Zero surprise. Gonna be a bonanza for lawyers. We got patent trolls now we'll have GDRP trolls. I like parts of this law like being able to see all the data they have on me and actually delete it but imo you consent when you sign up for the service. Don't like what they are doing; Don't sign up. If this guy wins it legalizes freeloading which is theft by government. Infrastructure cost money and I get it FB has the scale to absorb some of the costs but a lot of companies likely won't when now they have to defend themselves from lawsuits as well as added compliance costs.
Nobody reads T&Cs. Company directors know that. Lawyers know that. They are rarely written in plain language and they obfuscate what the deal really consists of. Facebook/Google could easily write on their landing pages "We provide this service in exchange for use of your personal information". People who agree to that would be giving real, informed consent. Any of us that talk to non-geek, non-SV human beings know that most people don't understand the deal they're making when they sign up to these services, instead seeing Google/FB as some kind of supercool charities that make stuff for free just to be nice. Thankfully that's starting to change.
Pretending that clicking 'accept' under a page of legalese constitutes consent in any meaningful way is disingenuous and as a society we need to grow past it.
They write it in a certain manner because the choice of words and grammar matters [1]. Sure no one (barely anyone) reads them but they could. That isn't a failing of the company. They provide it. It's a contract. You can read it and chose not to use it. My main point really is forced consent can only be forced through violence which the state is the only one who has the legal right to it's use. Zuck (as funny as an image of it may be) isn't putting a gun to anyone's head and telling them to use to service. To me this seems to enshrine FB and other services as a legal right vs. an economic transaction. Using a service constitutes an economic transaction which the business has the right to outright charge for (subscription/transaction fee) or in contemporary society trade data for ad purposes.
The issue isn't (only) that ToCs are written in legalese (they are a contract, after all). The bigger issue is that users don't know what Facebook collects about them or how that can be used against them. And it's clear that Facebook gathers a significant amount of information on you even if you never "sign up" for an account.
In the ToCs, it is written in vagaries like "the information you submit to us", but in practical terms, Facebook has been caught doing things that users (even very technical users) didn't expect. When you type in the "comment" form but delete the comment, Facebook has actively analyzed what text was deleted. The first Facebook iOS app transferred the entire contents of my contacts list (it's possible that this was messaged previously, but I wasn't aware of this permission). It's pretty clear that LinkedIn pilfered my GMail contacts without my permission or even my knowledge.
It's not reasonable to assume that users know what Facebook 2018 might do with their data when they sign up in 2008. This counts 2x when it comes to M&A -- if a company is purchased, the new company can completely rewrite the ToCs and I, as a consumer, have no ability to withdraw my previously submitted data to them (without components of the GDPR).
GDPR's "Right to be Forgotten" is interesting to me because it's a foreign concept in US law. As an engineer, I find it difficult to deal with corner cases. As a consumer, I feel like the foundations of what we call "privacy" are only eroding without the GDPR. Congress is willing to defend the privacy of children under 13 (COPPA), medical patient records (HIPPA), some financial account records, but little else.
> Zuck isn't putting a gun to anyone's head and telling them to use to service.
This isn't about coercion (or the lack of it). It's about transparency of operations and information asymmetry.
And I don't mean to hate on Facebook. They have been the target of more reports, but there are precious few companies in the same industry which don't have many similar offenses.
But the lawsuit in question seems to be that the guy doesn't like facebook using his data for any type of analysis which is different than disclosing what they are doing with it. I am all for more details of what they do with it but again from what I read the guy wants to use FB and other services without allowing them to use his data for anything.
As far as what FB is going to do to use it against me I am not sure what exactly they can do that will actually be a detriment to my life. Can they throw me in jail for a mean comment? No. As long as there is proper due process for government's access to my data (which GDRP to my knowledge doesn't address and is a whole 'nother legal issue imo) I'm not terribly concerned.
I know case law disagrees with me on shrink wrap licenses, but I'm going to state my argument that T&C aren't really a contract. If the language is inaccessible to one party who also doesn't have representation, and they plainly aren't reading it, and they're clicking "I agree" mindlessly rather than signing, then I don't see how you can claim there's any sort of meeting of the minds.
When prenuptial agreements are signed for example, if one party has an attorney, the other party should have an attorney if they expect the agreement to hold up later.
I believe the case law around shrink wrap licenses is nothing more than a pragmatic recognition of a business "need" (desire) to have complex legal terms to defend themselves against claims. I believe it falls short of what we should recognize as a valid contractual agreement as a society.
> I also don't think "the right to pay me money and use my service" is really valid consideration.
I mean the service is incurring a cost to develop and maintain so if you want to use it the service/good should have the right to charge. Whether they exercise that right is a different question. They can choose not to charge or sell for a loss (i.e. free chips and salsa at tex-mex, fremium SASS). Also this is kinda how consensual economic transactions work.
As far as the "not a contract" part goes, no one is stopping you from hiring a lawyer to explain the T&S before signing up. Also signing up to me is a pretty explicit action that isn't carried out under the threat of violence. FB & other similar services aren't a right so government can't protect the user from facing undue costs of usage.
Idk this screams of people wanting government to change private enterprises business models instead of letting competition do it; A concept I am not a huge fan of. Also again to me seems to legalize free-riders which is just theft by government.
I think perhaps I didn't explain my perspective very well. I'm not saying I don't think you should have to pay for products, just that when it comes to the idea that every party to a contract should receive "consideration" (that everyone gets something from the deal) I don't think the "right" to pay someone to use their service should be considered consideration. I may be completely off base on my opinion on that, but to me it feels like this isn't a contract because one party is dictating terms to another party and the only consideration the one party is being given is the "right" to purchase a service.
