[star-castle]

what? seriously? Do EU citizens have some kind of legal right to Facebook access, now? It's illegal for Facebook to not serve people they can't sell to advertisers?

I'd love it if Facebook were nationalized (or destroyed), but none of the coverage of the GDPR made it sound like it was going in that direction. I thought it was just another stupid "click here to acknowledge our cookies" rule that was going to spam up the internet.

[gonmf]

There is no legal right to Facebook, but if Facebook wants to do business here, it has to abide by our rules. And our rules are very simple, you cannot deny service because the user doesn't allow tracking if tracking is not necessary for your service to work. And it isn't in this case, it's only necessary to deliver higher paying ads.

Since they are being selective on the users they accept based on being tracked, they are now on track for another EU fine.

[ovao]

It's disconcerting to me that under the GDPR, online businesses appear to be losing the ability to deny services to a user who knowingly, and with clear consent, chooses to take personal responsibility over the data they provide to said businesses.

Regardless of whether this is for the "greater good", this is deeply unsettling territory.

[mrweasel]

You're not allow to operate that way in most other businesses anyway. You can't sell leaded paint, even if clearly marked. You can't sell unsafe cars, even if you tell people that even low speed impacts will kill them.

There's a ton of stuff you can't do, even with clear consent, because otherwise people who lack the means to understand the compromises or afford the safer choices will suffer.

[tlrobinson]

Those are safety/environmental issues. Showing you ads based on your preferences is not.

[mrweasel]

You could easily argue that tracking users behaviour is a safety issue. But fair enough, how about the loan business, you aren't allowed to charge overly high interest on loans. That's neither a safety or environmental issue.

[ovao]

Predatory interest rates frankly don't concern or particularly bother me. I think, for me, that only becomes a point of concern if a person is simply mentally unfit to make such decisions for themselves. In such cases the general guidance that someone else deemed fit should be responsible for that person's decisions applies, which goes back to the point you made earlier.

[barrkel]

And if those ads tip an election based on psychological pressure points chosen on the basis of your preferences? That's an even bigger risk than safety and environmental issues in my book.

[rosser]

It has been repeatedly demonstrated that machine learning can reliably predict when, for example, a bipolar person is going to enter a manic phase.

Should ad companies be able to model someone's mental illness and show them ads for gambling sites, or whatever, when their brain is acutely more susceptible to them?

[cdancette]

I think we're underestimating the global health issue due to online advertisement (alcohol, smoking, or just bad eating habits). And I'm not speaking of attention disorder of so-called 'multitask kids' caused by social media that have business models based on ads, and do everything to grab your attention

[dbbk]

If you believe Apple and Microsoft's CEOs, privacy is a human right, so I suppose that would put it up there.

[briandear]

False equivalence. Lead paint has the ability to harm others beyond the person making the purchase. Comparing Facebook to lead paint regulations is ridiculous.

This is nothing more than a digital drug law: “You can’t choose what services you consume because we are determined to protect you from yourself, like it or not.”

[icebraining]

The idea that FB, and personal data tracking in general, doesn't harm third parties is not universally agreed upon.

[e12e]

Maybe a free public toilet that simply demands the right to broadcast a videofeed of its customers is a better analogy? Be they minors or not?

[waisbrot]

How did you determine "knowingly, and with clear consent"?

I guess I'd agree that if someone wrote a 5 page paper describing all the ways that Facebook harvests their data and what might be done with it afterwards then they should be allowed to do what they want? But I suspect most people would be like "uhhh, I think they, um, know what pages I liked? And maybe they use that for ads?"

[ovao]

I'm not referring to Facebook specifically. The dialog that Facebook's displaying to EU users (according to the tweet) isn't actually very clear in itself about what they're asking users for.

"Clear consent", in my mind, would be something along the lines of "we use tracking cookies and tracking on widgets third-party websites embed, as well as the data you provide to us in terms of posts, comments, photos and other content to personalize the ads you see". If you accept those terms, well, then you certainly can't be surprised when Facebook — or whoever — does precisely that.

[icebraining]

Your phrasing is confusing. Why would the business want to deny services to a user who chooses to take personal responsibility over the data they provide?

