It's hard to sign away some consumer protections even with an actual, physical, signature - what makes companies think some legal mumbo jumbo that isn't worth its bytes on a drive will somehow do?
Weaseling around consumer protections in their TOS to give Facebook a blank check to fuck over consumers? Yeah courts will just love that one.
I guess EU have something similar since we adopt a lot of the laws from the directives.
While they may "think" that officially I do not believe they do internally. Fact: Enforcement takes years. Fact: The fines are often tiny. Fact: They make billions while this goes through court. Conclusion: They have every bit of motivation to act dumb while raking in the money.
And the entire public just stays, acting like they don't have something better to do.
"It was illegal. You knew it was illegal. Your claim of ignorance is not a defense because it was your job to know that so you can have a stretch of a few weeks in the slammer with a criminal record to go with that."
Yes caution needs to be taken not to overreach on the enforcement and sentencing just like it does for every single other fraud case.
Because in most cases it does (because the mumbo jumbo is never challenged). Users generally do not attempt to enforce their protections under the law against software or so-called "tech" companies. Unenforceable terms in EULAs and TOS can go unchallenged for decades. Schrems seems to be one of the very few users who is actually filing complaints.
This case is a reminder that the user is not the customer. According to this summary, Facebook is arguing it has a duty under contract to its customers (advertisers) and that provides Facebook with an exemption under the GDPR from having to provide its users with a choice whether to consent. Customers have contractual rights they can enforce against Facebook. Generally, users do not. That is intentional on the part of Facebook.
As I read the article two lower courts in Austria do think the argument passes legal muster:
> The two lower Courts in Austria however took the view that is solely in Facebook's discretion to claim a term to be a "contract" or "consent". Consequently they saw no issue with Facebook's bypass, but also held that the matter needs clarification by the Supreme Courts.
Am I misunderstanding something?
You are misinformed.
When it's a minimum of 25% of revenue, the companies will take notice.
Until then, it's just factored in like pencils and laptops and coffee: just another cost of doing business.
For smaller breaches it is 2%.
If you want to join (for free), see https://www.consumentenbond.nl/acties/facebook/aanmelden .
Even if I only ever get a single euro from that case, that euro will feel better than making 1000's from regular work, and if it's ever paid out, I'll take my children out to dinner from it (I suppose I'll have to chip in the difference myself so that we won't have to split one item off the McD's dollar menu...) to celebrate that not all hope is lost.
That’s a bold move. Very user hostile. If users want personalized ads, then let them opt in.
I do NOT want to see a mountainbike ad, ever, because I browsed a random retailer for mountainbikes, or wrote a message about a mountainbike to a friend on messenger, or because a friend of a friend bought a bike on fb marketplace etc etc.
Facebook goes really far on this. It seems even pausing your scrolling for a few seconds more than usual is enough for them to think I’m interesting. I’m not. I’m just trying to figure out if I want to read this post or not.
Either you have a legitimate interest in the data (by which I mean you have to use the data in order to do what the user explicitly asked you to do), at which point you can process the data without asking for consent, or you don't, at which point you must ask for consent, and you must not alter/degrade the user experience if you do not get it.
As a non-legal person I in all honesty can't understand why e.g. storing person's credit score is legitimate while storing their advertising profile isn't.
So it’s not so much that storing their advertising profile isn’t a legitimate interest, it’s that users’ desire for privacy supersedes it.
(Not a lawyer, have read the GDPR.)
The whole thing seems to be designed for arbitrary enforcement to me. The only positive thing is that people people start discussing the topic seriously, and companies start being explicit about what they are going to use with people's data.
Let's be honest, if you're using Facebook you've basically agreed to personalised ads on some level. We all know their business model. Try convincing random joe that Facebook don't read their messages for ad purposes and you'll probably find most won't believe you.
With that being said, Facebook also knows if their users are given a choice most will choose not to get personalised ads. That's why they fight so hard againist any privacy move.
Yes, but no. Someone who joined Facebook in 2007 would have had very different expectations than someone joining in 2017. And there's a difference between "sure, send me personalized ads" and "sell everything you know about to me malicious actors"
You don't have to join Facebook to be part of its data collection octopus.
