[gonmf]

There is no legal right to Facebook, but if Facebook wants to do business here, it has to abide by our rules. And our rules are very simple, you cannot deny service because the user doesn't allow tracking if tracking is not necessary for your service to work. And it isn't in this case, it's only necessary to deliver higher paying ads.

Since they are being selective on the users they accept based on being tracked, they are now on track for another EU fine.

[ovao]

It's disconcerting to me that under the GDPR, online businesses appear to be losing the ability to deny services to a user who knowingly, and with clear consent, chooses to take personal responsibility over the data they provide to said businesses.

Regardless of whether this is for the "greater good", this is deeply unsettling territory.

[mrweasel]

You're not allow to operate that way in most other businesses anyway. You can't sell leaded paint, even if clearly marked. You can't sell unsafe cars, even if you tell people that even low speed impacts will kill them.

There's a ton of stuff you can't do, even with clear consent, because otherwise people who lack the means to understand the compromises or afford the safer choices will suffer.

[tlrobinson]

Those are safety/environmental issues. Showing you ads based on your preferences is not.

[mrweasel]

You could easily argue that tracking users behaviour is a safety issue. But fair enough, how about the loan business, you aren't allowed to charge overly high interest on loans. That's neither a safety or environmental issue.

[ovao]

Predatory interest rates frankly don't concern or particularly bother me. I think, for me, that only becomes a point of concern if a person is simply mentally unfit to make such decisions for themselves. In such cases the general guidance that someone else deemed fit should be responsible for that person's decisions applies, which goes back to the point you made earlier.

[rosser]

Even when those usurious, predatory rates are disproportionately charged to poorer people, who can afford to bear them less? Because that's how it works: price discrimination against the people least able to bear it.

But, hey. Why should I care, if I'm not getting charged those rates, right?

[barrkel]

And if those ads tip an election based on psychological pressure points chosen on the basis of your preferences? That's an even bigger risk than safety and environmental issues in my book.

[rosser]

It has been repeatedly demonstrated that machine learning can reliably predict when, for example, a bipolar person is going to enter a manic phase.

Should ad companies be able to model someone's mental illness and show them ads for gambling sites, or whatever, when their brain is acutely more susceptible to them?

[cdancette]

I think we're underestimating the global health issue due to online advertisement (alcohol, smoking, or just bad eating habits). And I'm not speaking of attention disorder of so-called 'multitask kids' caused by social media that have business models based on ads, and do everything to grab your attention

[dbbk]

If you believe Apple and Microsoft's CEOs, privacy is a human right, so I suppose that would put it up there.

[briandear]

False equivalence. Lead paint has the ability to harm others beyond the person making the purchase. Comparing Facebook to lead paint regulations is ridiculous.

This is nothing more than a digital drug law: “You can’t choose what services you consume because we are determined to protect you from yourself, like it or not.”

[icebraining]

The idea that FB, and personal data tracking in general, doesn't harm third parties is not universally agreed upon.

[e12e]

Maybe a free public toilet that simply demands the right to broadcast a videofeed of its customers is a better analogy? Be they minors or not?

[waisbrot]

How did you determine "knowingly, and with clear consent"?

I guess I'd agree that if someone wrote a 5 page paper describing all the ways that Facebook harvests their data and what might be done with it afterwards then they should be allowed to do what they want? But I suspect most people would be like "uhhh, I think they, um, know what pages I liked? And maybe they use that for ads?"

[ovao]

I'm not referring to Facebook specifically. The dialog that Facebook's displaying to EU users (according to the tweet) isn't actually very clear in itself about what they're asking users for.

"Clear consent", in my mind, would be something along the lines of "we use tracking cookies and tracking on widgets third-party websites embed, as well as the data you provide to us in terms of posts, comments, photos and other content to personalize the ads you see". If you accept those terms, well, then you certainly can't be surprised when Facebook — or whoever — does precisely that.

[icebraining]

Your phrasing is confusing. Why would the business want to deny services to a user who chooses to take personal responsibility over the data they provide?

[ovao]

Sorry if it wasn't clear. I'm suggesting that a business should have some right to deny service to a user who chooses not to participate in tracking, so long as it's made abundantly and plainly clear to said user that they'd be tracked, and that the user consents to that.

Based on my interpretation, the GDPR simply precludes that possibility.

[dbrgn]

I assume if you made a business where the user can sell their behavioral data for a service in return, and if the whole goal of the business was selling data in return for a service, then I would interpret the data collection to be strictly required for the business goal and thus legal under the GDPR (given explicit consent).

