Hacker News new | past | comments | ask | show | jobs | submit login
Facebook: We don’t need your consent (noyb.eu)
231 points by Findus23 8 months ago | hide | past | favorite | 132 comments

Time and time we are proven again and again that Facebook has become the emblem of how far technology can go to support pure malicious intention with widespread support.

Indeed. Facebook is one of the scummiest tech companies in existence.

facebook is not a tech company. What new tech did it invent? It is exploiting human psychology for advertising purposes using previously existing tech

React, yarn, cassandra.

Looking at the first page of your comment history, it seems a good third of your comments get downvoted. It may be wise to reread the HN guidelines:


PyTorch. It's better than Tensorflow

This thread was removed from the front page of HN real fast, as in—one second it's at the top of the site, the next minute it's gone. Despite being very, very relevant news and lots of discussion going on.

It's disappointing, although not surprising, to know where HN's allegiences lie in this particular fight.

As far as I know HN downranks threads with a high comment to upvote ratio, and this one probably fell under the threshold

It's still on page 2 so it's not like it vanished. Who knows how the scoring algo works.

It's on page 2 but in grey font. What does that mean? 164 points after 2 hours.

Many downvotes by GDPR haters???

Edit: s/at the moment/after 2 hours/

I think the grey text is something else -- like if it was already visited before or you upvoted it or something. I checked on two different browsers and it was gray on one but not on the other, so who knows.

You are correct. It's the rendering applied by my Firefox, because I had visited the page before. (Outside of hn, someone sent me the link earlier)

Tech companies in general have beaten low standards and mediocrity into people's heads. Not only are they okay with using these products, they now try to recreate the same low bar set by the greater industry.

Facebook should be destroyed.

Congrats on finding a way to circumvent the letter of the law.

Think they're about to have an harsh encounter with spirit of the law & European thinking about privacy & consent though.

Yup, agreed.

IANAL, but my impression of the US legal system vs various (continental) Europe legal systems is the former is completely engrossed with the letter of the law while the latter is much more focused on the spirit of the law.

If FB gets shafted in the processs of discovering this fact of life, all the better.

At the very least, from a "I expect the worst from my government" skeptic POV, one could see this as a good shakedown opportunity from Facebook for massive fines.

The only reason that doesn't happen is either fear of FB or corruption.

facebook is probably laughing harder at this. A few billion in fines, combined with low irish taxation is still not big enough to justify pulling out of the EU market. The EU decided a bit too late to build a chinese-style 'firewall' around european tech and it's not really working. Instead they are playing cat and mouse with big corp, which really shows that these laws were mainly meant to have an apotropaeic effect

>The EU decided a bit too late to

Probably. They're the only big guys making a credible effort though. Russia/China won't be doing anything. US & associated lobbying basically IS big tech now.

...leaving just the EU.

china already has her own internet ecosystem. Russia has VK,yandex,mail.ru etc. EU has nothing




Ah yes, requiring user consent is exactly the same thing as censoring information not beneficial to the government.

i don't really mean a censorship firewall, rather an attempt to shoo US companies from the EU market the same way that China is protecting its own companies.

So EU companies are allowed to ignore GDPR, as it's just used to shoo away US companies?

no they re not, which is why this kind of "firewalling" is stupid

What kind of a fucking firewall is it now? It's not for censorship, it's not for preferential treatment. You keep calling a firewall but can't say what it actually does.

Hasn’t there already been rulings against those kind of clauses being shoehorned in terms and conditions?

I can’t make you sell your soul for subscribing to a service.

I don't think that's enforceable. You'd need some kind of soul extracting machine, or a soul-over-IP transfer mechanism. Maybe a soul mail-in option. You'd also need to implement some kind of soul storage warehouse. What would you do with all those souls anyway?

The technical feasibility of soul extraction and storage isn't really the problem. It's the act of selling it that's the problem. I mean, we don't 'extract' and 'store' land/real estate, but we do buy and sell it. You can have a claim to land and not need to move it to your warehouse.

Just a title/deed system for souls would suffice. Since there's not a legal framework around the ownership of souls, I'm sure we could encourage its creation by starting a marketplace. Ultimately, however, I suspect 'soul' will finally be defined as "existing, being, with current human perceptions of free will" or somesuch and we will no longer have the ability to sell our souls for the licensing benefits of a product or service.

