uninformed consent.
And that's not right. I think, the outrage is not about the business model as much as it is about (un)informed consent. Sometimes - like in this story - almost while cocking a snook in the face of regulatory authorities.
I don't know about that, but a few years back, when joining Facebook was all the rage, I, personally, was getting very annoyed at every other article in the press reporting what happened on Facebook and having everyone I met asking me, first for my facebook, then why I don't have one, then looking at me as if I was an alien when I explained I didn't want to hand over my personal data to some internet company.
From my point of view, this is not hysteria, it's a backlash brought on by the adoption of a fad by people who never considered the consequences of their actions and who only now start to wake up to them.
And I fervently hope that the current fad, of dissing facebook, will keep for at least as long as the fad of joining it has kept on.
taken another way, why would you pay for email when you have gmail? well there are plenty of people that do! i’m one of them, because it provides a far superior experience, and you know exactly where they get their funds from
"Facebook starts its facial recognition push to Europeans"
Did it change? Please change.
Irrespective of the legality, it's bizarre that they would roll out some creepy, facial recognition right now...especially in Europe.
4. When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."
A question to ask of Facebook is whether collection of such personal data as facial recognition is necessary to provide the service the user wants.
For example, if the user wants to keep in contact with a friend through Facebook, is facial recognition necessary for Facebook to provide that service?
If it is not necessary, and Facebook asks for consent anyway, then should the user be able withhold consent and still receive the service she wants.
If not, under Art 7(4) is there an argument that consent was not freely given.
Facebook could try to argue that facial recognition is "required" to provide the service, but what if the existing user only wants the service she enjoyed in the past (without ever having to consent to facial recognition).
In sum, is it possible for users to reject new "features" and still receive the service they want, if those "features" are not necessary in order to provide the service.
Are facial recognition "necessary" to provide the service to users that users want or is it necessary to provide service to advertisers that advertisers want.
Who wants facial recognition? Is it the users choice.
Do you want to turn on facial recognition?
[ ] Yes
[ ] No
As far as I can recall, I was presented with two options: enable facial recognition; and reviewing my other options (which I clicked), which were something like confirming my decision to decline, and downloading my data and closing my account. It was a fairly brief process, so my memory isn't precise. I do recall that I wasn't automatically enrolled into facial recognition, though - I had to make a conscious choice either way, and although it was obvious that Facebook were encouraging me to opt in, it didn't feel like I was being tricked or coerced (perhaps save for the example of safeguarding my identity).
The process I went through in my desktop browser was not the same as the one I've seen for screenshots of the mobile process.
Facebook is such a bad actor, I hope that politicians figure out that they could make a name for themselves kicking them in the teeth. Hopefully GDPR can come in and hurt them too. I realize that the default attitude of many in tech is that most people don’t know or care about this, but I think they’re wrong. People do care, but it takes time and repetition to make the point stick. Helpfully Facebook only has two speeds: scumbag, and turbo-scumbag.
All around the world, we need to start electing politicians who understand technology, know what dark patterns are, and can intelligently fight for us.
I agree, and I think the actual problem is that a majority of people don't know why they should care, or even know that they should in the first place. "I have nothing to hide" is something I hear far too common, after all.
The people who actually do have nothing to hide (by which we mean, "the dirt on the individual is so pedestrian that even if it takes zero effort to find it, nobody wants it") stand to benefit from the features and interactions these tools enable. Those who do have something to hide become second-class citizens, forced to do things the slow, manual way that other people can automate away by trading out their privacy.
We head into a techno-underclass dystopia if we let individuals decide to adopt privacy-compromising technologies, because those with worthless privacy can gain the benefits and will not refrain from doing so to the relative detriment of those who cannot.
Personal opinion: "It's not my problem you can't participate fully in our society because X" is a very American opinion, which is why I think there is such culture clash between Silicon Valley corps and the EU.
That phrase always bugs me. Especially with its origin and connection to oppressive government regimes. How did a phrase used to illustrate tyranny and used by Nazis become a catchphrase for the public?
It stated that there are some updates i'll need to review:
One of them, the facial recognition feature.
Here's what we'll ask you to review:
An option for turning on face recognition
Full modal can be seen here: https://img1.picload.org/image/dogcpgci/selection_122.jpg
Clicking Get Started I received some information on GDPR and their data usage:
Clicking "Manage Data Settings" I was given some examples on data usage:
Clicking "Continue" I received this modal, with 3 datapoints that are used.
Obviously, Facebook processes more data than these three. It has never really been a dating app and that is definitely not one of their main focuses.
Anyway, I went on to remove my "Interested in" datapoint. Prompting an "are you sure" modal:
After clicking remove this single datapoint was removed:
I expected this flow to continue, but looks like that was it. I decided to stop here and not "Accept with changes". There was NO chance to opt-out of the facial recognition program:
They're obviously trying to go with "these three groups of data are protected and need opt-in". The rest, yeah - we need that to provide the service.
I also have another tab open, that works, so I'm not really blocked from using the site. At-least for now.
Edit: opening Facebook in new tabs, no longer starts this modal, even though I haven't accepted the new changes.
Edit 2: Went looking, and googling, trying to opt-out of the facial recognition program.
Here are the options I have under Privacy:
Here are the options I have under "Your Facebook information":
Clicking "view" under Managing your information I get this very (un)helpful help page:
Choosing Facebook I get these options:
Choosing "Change my face recognition settings", the send button is still disabled, but I get this very helpful link to "also edit your face recognition settings", the link points to "https://www.facebook.com/settings?tab=facerec", but actually takes me back to my "General Account Settings":
As far as I can understand, there is no way to change face recognition settings in the flow I received from the A/B testing gods. Might have something to do with me not agreeing to the changes in the first modal.
This did not feel like they were trying to trick me into anything.
E.g., I live in the EU and send over a delete request. How do I ensure my account's data was actually deleted? Am I supposed to just trust Facebook?
Today I saw a fellow DuckDuckGoer in the wild. That's effectively someone who, like me, cancelled their Search account.
To be clear, I agree with the sentiment that search and "social networks" are fundamentally different. I just don't agree that search is immune from blowback from hightened privacy awareness.
A common tactic used by large businesses is to stay silent and ignore public outrage, because the public usually doesn't have the time, money, or energy to maintain the pressure of the public voice against a single target. By ignoring the outrage most of the time the public moves on to the next scandal and the original abusive behavior can continue unchallenged as the "new normal".
If you're seeing a pattern of outrage, that's a sign that people are very angry and might - if luck is on their side - actually force one change in the public interest.
For a longer explanation of this topic, I recommend Jim Sterling: https://www.youtube.com/watch?v=a6lvDL4cNdM (strong language)
In my opinion I don’t need to use facebook and give them my data voluntarily but I kinda need to use the train and nobody is asking me for right to do face recognition.
But we Germans seem to be irrationally against data collection by companies compared to government data collection. Google street view was another case that made this apparent.
And to me that is really surprising, GDPR allow government almost free hands when it comes to data collection, which for me is the scary part.
i might be going around this the long way but english is not my strong side.
In theory, governments can define and implement draconian checks on how collected data is processed by itself. People seem to trust that theoretical ability more than companies claiming to implement rigorous standards, but can do so without direct outside oversight or control. This is independent of whether it is actually true.
if my picture ends up on random site and gets picked up by robot that does face recognition what can i do about it?
Also precedence is really only a thing in common law countries (mostly the english speaking world) and not most countries in the world.