The official goal of Facebook is not "buying your data" but "providing a social network". Thus, targeted ads are not strictly necessary for providing that service.

[icebraining]

I think the data must be actually necessary for the thing you're providing to the user. So if you're paying cash in exchange for data, that wouldn't be allowed, because you don't need someone's data in order to give them cash.

[s73v3r_]

I fail to see why. Without clauses like this, you'd be at the same place you were before, "Either agree to all of our completely invasive and probably unrelated terms, or go pound sand." The GDPR is shifting the balance of power back so that users do have some bargaining, not just the take it or leave it that's been so prevalent for so long.

[ovao]

I think the issue is that it really hasn't been a "take it or leave it" environment in the past years. Things have been done against the interest of user privacy by burying the explanations in long privacy policies filled with legalese, and in the general underhandedness of data exchange between multiple parties. The inability to remove data you've provided to a website, too, I think is problematic in ways.

I'm a big proponent of user control, and a similarly big proponent of businesses taking much greater responsibility for the data they collect (my data was part of the Equifax breach, so I certainly get it). I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that.

If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever.

[jkaplowitz]

You lose the power to participate in Facebook-only groups, which are surprisingly prevalent in some places. I have very limited access to two communities here in Montreal that I'd otherwise get a lot of value out of, because their only online communication system is via Facebook.

I've told Facebook to pound sand for roughly their entire existence - never had an account even though I had the chance right after they expand beyond Harvard - and am considering whether life circumstances will increasingly force me (in practical rather than literal terms) to sign up.

A company in that semi-mandatory position deserves lots of binding rules to protect the rights of unwilling users, just as is true for electric companies since you rarely have much choice there.

Plus, I don't think Facebook's massive wall of several huge interlinked policies with soft-pedaled descriptions of what they do meets either of your A and B criteria, especially not when it's modally interrupting the user.

[s73v3r_]

"I think the issue is that it really hasn't been a "take it or leave it" environment in the past years."

What? Yes it has.

"I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that."

I'm not, mainly because business has been shown that they absolutely cannot be trusted with that. They have abused the privilege, and so they had their toy taken away. If you want to be upset at someone for that, blame the businesses for not reigning in themselves, not the governments for doing what their populaces wanted.

Not to mention, A and B almost never, ever exist.

"If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever."

You've lost all power in that relationship, because you have no power to bargain. You have no power to negotiate. And while you'll gladly go pound sand, not everyone is in a position to do so.

[ovao]

Can you give me an example of someone who isn’t in a position to — in simple terms — take their business elsewhere when it comes to dealing with some sort of online company with whom they’re voluntarily sharing data?

[s73v3r_]

Lack of alternatives, for one. Second would be someone for whom the rest of their social network is on Facebook, and they use Facebook as a primary communications source. I know nobody would be willing to sign up for another network or use another messenger just because I don't want to use FB messenger. I cannot get behind the idea that ostracizing yourself from there rest of your friends and family is an acceptable thing.

Turn it around; why should Facebook be allowed to have "take it or leave it" terms? Why should we as a society allow that? And don't just say, "It's their business;" I don't find that to be a compelling reason. Why should users not have the control over their data that the GDPR brings?

[crankylinuxuser]

Your account has been suspended for the foreseeable future for breaking the terms of service.

No we will not tell you what you did. You already know what you did.

Our automated systems found your policy violation and acted appropriately. They are beyond your comprehension or refutation.

You may not talk to a person regarding your dismissal. It is against policy to discuss active or closed issues.

You have no recourse other than social media or tech websites, and beg. And we still will likely not care.

--Care of US tech companies.

....So, you want to live with rules for companies that allow this kind of egregious and arbitrary actions? I sure as hell don't. Want to see what this stuff devolves to? Look no further than Comcast and ilk.

[kazinator]

> They are beyond your comprehension or refutation.

Where by "your" we mean "one's", i.e. effectively "our".

[crankylinuxuser]

I was writing the first part as a US company would say to a user.

"Your" in that context was from the company to the user they wronged.

[ovao]

Either we’re not talking about the same thing, or I don’t quite understand how your comment relates to mine. I really can’t answer your question.

[Marysville]

It's like seat belts. You cannot sell a car without seat belt regardless of customer's choice. The customer's choice come later whether or not he wants to put on the seat belt.

Car = Service

Seat belt = Tracking protection

[ars]

And if higher paying ads are necessary for the service to work?

Or do you foresee this being like drug prices, where the US subsidizes drug development for the world?