[ovao]

Sorry if it wasn't clear. I'm suggesting that a business should have some right to deny service to a user who chooses not to participate in tracking, so long as it's made abundantly and plainly clear to said user that they'd be tracked, and that the user consents to that.

Based on my interpretation, the GDPR simply precludes that possibility.

[dbrgn]

I assume if you made a business where the user can sell their behavioral data for a service in return, and if the whole goal of the business was selling data in return for a service, then I would interpret the data collection to be strictly required for the business goal and thus legal under the GDPR (given explicit consent).

The official goal of Facebook is not "buying your data" but "providing a social network". Thus, targeted ads are not strictly necessary for providing that service.

[icebraining]

I think the data must be actually necessary for the thing you're providing to the user. So if you're paying cash in exchange for data, that wouldn't be allowed, because you don't need someone's data in order to give them cash.

[s73v3r_]

I fail to see why. Without clauses like this, you'd be at the same place you were before, "Either agree to all of our completely invasive and probably unrelated terms, or go pound sand." The GDPR is shifting the balance of power back so that users do have some bargaining, not just the take it or leave it that's been so prevalent for so long.

[ovao]

I think the issue is that it really hasn't been a "take it or leave it" environment in the past years. Things have been done against the interest of user privacy by burying the explanations in long privacy policies filled with legalese, and in the general underhandedness of data exchange between multiple parties. The inability to remove data you've provided to a website, too, I think is problematic in ways.

I'm a big proponent of user control, and a similarly big proponent of businesses taking much greater responsibility for the data they collect (my data was part of the Equifax breach, so I certainly get it). I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that.

If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever.

[jkaplowitz]

You lose the power to participate in Facebook-only groups, which are surprisingly prevalent in some places. I have very limited access to two communities here in Montreal that I'd otherwise get a lot of value out of, because their only online communication system is via Facebook.

I've told Facebook to pound sand for roughly their entire existence - never had an account even though I had the chance right after they expand beyond Harvard - and am considering whether life circumstances will increasingly force me (in practical rather than literal terms) to sign up.

A company in that semi-mandatory position deserves lots of binding rules to protect the rights of unwilling users, just as is true for electric companies since you rarely have much choice there.

Plus, I don't think Facebook's massive wall of several huge interlinked policies with soft-pedaled descriptions of what they do meets either of your A and B criteria, especially not when it's modally interrupting the user.

[s73v3r_]

"I think the issue is that it really hasn't been a "take it or leave it" environment in the past years."

What? Yes it has.

"I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that."

I'm not, mainly because business has been shown that they absolutely cannot be trusted with that. They have abused the privilege, and so they had their toy taken away. If you want to be upset at someone for that, blame the businesses for not reigning in themselves, not the governments for doing what their populaces wanted.

Not to mention, A and B almost never, ever exist.

"If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever."

You've lost all power in that relationship, because you have no power to bargain. You have no power to negotiate. And while you'll gladly go pound sand, not everyone is in a position to do so.

[ovao]

Can you give me an example of someone who isn’t in a position to — in simple terms — take their business elsewhere when it comes to dealing with some sort of online company with whom they’re voluntarily sharing data?

[crankylinuxuser]

Your account has been suspended for the foreseeable future for breaking the terms of service.

No we will not tell you what you did. You already know what you did.

Our automated systems found your policy violation and acted appropriately. They are beyond your comprehension or refutation.

You may not talk to a person regarding your dismissal. It is against policy to discuss active or closed issues.

You have no recourse other than social media or tech websites, and beg. And we still will likely not care.

--Care of US tech companies.

....So, you want to live with rules for companies that allow this kind of egregious and arbitrary actions? I sure as hell don't. Want to see what this stuff devolves to? Look no further than Comcast and ilk.

[kazinator]

> They are beyond your comprehension or refutation.

Where by "your" we mean "one's", i.e. effectively "our".

[crankylinuxuser]

I was writing the first part as a US company would say to a user.

"Your" in that context was from the company to the user they wronged.

[ovao]

Either we’re not talking about the same thing, or I don’t quite understand how your comment relates to mine. I really can’t answer your question.

