[ovao]

It's disconcerting to me that under the GDPR, online businesses appear to be losing the ability to deny services to a user who knowingly, and with clear consent, chooses to take personal responsibility over the data they provide to said businesses.

Regardless of whether this is for the "greater good", this is deeply unsettling territory.

[mrweasel]

You're not allow to operate that way in most other businesses anyway. You can't sell leaded paint, even if clearly marked. You can't sell unsafe cars, even if you tell people that even low speed impacts will kill them.

There's a ton of stuff you can't do, even with clear consent, because otherwise people who lack the means to understand the compromises or afford the safer choices will suffer.

[tlrobinson]

Those are safety/environmental issues. Showing you ads based on your preferences is not.

[mrweasel]

You could easily argue that tracking users behaviour is a safety issue. But fair enough, how about the loan business, you aren't allowed to charge overly high interest on loans. That's neither a safety or environmental issue.

[ovao]

Predatory interest rates frankly don't concern or particularly bother me. I think, for me, that only becomes a point of concern if a person is simply mentally unfit to make such decisions for themselves. In such cases the general guidance that someone else deemed fit should be responsible for that person's decisions applies, which goes back to the point you made earlier.

[rosser]

Even when those usurious, predatory rates are disproportionately charged to poorer people, who can afford to bear them less? Because that's how it works: price discrimination against the people least able to bear it.

But, hey. Why should I care, if I'm not getting charged those rates, right?

[ovao]

Given that a significant component to the determination of interest rates is risk, I don’t think one could reasonably expect a non-public system of lending to operate any other way.

We’re getting pretty off-topic though, so if you’d like to talk more, go ahead and shoot me an email (r at ovao dot la).

[barrkel]

And if those ads tip an election based on psychological pressure points chosen on the basis of your preferences? That's an even bigger risk than safety and environmental issues in my book.

[rosser]

It has been repeatedly demonstrated that machine learning can reliably predict when, for example, a bipolar person is going to enter a manic phase.

Should ad companies be able to model someone's mental illness and show them ads for gambling sites, or whatever, when their brain is acutely more susceptible to them?

[cdancette]

I think we're underestimating the global health issue due to online advertisement (alcohol, smoking, or just bad eating habits). And I'm not speaking of attention disorder of so-called 'multitask kids' caused by social media that have business models based on ads, and do everything to grab your attention

[dbbk]

If you believe Apple and Microsoft's CEOs, privacy is a human right, so I suppose that would put it up there.

[briandear]

False equivalence. Lead paint has the ability to harm others beyond the person making the purchase. Comparing Facebook to lead paint regulations is ridiculous.

This is nothing more than a digital drug law: “You can’t choose what services you consume because we are determined to protect you from yourself, like it or not.”

[icebraining]

The idea that FB, and personal data tracking in general, doesn't harm third parties is not universally agreed upon.

[e12e]

Maybe a free public toilet that simply demands the right to broadcast a videofeed of its customers is a better analogy? Be they minors or not?

[waisbrot]

How did you determine "knowingly, and with clear consent"?

I guess I'd agree that if someone wrote a 5 page paper describing all the ways that Facebook harvests their data and what might be done with it afterwards then they should be allowed to do what they want? But I suspect most people would be like "uhhh, I think they, um, know what pages I liked? And maybe they use that for ads?"

[ovao]

I'm not referring to Facebook specifically. The dialog that Facebook's displaying to EU users (according to the tweet) isn't actually very clear in itself about what they're asking users for.

"Clear consent", in my mind, would be something along the lines of "we use tracking cookies and tracking on widgets third-party websites embed, as well as the data you provide to us in terms of posts, comments, photos and other content to personalize the ads you see". If you accept those terms, well, then you certainly can't be surprised when Facebook — or whoever — does precisely that.

[icebraining]

Your phrasing is confusing. Why would the business want to deny services to a user who chooses to take personal responsibility over the data they provide?

[ovao]

Sorry if it wasn't clear. I'm suggesting that a business should have some right to deny service to a user who chooses not to participate in tracking, so long as it's made abundantly and plainly clear to said user that they'd be tracked, and that the user consents to that.

Based on my interpretation, the GDPR simply precludes that possibility.

[dbrgn]

I assume if you made a business where the user can sell their behavioral data for a service in return, and if the whole goal of the business was selling data in return for a service, then I would interpret the data collection to be strictly required for the business goal and thus legal under the GDPR (given explicit consent).

The official goal of Facebook is not "buying your data" but "providing a social network". Thus, targeted ads are not strictly necessary for providing that service.