What rights does owning someone's soul give me over that person? If I sold my soul to the devil, he would have me for an eternity in Hell after I die. However the devil is an eternal being, and human law only applies to mortals. I have to assume that ownership of a soul is revoked after the death of that soul, since human authority is transcended by a higher body of power. If I sold my soul to Mark Zuckerberg, what would he do with that power over my mortal life?

The answers to these questions will be codified into the new law, because they cannot be determined scientifically (yet.)

Due to it's non physical nature I don't think we could ever define "soul" scientifically, except perhaps as "the aspect of the human being which is not physical". Is it possible to own something non-physical? There is precedent, such as patenting an algorithm, or owning shares in a software company.

OK what if line 950, subsection B of the TOS agreement, gave Facebook the option to harvest one of your kidneys? Would that be enforceable? The point of the regulation is to make clear consent for personal information to be used. Saying the person clearly agreed to their "personalized advertising contract" by accepting the TOS, which allows them to use all of your personal info is debatable.

Sell them to shady executives.

Under article 7 GDPR [1], consent has to be given freely. Unless Facebook offered an option to opt-out of this contract, use of the Facebook service was tied to the agreement, which means it probably won't hold up.

It's great that this is happening in front of an Austrian court, because the Austrian Data Protection Agency already has ruled on consent issues, and in those rulings was (IMO) extremely strict on when consent was given freely. In one ToS challenge, the mere potential for confusion was enough to render it invalid.

Edit: Here's one such ruling [2]. Co-mingling checkboxes for processing of data for marketing purposes with actual contractual clauses was ruled as a violation of the GDPR, even though by default, the checkboxes were unchecked. The Agency ruled that the confusing nature of the form could lead subjects to believe that they had to check a checkbox to receive the service.

Also, another relevant local case would be with a popular national newspaper, DerStandard.at. That newspaper offers access in two ways: either (a) you pay for a subscription and receive the service ad-free, or (b) you access the service for free, but consent to receiving ads. This was deemed in compliance with the GDPR, but it was stated that only offering (b) -- ie, exactly what Facebook does -- would not hold up.

[1] https://gdpr-info.eu/art-7-gdpr/

[2] https://www.ris.bka.gv.at/Dokumente/Dsk/DSBT_20180731_DSB_D2...

The trick is that the legal ground is not based on consent but on performance of a contract, in which case consent, freely given or not, is not required at all.

I understand the trick, I just don't believe that it can play out.

A contract also needs consent. This contract is clearly entered only because Facebook is making it a condition of using the service, and this type of coupling is prohibited.

> This contract is clearly entered only because Facebook is making it a condition of using the service

The contract is entered when a user registers at Facebook. However Facebook seems disagree about what the contract involves. Any sane person (well, 96% of them, as the article claims) would say that the contract is for delivery of means to communicate with other people; Facebook seems to argue that the contract is for delivery of personalized ads.

while they may have a point their arguments are not well articulated

> Europe’s strict privacy laws

actually it's EU's privacy regulation

> Facebook openly admitted that it has been collecting and processing data without users’ consent

They said that they ve been collecting WITH consent, at least with their definition of consent

> To prove that no one ordered advertising from Facebook, we conducted a neutral study by the Austrian Gallup Institute. The result is devastating for Facebook: Only 4% of users want advertising,

... And i bet only 4% want to pay taxes too. polls are not legal documents. Also, "wanted advertising" is very different from "accepted advertising as part of the terms"

> Facebook does not give users a full copy of all their data

I believe facebook does give all their personal data,but maybe they are looking for derived data that facebook has stored for them? that's not personal data and it can be particularly tricky if it has been combined with other people's data , for example to train a neural net

In any case, i don't think facebook cares too much anymore and will just pay another yearly fine for operating in the EU. Even if FB asks for consent in every second page, people will click yes.

Your are funny, you say their arguments are not well articulated, yet you do seem not to be up to point.

You argue they are regulations? European Regulations are law. European Directives and Regulation are the two main legislative

They argue users are using facebook because they want advertising, their primary usage is advertising and for that advertisement they consent to share their data. That's so ridiculous it is funny.

And no, FB does not give all the data, the definition of what data is in the regulation.

Both FB and their Privacy Director are not looking good.

don't be insulting

> European Regulations are law.