[Marysville]

It's like seat belts. You cannot sell a car without seat belt regardless of customer's choice. The customer's choice come later whether or not he wants to put on the seat belt.

Car = Service

Seat belt = Tracking protection

[ars]

And if higher paying ads are necessary for the service to work?

Or do you foresee this being like drug prices, where the US subsidizes drug development for the world?

[icebraining]

They aren't, though. There are other ways of making money. Like charging people. If people won't pay, well, worst things could befall the Union than Facebook leaving.

[cortesoft]

Why can't they charge you in data? If they present the deal to users as, "let us track your data, and in return you get to use facebook", is that not a trade that should be allowed? Isn't part of being able to 'be in control' of your data being allowed to sell it yourself?

I think the key point is being clear about the trade. I think FORCING all websites to only be paid for by cash is bad; you should be able to trade your own data for access to a service.

[icebraining]

Why can't they charge you in data?

Because "In the EU, personal information cannot be conceived as a mere economic asset: according to the case law of the European Court of Human Rights, the processing of personal data requires protection to ensure a person's enjoyment of the right to respect for private life and freedom of expression and association".

https://edps.europa.eu/sites/edp/files/publication/16-09-23_...

[ars]

So what you are saying is that the EU should tell Facebook they can not make money by having ads, instead they need to make money by charging people?

Is that typical, for the EU to get that involved in business decisions?

[icebraining]

Well, first, ads are not the problem, tracking is. Also, they can make money from tracking, but they have to convince people to consent - more like a donation than a payment.

But yes, the EU does get involved in plenty of business decisions, just like governments everywhere. Usually when an industry is misbehaving and violating what is established (e.g. by the ECHR) as the rights of individuals.

[ars]

> But yes, the EU does get involved in plenty of business decisions, just like governments everywhere.

Obviously. But that's not what I meant.

They did not say "tracking is illegal", they said "it's illegal if not necessary".

Are they then say: "It's not necessary because if you completely restructured your business you wouldn't need to track."

That's the part I meant - do they really go to that level of detail?

[vidarh]

Then Facebook is free to withdraw from the EU market, and someone else will take their place in the EU.

[stedaniels]

I'd be more understanding of your comment if Facebook was only just making a profit. However we both know it's raking in the cash.

[ars]

Are you saying this law should decide if someone is making "enough" money, before deciding if profit is necessary to provide a service?

[halfdan]

Given their de facto monopoly I'm not sure "There is no legal right to Facebook" is correct anymore. It's sort of like the internet where if you were denied access you'd have a significant disadvantage in society - it could easily be argued that denying access to Facebook gives you a similar disadvantage.

At the end of the day this will need to be decided in courts.

[BlackDeath3]

Personally, I'd really not like to see a precedent set for a company entering a market, doing very well, and then being legally compelled to provide their product as some sort of legal right to an entire population. It might be a different story if said company is employing anti-competitive practices, but telling somebody that they're now legally obligated to serve a community because they're just too good at what they do, or so popular that nobody else can best them, seems a little too authoritarian for my taste.

[jkaplowitz]

Oh, they're allowed to withdraw from the market, or decouple the privacy-invasive bits and find a way to make that work financially when users don't opt in to those. Nobody's forcing them to serve Europe if they insist on being this awful regarding mandatory tracking. They're free to allow space for a competitor to grow with a different attitude toward privacy.

[BlackDeath3]

Right, I'm not talking about withdrawing from the market, I'm talking about remaining in the market and being allowed, as a private company providing a private service, to freely associate.

I have no qualms with a competitor starting up to serve those denied by Facebook, but let's not muddy the water by equivocating a monopoly as a result of anti-competitive practices with one that forms simply because nobody wants to use anything else.

[jkaplowitz]

Restrictions on how private parties can provide a private service are ubiquitous in every market. In the US, home-cooked meal startups get shut down because their uninspected kitchen doesn't meet commercial standards. In Ethiopia, you need a local entity with an IT license (seriously) to import a Dell server that you've already purchased. In Canada, you can't agree to an employment contract that allows for zero-notice zero-compensation firing when you didn't do something extreme like steal. Etc.