The fact that no one is stopping you from hiring a lawyer to explain the T&C doesn't somehow help the inferred assertion that we should consider this a valid and enforceable contract. Personal responsibility is valid and important, but I would assert that government recognition and enforcement of contracts is in fact a threat of violence in the indirect governmental sense. If I don't honor the contract you can secure a judgement against me in civil court and if I don't pay the judgement you can have the county sheriff come seize my property on your behalf. If I tried to stop the county sheriff from seizing my property, I would be on the losing end of violence.
Signing up for something doesn't imply that you understand what you're agreeing to. Contract law has historically idealized that all parties are of sound mind, that they are capable of understanding or receive the necessary help to reach that understanding, that they can read the language the contract is written in, or have a translation that's factually accurate, etc.
This isn't about competition or the free market, and fighting for libertarian principles. This is about business owners using the same governmental threat of violence that they reject with regards to regulations, to enforce one sided terms of a "contract" without any sort of meeting of the minds, consideration, or other traditional factors that go into agreements that governments are willing to enforce.
We seem to have a sliding standard of different types of contracts that have different requirements in order to be enforceable. A prenuptial agreement in many places requires that both sides have an attorney representing them, or that they at least have equal representation and equal footing. If I made a prenup in the form of a 100 page document that had no consideration for my fiancé, and had her sign it by clicking on "I agree" on a website she visited, that would be thrown out in seconds in a divorce proceeding and standard community property laws would apply.
If having a meeting of the minds, consideration for all parties, and understanding of the terms are important concepts for some kinds of contract law, why do we let business make up "business models" where they dictate all the terms, they claim you "signed" a contract through implicit actions like entering the premises or clicking "I agree", and where businesses can unilaterally update those terms at will with nothing more than notification of the other party. I mean there's really not even an effort to pretend there's an equitable relationship between the two parties of the contract.
The same logic can also be applied to virtually any contract you sign that contains pages and pages of legal text. Should the same rights be applied to legally binding contracts that require only a signature? Shouldn't there be a required intermediary that explains the full details of what your signing in a language you can comprehend?
There are a lot of considerations around making sure that all parties have adequate representation and they're able to read the terms of the agreement or have it explained in their native language. So yes, I think all binding legal contracts should require either common person accessible language or require access to counsel to advise the person on what they're agreeing to. This would motivate companies to make terms that not only protect them but are also reasonably accessible to the people signing them. Right now they're only optimizing for their own protection.
>The same logic can also be applied to virtually any contract you sign that contains pages and pages of legal text
That's the problem, they took physical, real world products like Mortgage documents that were easy to understand, kept on paper and but had stipulations and they applied it to things like storing your information in some unknown company in some unknown country and relinquishing liability in the event your personal details ended up on the DarkWeb.
Do EU lawsuits require the plaintiff to pay the legal costs of the defendant if they lose? If so, I doubt we'll be seeing GDRP trolls unless those GDRP trolls are well financed and prepared to pay all of the legal costs.
Yeah I'm not sure but given the article I doubt this guy could pay the FB legal fees in the event he loses and because of that I'm guessing it is not the case.
Cue the apologists claiming this isn't going to be a money grab very largely targeting American tech companies, and that GDPR regulators are going to be very gentle, rational, and friendly in shepherding companies towards privacy compliance.
I agree with the GDPR in principle, but the manner in which the enforcement was setup, and the way it didn't phase in the aspects over time, and the way the fines are subjective from painful to destructive without any clear guidance as to how they will be levied, and considering the regulations were written in such a way that people seem to have a very poor understanding of what the actual rules are unless they have legal teams giving them the answers leaves me with doubts that this isn't yet another European regulatory money grab at the same time that it's a much needed advancement on privacy reform.
What's even better is all the non-lawyers posting blog posts saying STOP FREAKING OUT!!! Stop interpreting the rules wrong!!!
When you create a system that could amount to a severe financial risk, in the way this was done, I can't exactly rest easy given the advice of Jon Q. Blogspam Esq attorney from Wordpress School of Law.
If GDPR were clearly and rationally written, if it had a explicit grace period and progressive fines rather than instant potential massive liability, if regulators had front loaded more of the official clarifications prior to it taking effect so that everyone wouldn't have to pay law firms to ask the same questions, etc then we wouldn't all be flooded with stupid emails and misfires by every company we do business with. And saying that anyone who is afraid of GDPR is doing something bad with user data is just unfounded slander.
I am extremely pro-privacy and what they're trying to do for privacy here is great. The execution could have been much better. And I highly doubt the apologists will be around to explain why they were wrong when people operating in good faith, trying their best to be compliant are fined for non-compliance in an audit.
Facebook and Google flagarantly skirted the laws. Facebook ignored the whole bit about how you can't make consent contingent on providing service. A dialog forcing people to click "I Agree" like it was any old EULA flys in the face of both the letter and the spirit of the law.
Unsurprising. As an American small business owner, the American market is plenty big for me. I would not take a European client because it’s not worth the risk.
In the heated GDPR debates in Hacker News over the past few weeks, it was argued again and again that no lawsuits would happen because that's the US way, In Europe it's different, and the law is phrased in such way as that people can only complain to the regulator, who will serve as a free sanity filter. Only if the regulator decides there's a violation, then lawsuits can occur.