The GDPR quite explicitly rejects the idea that this constitutes consent.
But my point was more about the basic idea that people know Facebook is data mining them and use it anyways therefore the idea that you haven't opt'd into it is a bit silly. I wasn't talking about the legal point of view.
> my point was more about the basic idea that people know Facebook is data mining them and use it anyways therefore the idea that you haven't opt'd into it is a bit silly
Another relevant point here is that we seem to keep focusing on cookies, but that's just a small part of the equation.
It's not directly relevant, but regarding exceptions to the consent requirements of the cookie law, apparently there are two: 
> - the cookie is for the sole purpose of carrying out the transmission of a communication over an electronic communications network
> - the cookie is strictly necessary to provide an ‘information society service’ (eg a service over the internet) requested by the subscriber or user. Note that it must be essential to fulfil their request – cookies that are helpful or convenient but not essential, or that are only essential for your own purposes, will still require consent.
Unlike the GDPR, there's no necessary for the performance of a contract exemption.
Its confusing, I know.
Do you have to agree to be tracked? Or agree to be served ads? Because there are plenty of paid services where you're promised no ads (and indeed aren't served any ads) and yet are tracked to the same extent as the free users. I don't think I've come across any services that allow you to pay not to be tracked. Only those that allow you to pay to avoid ads. It's frustrating because it's not the ads I have a problem with - it's the stalking.
Sort by fines desc :)
I wonder why there aren't more enforcement actions...
Now we are talking :-)
Complying with the GDPR isn't "free". It's like these companies belive "oh we can't possibly comply with that because it would hurt our bottom line!".
Example of a void contract: When Buying a used car, Salesmen makes you sign a contract: "No warranty nor cancelation of contract possible after purchase".
I guess what is void is that specific clause. Otherwise, any vendor could include a clause saying "you relinquish some rights" just in the middle of the text and, after the fact, claim that the contract was void and require you to return an item (say, a car).
So, I guess you mean that specific clause?
Luckily European courts don't really give a damn about Facebook or their business model.
It's not that European courts never play favorites with large companies, but Facebook isn't really known for paying a lot of taxes here and doesn't have many employees in Europe (at least an order of magnitude less than e.g. Volkswagen). Facebook is seen as a foreign company that doesn't know how to play by the rules, and was a major motivation for creating the GDPR in the first place.
From what exactly? You'll see where I was going when you try to answer that simple question.
Because your answer will be -- tech giants.
>From having their information processed/sold without their consent.
The targeting of tech giants is implicit here.
I don't think it's fair to make the grouping "tech giants " here. It's the "ad-giants". It's the companies whose business model is personal information. It's a small subset of the tech giants. In fact, much smaller adtech companies probably have a lot more to lose from GDPR than fb and google have.
Facebook, unlike a lot of online services, would still be able to target ads just because they know what people like without using any information people haven't consented to. A random news website on the other hand has to start showing me (a man) ads for women's clothing because news sites can't be as sure about my gender (or taste in fashion) as facebook is. So as weith so many things, I think the GDPR is just serving to reinforce the position of facebook, not the other way around.
It just so happens that some "Tech Giants" fit into that category.
Nope a small American firm can infringe those rights and face zero consequences. A US Multinational with operations in Europe can't.
So implicitly -- bigger companies are targeted as they have more of a global footprint.
>The second exception is for organizations with fewer than 250 employees. Small- and medium-sized enterprises (SMEs) are not totally exempt from the GDPR, but the regulation does free them from record-keeping obligations in most cases (see Article 30.5).
That's a mighty tight clutch you have on those straws.
Perhaps the people at Facebook believe the oft-repeated HN meme about "Companies are required by law to maximize profit for shareholders!"
The tech bubble is like politics: If you tell a lie enough times, it becomes the truth.
They can indeed expect facebook to act legally.
Also, don't forget that FB is a (near) monopoly, so the advertisers depend on them just as much as the customers. Especially the small ones.
This is legal matter, not a witch hunt.
You're not making much sense to me, tbh.