[ianstallings]

With new regulations like GDPR coming online FB's business model is basically kaput. They're going to need to rethink their whole stance if the world follows EU's lead. Given that Zuckerberg was called to testify in front of congress, I think we're probably going to see much more action.

[idoh]

On the contrary, the GDPR helps Facebook. As background, I am a product manager dealing with GDPR issues right now. The requirements are quite onerous, but they are not intractable. I am sure that Facebook, with their army of engineers and lawyers will be able to find a way.

Facebook already has traction, and if push comes to shove can anonymize their data so it is at least still somewhat valuable.

However, the window is closing for any new social networks to get started, because the startup costs are simply too high and you can't growth hack like you used to.

What I am saying is that it is quite reasonable to assume that Facebook will be the last social network out there, that they will survive and no new competitors can emerge. If any hope of competition gets removed, then that benefits FB.

[lotu]

100% to this. I’m an enginer also working on GDPR and you sound exactly like my product manager. GDPR is likelly to result in the number of advertising technology companies going from thousands to dozens. One of the requirements is that you inform users who you are sharing the data with. If you have a list of ~10 companies is allowed under GDPR, but a constantly change it list of 500 companies is not. The result massive consolidation.

This is very ironic because one the the complaints of the EU against companies like Facebook or Google is that they are monopolies in the advertising space, and then they passed a law that will have the effect of force it their competion out of the market place.

It’s a real shame that no one is really covering this aspect of GDPR.

[forapurpose]

> One of the requirements is that you inform users who you are sharing the data with. If you have a list of ~10 companies is allowed under GDPR, but a constantly change it list of 500 companies is not. The result massive consolidation.

Are you saying that GDPR puts a limit of between 10 and 500 on the number of companies you share data with, or are you saying that it's impractical to share a constantly changing list of 500 companies with the user?

The latter seems easy to do: Just create a webpage and keep adding the names of new companies. Email a link or the list to the user as needed. Do I misunderstand?

[PeterisP]

As the adtech data sharing usually doesn't fall under any other legal reasons that would allow you to use that data, you need to get consent for the new companies. If the user ignores your email and takes no action (doesn't opt in), you don't have their consent, and can't share their data with the new companies.

But IMHO that's the whole point, the legislation is a response to users saying that they don't really want such companies to exist - the business practice of taking my private data and sharing it to the world 500 companies will now require my explicit opt-in freely given consent (i.e no "we'll refuse service if you don't consent"). The expectation and intent of this law is that I and pretty much every one else will simply not provide that consent, and that business practice will become impractical and die out, as it should.

[mysterypie]

I wish you were right, however, just because a Congress called a hearing doesn't mean a sea-change in laws and practices. Congress looked into personal information collected by the NSA (post Snowden) and consumer credit reporting agencies (after numerous hacks and leaks). Did their business models go kaput? Did anything change in a big way?

[nemothekid]

AFAICT, there's nothing in the GDPR that technically prevents Facebook from existing. At worst I'd imagine that the GDPR will just kill the Facebook developer platform (or more likely, neuter it beyond usability). All the GDPR does is prevent companies from being fast and loose with user personal information without their awareness - they are still free to monetize it, and I bet the vast majority of the world will still be happy to use Facebook despite what warnings the EU gets to put on FB.

I'd imagine most new social networks (if any, the last large social network I can think of Snapchat is 6 years old), will simply try and prove out their network in US first, then hire regulators to figure out GDPR, if the US pass their own GDPR.

Honestly, despite the good intentions of these laws, which I think are good, I think they will just further cement the Google/FB digital advertising duopoly. If you are starting a new social network today, I'd imagine your business model is "capture $demographic that fb poorly serves and get acquired into fb before you become viral in the EU"

[return1]

People are bound to be disappointed by the effects of GDPR. FB can reasonably claim that its tracking is necessary for its function , because it is. The stuff they ll have to get rid of is marginally profitable anyway. GDPR is not hurting facebook, instead it's legitimizing its model in the eyes of the consumer by giving it the "stamp of EU approval".

[seanhunter]

I agree with your assertion that if GDPR expectations are high, they will be disappointed, however the "legitimate interest" claim doesn't trump the data subject's right to privacy in GDPR. As I understand it, you can only really claim legitimate interest if you're not doing any kind of direct marketing and are able to show that there is not undue impact on the data subject. There's a lot of conflicting information about this on the web but the actual language of the directive is pretty straightforward.

“The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller."

If you don't have a facebook account for example, you don't have a relationship with them and therefore have a reasonable expectation that they would not be tracking you.

Edit: Granted, the language is somewhat ambiguous and we won't really know how this shakes out until there is established case law later in the year.

[rhizome]

Congress essentially spent two days begging Zuck to do their jobs for them, asking the fox to design the henhouse.

His testimony is not required for passing privacy legislation.

[lotu]

Several of them also were asking what chickens where and why one would desire to own chickens in the first place. The whole thing is very sad the point of this is for each congress person to get to feel special by getting to look down and act tough against Zuckerberg. They didn’t even spend the effort to do basic research so they didn’t waste time answering questions that could be answered by using facebook.