[icebraining]

They aren't, though. There are other ways of making money. Like charging people. If people won't pay, well, worst things could befall the Union than Facebook leaving.

[cortesoft]

Why can't they charge you in data? If they present the deal to users as, "let us track your data, and in return you get to use facebook", is that not a trade that should be allowed? Isn't part of being able to 'be in control' of your data being allowed to sell it yourself?

I think the key point is being clear about the trade. I think FORCING all websites to only be paid for by cash is bad; you should be able to trade your own data for access to a service.

[icebraining]

Why can't they charge you in data?

Because "In the EU, personal information cannot be conceived as a mere economic asset: according to the case law of the European Court of Human Rights, the processing of personal data requires protection to ensure a person's enjoyment of the right to respect for private life and freedom of expression and association".

https://edps.europa.eu/sites/edp/files/publication/16-09-23_...

[ars]

So what you are saying is that the EU should tell Facebook they can not make money by having ads, instead they need to make money by charging people?

Is that typical, for the EU to get that involved in business decisions?

[icebraining]

Well, first, ads are not the problem, tracking is. Also, they can make money from tracking, but they have to convince people to consent - more like a donation than a payment.

But yes, the EU does get involved in plenty of business decisions, just like governments everywhere. Usually when an industry is misbehaving and violating what is established (e.g. by the ECHR) as the rights of individuals.

[ars]

> But yes, the EU does get involved in plenty of business decisions, just like governments everywhere.

Obviously. But that's not what I meant.

They did not say "tracking is illegal", they said "it's illegal if not necessary".

Are they then say: "It's not necessary because if you completely restructured your business you wouldn't need to track."

That's the part I meant - do they really go to that level of detail?

[icebraining]

Sorry, I don't really know, my knowledge of EU directives related to companies is sparse at best.

[vidarh]

Then Facebook is free to withdraw from the EU market, and someone else will take their place in the EU.

[stedaniels]

I'd be more understanding of your comment if Facebook was only just making a profit. However we both know it's raking in the cash.

[ars]

Are you saying this law should decide if someone is making "enough" money, before deciding if profit is necessary to provide a service?

[halfdan]

Given their de facto monopoly I'm not sure "There is no legal right to Facebook" is correct anymore. It's sort of like the internet where if you were denied access you'd have a significant disadvantage in society - it could easily be argued that denying access to Facebook gives you a similar disadvantage.

At the end of the day this will need to be decided in courts.

[BlackDeath3]

Personally, I'd really not like to see a precedent set for a company entering a market, doing very well, and then being legally compelled to provide their product as some sort of legal right to an entire population. It might be a different story if said company is employing anti-competitive practices, but telling somebody that they're now legally obligated to serve a community because they're just too good at what they do, or so popular that nobody else can best them, seems a little too authoritarian for my taste.

[jkaplowitz]

Oh, they're allowed to withdraw from the market, or decouple the privacy-invasive bits and find a way to make that work financially when users don't opt in to those. Nobody's forcing them to serve Europe if they insist on being this awful regarding mandatory tracking. They're free to allow space for a competitor to grow with a different attitude toward privacy.

[BlackDeath3]

Right, I'm not talking about withdrawing from the market, I'm talking about remaining in the market and being allowed, as a private company providing a private service, to freely associate.

I have no qualms with a competitor starting up to serve those denied by Facebook, but let's not muddy the water by equivocating a monopoly as a result of anti-competitive practices with one that forms simply because nobody wants to use anything else.

[jkaplowitz]

Restrictions on how private parties can provide a private service are ubiquitous in every market. In the US, home-cooked meal startups get shut down because their uninspected kitchen doesn't meet commercial standards. In Ethiopia, you need a local entity with an IT license (seriously) to import a Dell server that you've already purchased. In Canada, you can't agree to an employment contract that allows for zero-notice zero-compensation firing when you didn't do something extreme like steal. Etc.

I don't think most of the people who find Facebook convenient for coordinating groups actually choose the tracking knowingly and willingly (at best begrudgingly), nor do they choose to exclude the people who object more proactively to those things even when that's the effect.

Society's legislative and regulatory choices have a valid role to fix negative externalities of what economic actors would otherwise naturally do. Natural monopolies/oligopolies like electric companies, highway operators, and Facebook are all worth regulating for roughly the same reasons - even according to Orthodox free-market undergraduate microeconomics 101.

[BlackDeath3]

> Restrictions on how private parties can provide a private service are ubiquitous in every market...

