[ejlangev]

Best endorsement of GDPR they could possibly make. Everyone knows Facebook collects more data than most people probably want so it follows that a privacy law they don't want to roll out everywhere must help curtail that to some degree.

[dclowd9901]

Yeah, and to a degree that theyre willing to eat the cost of maintaining a much more complicated privacy structure (and, inherently, code base) to not roll it out everywhere.

[slivym]

I don't think that maintaining different strategies in different areas is the more costly procedure.

The assumption you're making here is that GDPR is one and done. In all likelihood, most major jurisdictions are going to introduce privacy laws at some point. If you don't build your international service to allow for different rules in different jurisdictions you're going to have to follow the strictest of those laws. Heck, I'd put money on some countries forcing some web services to record some data for law enforcement purposes and other countries barring facebook from recording the same data for privacy reasons.

So really, you have to build this system in a way that can be tailored to each market you operate in.

[amelius]

Playing devil's advocate: it could also be that their implementation of the GDPR necessarily restricts functionality from the user's point of view. And they simply want their users to have the best (in their view) possible experience.

[smt88]

GDPR can't restrict functionality that I want because if I really wanted it, Facebook would ask me to opt-in and I would.

GDPR doesn't penalize or prevent innovation. It just forces it out into the open.

[ljm]

It's quite telling in such a situation when a company like Facebook hypothetically won't deliver a certain feature if they have to make their intentions clear. The immediate assumption is that they don't believe their justifications for it are sound and nobody would opt in, so they depend on keeping those motives private. Quite ironic, expecting your users to trust you but not trusting them at all, but I suppose that's business more than anything (sadly).

[legel]

"GDPR doesn't penalize or prevent innovation. It just forces it out into the open."

This is a nice summary.

[amelius]

The GDPR still limits developer speed/freedom, and supposedly Facebook can build new stuff much faster without having to deal with the GDPR at all.

[Barrin92]

In the same sense as medical trial guidelines diminish scientist freedom and safety regulations regulate the freedom of engineers. Sorry, but just as I demand that if I walk into a hospital I'm being treated safely, consumers can demand the same thing from me as a developer.

Compared to the freedoms of millions and billions of uses my 'developer freedom' is pretty far down the list of things that matter. As developers we are servicing people, they are not our lab rats.

[friedman23]

Social networking software is not in any way equivalent to medicine so thank you for making this false equivalence because it proves the point that these regulations are ridiculous.

If you don't want facebook to track you don't make an account on their website and don't click any of the stupid buttons on their website.

[Barrin92]

Having seen the influence social media can have on our discourse and even our political systems, including manipulation of democratic elections I think that comparison is absolutely warranted. It is the infrastructure of our modern communication, not just a 'website with stupid buttons'.

[darkarmani]

> If you don't want facebook to track you don't make an account on their website and don't click any of the stupid buttons on their website.

They still build a shadow profile of you from mentions and photos that friends upload.

[smt88]

Facebook tracks us through our friends' SMS history, contacts, and invites.

It also tracks us through its widgets on other sites.

It requires a lot of effort to fully opt out.

[flooq]

Without regulation like GDPR, Facebook aren't obliged to state what those stupid buttons actually do with regards to the information they store about you.

Being open and honest with people really doesn't slow down development all that much.

[smt88]

> GDPR still limits developer speed/freedom

Good!

This is like saying that prescription-drug regulations are limiting speed/freedom. When those things are dangerous to the user, they should be limited!

And I still don't agree that it slows anyone down. Want to launch a new feature quickly? No problem, go ahead and launch it. All you have to do is add an opt-in dialog at the beginning.

As far as freedom goes, we've seen the abuses of that freedom and it's time to limit it.

[quickben]

After all this time, all the leaks, and everything that came out, you are still willing to give them the benefit of the doubt.

This is so sad.

[frockington]

They explicitly said they were playing devils advocate. Not that they were expressing their views

[quickben]

There is an approach to use a disclaimer to state a controversial view. There are many forms to this: "I am not a racist, but...", "No offense, but..." , "Let me play a devil's advocate, ..." , Etc.

The form usually proceeds by stating a view. You think attribution is more important than the propagation (or content) of the view, and that is fine. For me, the content and propagation usually rank higher.

In the case of FB, I think we all had enough proof that the quest for money is above everything. According to the latest leaks about their execs, even above human lives.

So, at this point, I find any attempt to defend them, even hypothetical, sad.

[smokeyj]

Playing devils advicate, what if we left silly ideas at home.

[dominotw]

Wouldn't you get the same answer if you ask CEO of any company though?

[smueller1234]

I know of at least two of the large (multiple tens and hundreds of billions in market cap) tech companies (other than Apple, already mentioned in this thread) who are making a lot of global changes for GDPR.

So no, I don't think that response is universal.

[aylmao]

Which ones?

[Redklao]

No reason to think so. Apple, for example, is already rolling out new features that are intended to make them GDPR compliant worldwide.

[guitarbill]

As are all large cloud providers [0][1][2], because obviously.

[0] https://aws.amazon.com/compliance/gdpr-center/

[1] https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/def...

[2] https://cloud.google.com/security/gdpr/

[solarkraft]

> obviously Isn't it a significant expense to comply with the GDPR, especially in Facebook's business? I'm guessing the only companies doing this don't have much to lose by complying globally.

[lucideer]

There's three costs:

1. The administrative/maintenance cost of complying: this is sunk if you have European users at all.

2. The cost of the measures to your business model, if personal user data is a central part of your business model.

3. The adminstrative cost of maintaining radically different user data management systems for EU -vs- non-EU users.

Doing number 3 is only worthwhile if it's a lower cost than number 2. I would guess 3 would be higher than 2 for most companies. Clearly, 2 is extremely high for Facebook.

[bonesss]

I can imagine that there is a local minimum of costs 2 & 3 where the infrastructure is modelled so that privacy legislation is supported, but the company makes no commitment to enforcement/compliance anywhere but the relevant jurisdiction. That way you've take the sunk costs of development (technical and compliance), but drained the project of any administrative costs for the rest of the world...

[zyx321]

If you do business in the EU, you'll incur most of those expenses anyways. It makes sense that companies would offer privacy protection to all their paying customers.

In the case of Facebook, it makes sense that they wouldn't want to offer privacy protection to their livestock.

[guitarbill]

I mean cloud providers are different. First, there's that level of indirection. You're a customer, not necessarily falling under the GDPR, but your customers might. So the mechanisms are in place to handle that worldwide, which you could choose to extend to everybody. Then there's the data from you being a customer directly, which is largely exempt from many GDPR things like opt-in anyway, since they actually need it to e.g. bill you, provide customer support, etc.

So far, I don't think any cloud providers show you ads based on your usage, but it's only a matter of time :) / :(

[scrollaway]

Sentry as well. https://blog.sentry.io/2018/03/14/gdpr-sentry-and-you