Regulations have to be implemented and integrated into each country's laws. Countries may not have yet implemented GDPR

> their primary usage is advertising

I don't see where FB claimed that advertising is primary usage and others are secondary. i can infer from the text that they parceled as part of the "service promise"

> FB does not give all the data, the definition of what data

Facebook says they are GDPR compliant and i doubt they 'd say that without the consultation of at least one EU data authority (perhaps the irish?). https://www.facebook.com/business/gdpr

>Regulations have to be implemented and integrated into each country's laws. Countries may not have yet implemented GDPR

This is 100% wrong.


Right, that's correct, even though supplemental legislation is passed in each country following the regulation, including GDPR. IIRC there are 2 EU members that haven't done it yet.

Facebook pretends to be GDPR compliant because they have to. Obviously, they're not. Try downloading your data. Try deleting your account. It's all really iffy.

Of course they'll say they're compliant. They have to to be able to operate. But they are not. They are operating illegally within the EU and they should be shut down.

You are wrong again, Directives are ratified, Regulations apply verbatim. That said, the GDPR left some detail to each member state.

I am sorry buboard, I don't know whether you are affilated with FB, but that's not just how it works. They indeed, just claim it. That's why you pay for General Counsel.

> actually it's EU's privacy regulation

The GDPR (which is not the only EU privacy law) is fairly described as a “law”, “regulation” is just the formal EU law term for a directly-applicable primary legislative act, which is a kind of law. If you're complaining about the “EU” part, well, the GDPR applies in some non-EU countries too (e.g. in the EEA).

> They said that they ve been collecting WITH consent, at least with their definition of consent

Some data is collected with ostensible consent, some without, and there's still processing to deal with.

> And i bet only 4% want to pay taxes too. polls are not legal documents. Also, "wanted advertising" is very different from "accepted advertising as part of the terms"

Sure, but the GDPR also means you can't forcibly bundle consents together. You need to separately consent to invasive use of data for advertising versus provision of the basic service.

> I believe facebook does give all their personal data

Did this recently change? I seem to recall that Facebook are known for not providing e.g. the data they've got from you browsing other sites with FB cookies unless you went via some difficult legal route.

> with ostensible consent, some without

details, but they are not claiming that data collection is without consent. they claim that they need a separate consent to use that data to show personalized ads

> you can't forcibly bundle consents together

Yeah that is true. still, making an online poll about what people want in general is a ridiculous way to nullify an agreed contract

> you browsing other sites with FB cookies

that would depend on whether these are personally identifying or personal data in general

Also important to mention... serving ads without consent is not ilegal under GDPR, what is illegal is user profiling with the purpose of serving ads.

In practice for Facebook the attraction for their ads platform is precisely that you can target fine grained demographics. So I'm not sure if Facebook can do anything here without a drop in revenue.

if the court gives them another fine (probably yes), FB will probably become a paid service in europe, but then will pay you back with its "ad viewing" program so it can be free again. This would also be compatible with california's new regulations i think

Won't the regulators eventually patch the law so they can't use that exploit?

> So I'm not sure if Facebook can do anything here without a drop in revenue.

Probably not, but that's kind of the point: Some things may make you money, but we do not allow you to do them. Find another way to make money.

GDPR is not different from other laws forbidding lucrative, but scummy, things.

As an EU citizen I believe it's time we shut Facebook off. They've shown no willingness to abide by our law, so I don't see why a criminal company should be allowed to continue to operate here.

I certainly won’t miss them. My biggest concern isn’t even the data privacy issue, but the way they have effectively killed most discussion forums which were actually designed to make communicating clear and effective, as opposed to the unsearchable stream hell of facebook groups.

we could switch to VK. try it, it's fast, and has a ton of pirated movies.

Yeah, and a comrade major from the FSB has easy and unlimited access to all your conversations and data

A vast majority of political prosecutions for online extremism in Russia were carried out using info that VK subserviently provided to police and special services.

yeah i was being ironic.

As for access, i assume there are server farms on quite a few countries looking for all kinds of patterns in chats. Until E2E encryption becomes extensively spread, it 's a joke to pretend there 's some kind of user privacy

If you run your own XMPP server (can be done dirt cheap now), you don't really need e2ee and all the problems that come bundled with it.

> In any case, i don't think facebook cares too much anymore and will just pay another yearly fine for operating in the EU.

Time to push the amounts up. 2% of worldwide annual revenue per infraction (e.g. per user) should start to add up after a while.

at worst, facebook will pull out of EU and close its irish HQ (but probably still be tracking users). Who won?