[icebraining]

I think the data must be actually necessary for the thing you're providing to the user. So if you're paying cash in exchange for data, that wouldn't be allowed, because you don't need someone's data in order to give them cash.

[s73v3r_]

I fail to see why. Without clauses like this, you'd be at the same place you were before, "Either agree to all of our completely invasive and probably unrelated terms, or go pound sand." The GDPR is shifting the balance of power back so that users do have some bargaining, not just the take it or leave it that's been so prevalent for so long.

[ovao]

I think the issue is that it really hasn't been a "take it or leave it" environment in the past years. Things have been done against the interest of user privacy by burying the explanations in long privacy policies filled with legalese, and in the general underhandedness of data exchange between multiple parties. The inability to remove data you've provided to a website, too, I think is problematic in ways.

I'm a big proponent of user control, and a similarly big proponent of businesses taking much greater responsibility for the data they collect (my data was part of the Equifax breach, so I certainly get it). I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that.

If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever.

[jkaplowitz]

You lose the power to participate in Facebook-only groups, which are surprisingly prevalent in some places. I have very limited access to two communities here in Montreal that I'd otherwise get a lot of value out of, because their only online communication system is via Facebook.

I've told Facebook to pound sand for roughly their entire existence - never had an account even though I had the chance right after they expand beyond Harvard - and am considering whether life circumstances will increasingly force me (in practical rather than literal terms) to sign up.

A company in that semi-mandatory position deserves lots of binding rules to protect the rights of unwilling users, just as is true for electric companies since you rarely have much choice there.

Plus, I don't think Facebook's massive wall of several huge interlinked policies with soft-pedaled descriptions of what they do meets either of your A and B criteria, especially not when it's modally interrupting the user.

[s73v3r_]

"I think the issue is that it really hasn't been a "take it or leave it" environment in the past years."

What? Yes it has.

"I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that."

I'm not, mainly because business has been shown that they absolutely cannot be trusted with that. They have abused the privilege, and so they had their toy taken away. If you want to be upset at someone for that, blame the businesses for not reigning in themselves, not the governments for doing what their populaces wanted.

Not to mention, A and B almost never, ever exist.

"If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever."

You've lost all power in that relationship, because you have no power to bargain. You have no power to negotiate. And while you'll gladly go pound sand, not everyone is in a position to do so.

[ovao]

Can you give me an example of someone who isn’t in a position to — in simple terms — take their business elsewhere when it comes to dealing with some sort of online company with whom they’re voluntarily sharing data?

[s73v3r_]

Lack of alternatives, for one. Second would be someone for whom the rest of their social network is on Facebook, and they use Facebook as a primary communications source. I know nobody would be willing to sign up for another network or use another messenger just because I don't want to use FB messenger. I cannot get behind the idea that ostracizing yourself from there rest of your friends and family is an acceptable thing.

Turn it around; why should Facebook be allowed to have "take it or leave it" terms? Why should we as a society allow that? And don't just say, "It's their business;" I don't find that to be a compelling reason. Why should users not have the control over their data that the GDPR brings?

[ovao]

I believe users should have control of their data. I don’t have any issue with the GDPR in that respect, and that’s not what I’ve taken issue with. When you say “no thanks”, that’s a user exercising control over their data, and is an action which necessarily involves no governmental body.

I take issue with this specific stipulation that — even with clear and upfront user consent — a business simply cannot operate in ways that are A) not opposed to the safety or health of their users and B) potentially necessary to succeed in the markets in which they participate.

[crankylinuxuser]

Your account has been suspended for the foreseeable future for breaking the terms of service.

No we will not tell you what you did. You already know what you did.

Our automated systems found your policy violation and acted appropriately. They are beyond your comprehension or refutation.

You may not talk to a person regarding your dismissal. It is against policy to discuss active or closed issues.

You have no recourse other than social media or tech websites, and beg. And we still will likely not care.

--Care of US tech companies.

....So, you want to live with rules for companies that allow this kind of egregious and arbitrary actions? I sure as hell don't. Want to see what this stuff devolves to? Look no further than Comcast and ilk.

[kazinator]

> They are beyond your comprehension or refutation.

Where by "your" we mean "one's", i.e. effectively "our".

[crankylinuxuser]

I was writing the first part as a US company would say to a user.

"Your" in that context was from the company to the user they wronged.

[ovao]

Either we’re not talking about the same thing, or I don’t quite understand how your comment relates to mine. I really can’t answer your question.

[Marysville]

It's like seat belts. You cannot sell a car without seat belt regardless of customer's choice. The customer's choice come later whether or not he wants to put on the seat belt.

Car = Service

Seat belt = Tracking protection