I don't think most of the people who find Facebook convenient for coordinating groups actually choose the tracking knowingly and willingly (at best begrudgingly), nor do they choose to exclude the people who object more proactively to those things even when that's the effect.

Society's legislative and regulatory choices have a valid role to fix negative externalities of what economic actors would otherwise naturally do. Natural monopolies/oligopolies like electric companies, highway operators, and Facebook are all worth regulating for roughly the same reasons - even according to Orthodox free-market undergraduate microeconomics 101.

[BeetleB]

>it could easily be argued that denying access to Facebook gives you a similar disadvantage.

It is a lot easier to find people like me who never had FB accounts and who can testify that not having one has not impacted my life.

[totony]

What if you provided an alternate access model?

E.g. allow them to either sign up to the tracking or pay 100$/month for access

Tracking would not be mandatory to access the service, as the alternative way (to pay for the service) is available

[zerostar07]

What is facebook's business? Targeted advertising. They don't sell you a friends management system for $0, they sell targeted ads to people who expect to receive targeted ads, and tracking is necessary for that.

The same can be said about google's search service. The search still works, but adsense and adwords won't work without your private info. And google can claim it doesn't sell search, they sell ads.

[KozmoNau7]

It's not strictly about which services you are selling, it is about which services you are providing, and Facebook absolutely provide a social network website/app. Google absolutely provides search and email.

[andai]

As an EU citizen I am offended by this regulation.

[akie]

How? I mean, why are you offended by this attempt to curb the data that companies can collect on you without your consent?

[kodablah]

How this reads: How are you offended by attempts to curb terrorism? How are you offended by attempts to save the children?

We can agree on intent and disagree on practice. I disagree with the GDPR in practice, but agree with its intent. I think there are many other ways to tackle these problems, and this is probably the worst one (especially to start with assuming this is the first really enforced one).

[mrec]

Somewhat ironically, as a (UK) Leave voter I rather like it.

[simonbarker87]

Voting to leave doesn’t automatically mean one has to dislike all laws from the EU. It’s ok to want to leave the EU whilst also liking some aspects of what it brings us. As a person who voted remain this has been one of the most frustrating things about the whole Brexit situation, it’s like it has to be a binary status: one either loves the EU and everything about it or you hate the EU and membership brings no benefits at all.

I don’t think it’s ironic that you like this law, I think it’s understandable that you would if you have privacy concerns and, given T. May’s choices over the years, you were unlikely to get it without membership to the EU.

[mrec]

I couldn't agree more; I too get frustated by the degeneration of most public debate. Personally I was very much on the fence, leaning net Leave on the meta level (major constitutional change should not happen without a popular mandate) but net Remain on the object level (especially on things like digital rights, where the UK has a long and sordid history of tin-pot authoritarianism long predating T. May).

[spullara]

Since they use that data to sort your feed I think they can argue it is necessary for the service to operate.

[KozmoNau7]

It is not essential that they sort my feed, though. Everything still works perfectly fine with a simple chronological feed.

None of the tracking they do is essential to the service they ostensibly provide to their users, namely as a microblogging/discussion/sharing platform.

[rock_hard]

I don’t think most users would find value in a product like Facebook or Google without ranking actually.

I bet that nobody would! Ranking is what makes these products work...and it requires data to do the ranking.

[KozmoNau7]

Why do you think ranking is important? A simple chronological news feed should be perfectly fine.

Sure, rank search results based on how many users a given group has, and put the most popular ones at the top. That doesn't require violating anyone's privacy.

[rock_hard]

Trust me, if ranking had no value...no product team would bother implementing it.

The reason ranking is used left and right these days is because it makes products dramatically better.

[HumanHater]

In that case Facebook should offer user a choice between paying for the service directly or letting advertiser to do that. I doubt that any nontrivial amount of users would choose to pay even $100/year so that wouldn't change anything for Facebook. However it could be enough to comply with weird EU regulation.

[andai]

I heard recently that Facebook was considering this and would have to charge $11 per user per month to make up for the ad revenue.