> Who won?

Whichever European social network replaces them.

Facebook is a freak social network considering how long it has survived. People used to migrate every one to two years.

> Whichever European social network replaces them.

GDPR makes it very difficult to touch user's private data for commercial purposes. that's the whole business of a SN so this is kind of precluded

Facebook has huge overheads because most of their engineering time is spent on all the creepy privacy violating things they develop and the infrastructure to run them.

If we start from scratch without all that it would be possible to make a profitable social network for a couple of bucks per month per user (or a tiered system, so heavy users or “influencers” would pay more while the base tier remains free).

The current social network business model was an innovation. Development of a new business model can and will happen again.

The European people, actually.

Could you elaborate?

I'm not the parent, but from my pov FB is a net negative for society, so if they are unwilling to play by our laws, then I'd rather see them get the fuck out.

They won't of course, because it leaves the market open for grabs.

If they leave the EU though they don't need to follow European laws or pay European taxes, but that doesn't prevent European users from continuing to use the actual website.

No, that's not true.

Due to trade agreements US companies have to follow EU law, for EU citizens, even of those companies don't have a presence in the EU.

In other words Facebook would have to block EU users.

i m a EU people. how would i win?

I’d win by another service for events popping up because facebook is gone. It’s nowadays the only thing I still need fb for.

There was a study recently showing that people that do not have Facebook account are happier :) Not to mention their personal data are not being abused.

i don't use facebook and i do agree its bad for egopaths. But i have some friends who use it to communicate with their family back in their countries and it's a valuable service for that reason.

Pretty easy to replace with a different service for that use case

If that happens, Europeans win.

Can you elaborate?

I don't think anyone of us has seen consent request by facebook or google in this form (freely given != 'give consent or you can't use or services, specific/informed/unambiguous != barried in miles of legal giberish,...):

Recital 32 EU GDPR (32) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data.

Silence, pre-ticked boxes or inactivity should not therefore constitute consent.

Consent should cover all processing activities carried out for the same purpose or purposes.

When the processing has multiple purposes, consent should be given for all of them.

If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

But this is really strange, news like this with 186 pts atm is on 3rd page. Before it are news with 2pts. This doesnt make any sense. Is it a coverup by HN administration?

I would not shout coverup.

But that's the problem of closed source rating algorithms https://news.ycombinator.com/item?id=21544537

(not suggesting that HN would use contractors and blacklists, but generally the discussion about the black magic happening)

All it takes is a few people to flag the article.

As an user I feel that GDPR changed nothing. Google, Facebook and whatever else tracks you to the bones did not change one bit (for me).

As a sys-admin, GDPR invented all sorts of jobs. Jobs well intended. But these jobs are filled by people that are neither lawyers nor IT people. Whenever I interact with them I feel like they just want to check some boxes that makes the org compliant and go home. They don't enforce or apply GDPR, they enforce those checkboxes.

* all of the above in my limited experience.

plus nobody can be sure whether they 're GDPR compliant. I bet facebook thought so too.

Yeah, I bet they're all good boys and girls who couldn't have possibly imagined that all of the secretive ways they go about collecting data could be wrong.

Honestly, if this "loophole" is allowed to exist then the GDPR is not worth the paper it is written on.

The idea that consent should be freely given is ludicrous if it can be overridden by simply including it in a term in the terms and conditions. Facebook could probably write that they can kill or castrate the user at any time and most of their users wouldn't notice it (until the media picked it up).

In the United States time and again legal precedent has been set and reinforced that TOS is not a binding legal agreement but it’s somewhat of a grey area just what it actually is and what can and can’t be considered “fair warning” for being there. The American courts don’t really place a premium on privacy so that’s generally been summarily dispatched with and its ramifications ignored, but other jurisdictions clearly don’t feel the same.

There was a South Park episode about this... the human centipad.

I don’t understand what’s so hard to understand about the fact that ads is what pays for Facebook to exist?

It’s a key part of the offering! You get free access and get to see ads in exchange. Others have tried other business models and failed...that’s how the world works, the better offering wins!

If the problem people have is ads then just make all ads illegal and we can move on. But trying to use GDPR as a lever is silly...it’s not what its intended to do, as much as some people would like it to

IMO, ads should be made illegal, but that's not the point here. Facebook is perfectly free to show ads to people, they are just not free to track people. They are trying to use ads as a justification for tracking here, which is the contested point.