I'm speaking more about "ought" than "is" here. I don't see any reason why Facebook should have to choose between serving everybody, regardless of the regulatory burden that it places on them, and taking a hike from the global market entirely. I'm not saying that they won't be forced to do so anyway.

> ...I don't think most of the people who find Facebook convenient for coordinating groups actually choose the tracking knowingly and willingly (at best begrudgingly)...

And yet, they've probably chosen it all the same. In the hypothetical scenario where somebody has a metaphorical (or literal) gun to somebody's head, forcing them to use Facebook, I don't see how Facebook themselves can be blamed for this, and simply chalking this sort of thing up as a "negative externality" and saddling Facebook with the burden seems to be weaselly way of making Facebook to the will of somebody who just can't bear to give it up.

You can't always get what you want. Some of us would do well to internalize this a bit.

[BeetleB]

>it could easily be argued that denying access to Facebook gives you a similar disadvantage.

It is a lot easier to find people like me who never had FB accounts and who can testify that not having one has not impacted my life.

[totony]

What if you provided an alternate access model?

E.g. allow them to either sign up to the tracking or pay 100$/month for access

Tracking would not be mandatory to access the service, as the alternative way (to pay for the service) is available

[zerostar07]

What is facebook's business? Targeted advertising. They don't sell you a friends management system for $0, they sell targeted ads to people who expect to receive targeted ads, and tracking is necessary for that.

The same can be said about google's search service. The search still works, but adsense and adwords won't work without your private info. And google can claim it doesn't sell search, they sell ads.

[KozmoNau7]

It's not strictly about which services you are selling, it is about which services you are providing, and Facebook absolutely provide a social network website/app. Google absolutely provides search and email.

[andai]

As an EU citizen I am offended by this regulation.

[akie]

How? I mean, why are you offended by this attempt to curb the data that companies can collect on you without your consent?

[kodablah]

How this reads: How are you offended by attempts to curb terrorism? How are you offended by attempts to save the children?

We can agree on intent and disagree on practice. I disagree with the GDPR in practice, but agree with its intent. I think there are many other ways to tackle these problems, and this is probably the worst one (especially to start with assuming this is the first really enforced one).

[mrec]

Somewhat ironically, as a (UK) Leave voter I rather like it.

[simonbarker87]

Voting to leave doesn’t automatically mean one has to dislike all laws from the EU. It’s ok to want to leave the EU whilst also liking some aspects of what it brings us. As a person who voted remain this has been one of the most frustrating things about the whole Brexit situation, it’s like it has to be a binary status: one either loves the EU and everything about it or you hate the EU and membership brings no benefits at all.

I don’t think it’s ironic that you like this law, I think it’s understandable that you would if you have privacy concerns and, given T. May’s choices over the years, you were unlikely to get it without membership to the EU.

[mrec]

I couldn't agree more; I too get frustated by the degeneration of most public debate. Personally I was very much on the fence, leaning net Leave on the meta level (major constitutional change should not happen without a popular mandate) but net Remain on the object level (especially on things like digital rights, where the UK has a long and sordid history of tin-pot authoritarianism long predating T. May).

[spullara]

Since they use that data to sort your feed I think they can argue it is necessary for the service to operate.

[KozmoNau7]

It is not essential that they sort my feed, though. Everything still works perfectly fine with a simple chronological feed.

None of the tracking they do is essential to the service they ostensibly provide to their users, namely as a microblogging/discussion/sharing platform.

[rock_hard]

I don’t think most users would find value in a product like Facebook or Google without ranking actually.

I bet that nobody would! Ranking is what makes these products work...and it requires data to do the ranking.

[KozmoNau7]

Why do you think ranking is important? A simple chronological news feed should be perfectly fine.

Sure, rank search results based on how many users a given group has, and put the most popular ones at the top. That doesn't require violating anyone's privacy.

[rock_hard]

Trust me, if ranking had no value...no product team would bother implementing it.

The reason ranking is used left and right these days is because it makes products dramatically better.

[KozmoNau7]

And they are certainly allowed to do ranking. But they can only do it on non-PII data, on data that has been deliberately made public, and on data which people have consented to its collection and storage with unequivocal opt-in.

[HumanHater]

In that case Facebook should offer user a choice between paying for the service directly or letting advertiser to do that. I doubt that any nontrivial amount of users would choose to pay even $100/year so that wouldn't change anything for Facebook. However it could be enough to comply with weird EU regulation.

[andai]

I heard recently that Facebook was considering this and would have to charge $11 per user per month to make up for the ad revenue.