[thefifthsetpin]

"I'd love it if Facebook were nationalized"

What you're looking for already exists; install WeChat.

[zb123]

Please take a moment and consider the implications of a nationalized company that tracks and records every thought of its users.

[chesimov]

Do mean that a government is less trustworthy than an independendent corporation? That a corporation will better look after the interests of its citizens than a government?

[kodablah]

> Do mean that a government is less trustworthy than an independendent corporation? That a corporation will better look after the interests of its citizens than a government?

Quite frequently, yes to both questions. Choice is key and many often feel more empowered to individually choose their company than their government.

[rosser]

How does that square with it being an implicit goal of most companies to own their entire market, eliminating that choice?

When there isn't meaningful competition in a market, it's specious to point to the abstract possibility of competition as an argument for sucking it up and cozying up to the monopolist, who has structured your arrangement with them to limit your freedom and recourse as much as practicable.

A profit motive doesn't magically make the human foibles that the "Gubmint is baaad" crowd insists will lead to the end of human freedom — and puppies, too — more manageable, or less dangerous to the rest of us.

[kodablah]

> How does that square with it being an implicit goal of most companies to own their entire market, eliminating that choice?

Oversight. If you want meaningful competition and don't have it due to harmful monopolization, that's the government's problem to solve. Nobody's asking for self-regulating companies here. It's very important to understand which forces can or cannot actually eliminate competition and choice. If there is a path towards choice, I'll take it. Often that path is unclear of course.

[rosser]

The government which we're "stuck" with, and which we shouldn't trust because it's actively dangerous to our freedoms, is what's supposed to protect those freedoms from predatory companies?

How's that working out for us?

[stevew20]

As a US citizen, and a former service member, and I can confirm that most independent businesses and corporations are more trustworthy than the US government.

[AlphaOne1]

Personally, I see a lot of similarities between "big" government and "big" business in terms of potential for abuse and massive bureaucracy and neither is particularly trustworthy (they are both composed of individual human beings with motives and desires). The major difference is that the government can abuse its power in the name of the "public good". Plus every business is beholden to the market and will go out of business if it does not provide what the public wants. What I am worried about is that we soon have a situation where the regulators that are intended to protect the consumer from abuse, prevent newer more ethical competitors from gaining market share. This happens a lot in the US where big business and big government form a sort of symbiotic relationship to maintain the status quo

[drucik]

Maybe I'm just naive European, but I'd say that allowing companies to lobby the government does not turn out that great for 'the people'

[mrweasel]

I really do agree with you, a Facebook account isn't a right you have. You can just not use Facebook if you disagree with their terms of service.

The only problem is: Facebooks terms of service isn't really reasonable, and most people won't understand the implications. As I understand the GDPR one of the goals is to give users a set of rights, in regards to their data. These right cannot, under any circumstances, be violated, just as you can't bond yourself into slavery or sign away your right to free speech.

Facebook and others are currently trying to find loophole, like with the cookie-law, except this time the EU did it's homework and companies won't get of with such simple solutions. Really if Facebook believe they can't do business in the EU after the 25th of May, due to the GDPR, then they shouldn't. Just close of all EU activities. Of cause I understand why they won't, the company would lose a good chunk of it's value, but it will anyway if it can't find a way to legally operate under the GDPR.

[zero_intp]

it is extremely possible to sign away one's free speech; this is the heart of a non-disclosure agreement.

[mrweasel]

No, that says: If you choose to exercise your free speech on this one particular area, then the consequence will be severe. The result will be that most people would opt to follow the NDA, but you're still allow to say whatever you want.

[mijamo]

In North Korea as well you are free to say what you want, the consequences are just severe as well in some particular areas.

[Lionsion]

> what? seriously? Do EU citizens have some kind of legal right to Facebook access, now? It's illegal for Facebook to not serve people they can't sell to advertisers?

Facebook doesn't have a right to track people in the EU without gaining their consent to it in a way that complies with EU law.

EU citizens have a legal right to expect that Facebook will comply with European consumer protection laws.

If Facebook doesn't want to properly comply with EU regulations, they're free to totally withdraw from the EU market. Otherwise, it can expect penalties for its willful noncompliance.