And before you answer that ads without tracking don't pay the bills, that's honestly Facebook's problem.

Every time I start thinking about ads being made illegal, I think about the small businesses who don't already have their brand established. Banning advertising entirely would crush many entrpreneurs for whom advertising is the only reason anyone knows who they are.

There's a big difference between massive companies seeking to keep their brand in your mind and small businesses trying to let you know they even exist.

But how do you ban one without banning both? Its a complicated issue

The need for advertising arises from having substitute goods on imperfect markets.

If consumers knew the perfect good or service that they wanted to buy and exactly whom to buy it from, there wouldn't be a need for advertising. As it is now, information asymmetry creates a demand for advertising, so until people know everything about every market, you're going to have ads.

The alternative to ads is subscription services, which already exist. If people prefered subscription social media to ad based they would flock to those, but they don't.

“The alternative to indentured servitude is free labor, which already exists. If people preferred free labor to indentured service, no one would sign a service contract, but they do.”

-paraphrasing someone 300 years ago, probably.

Sometimes people pick things that are bad; that people choose something doesn’t make it somehow good.

Pretty extreme to compare FaceBook to indentured servitude, everyone is free to leave FaceBook at any time and we know up front what their model is.

Seems apt to me. Indentured servitude actually seemed reasonable to a lot of people looking to move, you got expensive passage on a ship in exchange for working for a set length of time. Facebook is a platform for social manipulation, in a few hundred years I wouldn’t be at all surprised if we see that social manipulation as a morally intolerable evil. The sort of tracking/aggregating they do is a violation of privacy as extreme as indentured service is on free will.

An analogy is not a comparison. I think an analogy here was made to reinforce the point made, not to in any way claim that Facebook somehow deals with indentured servitude.

Por que no los dos? Sign up for Hulu today! Pay a subscription fee and still get the benefit of tons of ads! Or pay more for our Hulu (No Ads) offering, which still has ads on certain programs.

I'm surprised that FB after all these years hasn't offered something as simple as a paid upgrade for removing ads and maybe better photo storage or something.

Maybe that lack of long-term feature is endemic to the capitalist system/environment, because decade-long growth usually isn't allowed to sacrifice short-term growth. I couldn't imagine a private company like Valve Software making the same decisions.

It's not the ads that are the problem, it's the widespread tracking + use of personal data that large ad networks like facebook perform. That's why they're using the _data protection_ legislature against facebook.

Just replace "ads" with "personalized ads" in the parent

FB is free because they can pay for it with personalized ads. I doubt generic ads would fund the site as it stands today.

If generic ads can't fund FB, that's FB's problem.

FB does not have some sort of right-to-exist. Beyond that, if FB goes out of business completely, the world is arguably improved.

No, that is the users problem. The users determine if FB has the right to exist, as no one is arguing that any corporate entity simply has the right to exist.

I haven't used FB in years, but even I know that if FB didn't exist that another service would fill the gap in the market. The problem is FB plays fast and loose with privacy and security, which should be the focus of criticism for FB, since that negatively affects users. If FB didn't exist, you still run the risk of another player making the exact same mistakes.

> as no one is arguing that any corporate entity simply has the right to exist

Yes, but I do still see people give the "just don't use FaceBook then" argument on every post about this on HN, as if we should just ignore all the problems. Under this insane framework any horrible behavior by a company towards their customers is justified as long as you use their products willingly.

This also ignores the massive existing adoption FaceBook has. If I want to switch to twitter or mastodon or $otherSocialNetwork I have to convince everyone I communicate with on FaceBook to switch too.

The problem here isn't Facebook (even though it certainly has problems), it's that your preferences do not align with the majority of FB's existing users' preferences for social networks. That's my point - the users dictate what exists on the market, and entrants like Snapchat and TikTok show that it is possible for new social networks to attract users off of Facebook.

Regardless of user demand, many businesses and business models are still illegal by popular acclaim.

User demand is a necessary but not sufficient condition for a business to exist.

Such as?

Existing legality is not necessarily a good cause to dictate if a business should exist or not, as for some markets the law tends to lag society (i.e. federal law and weed dispensaries). This discussion isn't really about legality anyways, it's about market demand.

In this case, you could argue that the "users" is almost equivalent to the people (of EU), because of how widespread the usage of Facebook is. What we see here is that the people is starting to decide that some things that Facebook are doing are not acceptable anymore.

But my company depends on torturing puppies! Your anti-puppy-torture legislation will put me out of business!

> I doubt generic ads would fund the site as it stands today.

Maybe that’s ok.

The reason dumber ads pay so little is because the personalized ones exist. It’s hard to say what dumb ads would be worth if they were the only ads.

If that's actually true, then Facebook is an inherently immoral service that shouldn't exist.

To my knowledge no one asked them to be free.

> I don’t understand what’s so hard to understand about the fact that ads is what pays for Facebook to exist?

It's not hard to understand. Everybody knows this is the case. But that excuses nothing.

Also, it's only the case because that's the business model Facebook chose. They could choose a different one.

> You get free access and get to see ads in exchange.

I love how you say that as if it's the ads that are the major issue (it's not, it's the tracking), and as if seeing ads is some sort of benefit.

> If the problem people have is ads

Again, the problem isn't the ads, it's the spying.

I don’t mind ads. I mind tracking. Basically my demand is that Facebook show me dumb enough ads and use only data I consent to. Im ok with my age and gender and other things being used to target an ad - that’s information I already willingly gave them. But if they show me an ad based on a page I visited with a Facebook script snippet on it, a message about sneakers I sent to a friend, or a post I liked on Instagram they crossed a line regardless of what terms and conditions I accepted.

If ads that work without spying on users don’t pay enough to pay their data center bills then they should shut them down. I’m more than happy to vote for politicians that ensure this. I’m not comfortable saying “I’ll just not use services from companies X and Y because they use shady ads”.

> But if they show me an ad based on a page I visited with a Facebook script snippet on it, a message about sneakers I sent to a friend, or a post I liked on Instagram they crossed a line regardless of what terms and conditions I accepted.

Uh, no, they haven't. YOU are responsible for visiting websites and using their services under terms and conditions you agreed to. YOU are responsible for and capable of not using sites do not agree with. You are getting a service in exchange for being tracked and shown ads. If you don't like it, delete your account, or fix your damn /etc/hosts file to block the (admittedly overwhelming) number of domains FB uses for these purposes.

I'm no fan of Fb. I deleted my account, blocked thousands of domains in my /etc/hosts file, use multiple ad-blockers, etc. etc. Fuckerberg going to prison would make me giddy. But, you don't get to have your mystical cake and eat it, too. You don't dictate how they run, or what data they collect, or how they use it. Get real, dude. Take responsibility for your actions. You agreed to what they do when you read(skipped) the terms of service/privacy policy when you signed up.

This argument would carry more weight if the terms of service and privacy policies were both complete and written in a way that ordinary non-lawyer people could actually understand.

However, 90+% of the time, they're not.

Eh, if I sign up for a credit card for "0% APR!!!" and then don't read the fine print that it's an introductory offer, isn't that a result of my action (or lack thereof)?

That they use fine print or dense legalese doesn't invalidate the fact that it was there for the end-user to read and agree or disagree with. I find that most "ordinary non-lawyer" people can understand these policies if they take the time to actually read them. They're verbose, not arcane.

> I find that most "ordinary non-lawyer" people can understand these policies if they take the time to actually read them.

I find exactly the opposite.

> They're verbose, not arcane.

They're both.

The problem is that people aren't lawyers and don't read them with a lawyer's eye. This frequently leads people to think that the terms are saying things that they aren't saying (by design). People tend to think that these policies are more favorable to the user than they actually are.

> You don’t dictate how they run

Isn’t that what I did when my elected representatives pushed GDPR through though?

The reason there are so few successful services with sensible advertising is simple: it’s too easy to fool people to accepting terrible ads that pay more.

I don’t think users should be expected to know how to edit their hosts file to preserve their integrity. Nor do I think they can be expected to read the ToS (get real).

I want regulation to ensure that idiots cannot agree to ToS that endanger their information or integrity. The GDPR and similar laws, if properly enforced, goes a long way towards that. I especially like the idea that access to the service can’t be conditioned on data collection.

> I don’t think users should be expected to know how to edit their hosts file to preserve their integrity.

Ok, that's fair.

> Nor do I think they can be expected to read the ToS (get real).

I am being real. ToS and Privacy Policies can be, and often are, legally binding. Do I expect people to read them? No. Are they legally subject to whatever they agreed to, regardless of whether or not they actually read it? Yes. The user agreed to the contact. They clicked the damn button. They can deal with the consequences of their haste and/or stupidity.

> I want regulation to ensure that idiots cannot agree to ToS that endanger their information or integrity.

That's a bit different than what your originally wrote, which seemed to be less like a desire for regulation to address this and more like a a desire for a new ToS between FB and you, a singular end-user.

FWIW, I'm also a proponent of the GDPR and CCPA. But I also don't think people can just scot-free break or circumvent contacts they agreed to. Where is the personal accountability for the user? It can't just _not_ exist.

>I don’t understand what’s so hard to understand about the fact that ads is what pays for Facebook to exist?

I think most people understand that ads pay for Facebook. But so what? I don't see how it changes anything.

the claim is that they users didn't want to see ads even though they agreed to use the site, so they couldn't have known that ads are required for the site to exist

The article is not against ads generally, but instead Facebook's attempt to circumvent GDPR to continue showing personalised ads.

GDPR should be used for exactly this purpose - it is a protection against companies collecting and using personal data in this way. Facebook has the choice to show ads, just not personalised ones. What is specifically being argued about is that Facebook tried to claim ads were a contractual service (thus exempting them from rules on personal data) - but transparently they aren't.

And if Facebook can't survive in a future where it is forced to respect personal privacy, then may its death be ever sooner.

And if FB is not feasible without personalized ads, no user should be allowed to make that choice for themselves?

That would be called consent, which is exactly what FB is not collecting.

If an illegal operation exists, should users be allowed to make that choice for themselves?

User choice has no bearing on the issue. The activity is either legal or not, and it should not be legal.

> The article is not against ads generally, but instead Facebook's attempt to circumvent GDPR to continue showing personalised ads.

And yet Facebook is not alone doing this. While almost all the medium and small sized sites ask for consent nowadays the big players just seem to be immune. My go to example is spiegel.de which is one of Germany's largest newspapers. Full of trackers, full of personalized ads and I have never seen them asking for my consent.

The issue is not advertising, but "to aggregate user interests and track people on the internet".

While advertising is not illegal under the GDPR, collecting an individual's data for marketing or advertising purposes without a "basis" (as defined in the GDPR) is.

The plaintiff is arguing about data privacy, whereas Facebook's lawyer is playing the advertising card as a counter. The plaintiff is unhappy about the way Facebook uses personal data, while Facebook is arguing they have a legal basis for processing data for personalised advertising purposes in order to fulfil a contract which it entered into the users. (which is a basis in the GDPR).

If they lose this case, do you think it would it leave Facebook a liability for no longer being able to fulfill that contract? I.e. you can’t share my data, now where are my personalized ads that you promised?

IANAL, but I think that clause would become null and void.

User: "hey Facebook where's the personalised ads you promised me?" Facebook: "that clause was found to be illegal, and we have notified you that it is unenforceable by either party."

The issue here isn't just the fact that there are personalised ads, it's that Facebook wants to serve personalised ads without consent.

Right, and Facebook is arguing that it’s because they have to fulfill a contract. However, GDPR may block them from collecting the data they need to serve personalized ads. This would mean they wouldn’t be able to fulfill the contract.

To phrase my question in another way, would that contract still need to be fulfilled, if they are blocked by GDPR from collecting the data they would need to fulfill it?

The lobbies have been trying to reverse the controller/processor relation from the very start. They have been told time and time again this was not an acceptable interpretation of the GDPR. It's time one of them is made an example in court, with fines stiff enough to discourage any corp from trying this strategy again.

The GDPR is a failure anyway. US tech giants are still globbling up masses of data even if the individual hasn't consented.

For example, the "contacts" permission should be disabled on OS's in the EU as it's impossible to prove the user has constend to sharing that information, yet Google launches an API in chrome to access the users contacts which totally won't be abused.

Alternatively you can gobble up data and "accidentally leak" it through an open MongoDB or AWS instance, will anyone go to jail? Unlikely, nobody really cares.

I doubt Facebook is going to change its ways any time soon, they're simply too big to fail at this point

GDPR enforcement is just beginning. The cases again the big guys have started to be made, but haven't actually made it yet. When they do, things will get interesting...right now we're in limbo...or more precisely in a Wile E. Coyote moment.

I am keeping my popcorn ready.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact