[ovao]

I think the issue is that it really hasn't been a "take it or leave it" environment in the past years. Things have been done against the interest of user privacy by burying the explanations in long privacy policies filled with legalese, and in the general underhandedness of data exchange between multiple parties. The inability to remove data you've provided to a website, too, I think is problematic in ways.

I'm a big proponent of user control, and a similarly big proponent of businesses taking much greater responsibility for the data they collect (my data was part of the Equifax breach, so I certainly get it). I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that.

If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever.

[jkaplowitz]

You lose the power to participate in Facebook-only groups, which are surprisingly prevalent in some places. I have very limited access to two communities here in Montreal that I'd otherwise get a lot of value out of, because their only online communication system is via Facebook.

I've told Facebook to pound sand for roughly their entire existence - never had an account even though I had the chance right after they expand beyond Harvard - and am considering whether life circumstances will increasingly force me (in practical rather than literal terms) to sign up.

A company in that semi-mandatory position deserves lots of binding rules to protect the rights of unwilling users, just as is true for electric companies since you rarely have much choice there.

Plus, I don't think Facebook's massive wall of several huge interlinked policies with soft-pedaled descriptions of what they do meets either of your A and B criteria, especially not when it's modally interrupting the user.

[s73v3r_]

"I think the issue is that it really hasn't been a "take it or leave it" environment in the past years."

What? Yes it has.

"I am, however, leery about laws that essentially bind a business's hands in terms of how they can and cannot monetize on users, even when as there's A) clarity and B) honest, plain and upfront disclosure about how they do that."

I'm not, mainly because business has been shown that they absolutely cannot be trusted with that. They have abused the privilege, and so they had their toy taken away. If you want to be upset at someone for that, blame the businesses for not reigning in themselves, not the governments for doing what their populaces wanted.

Not to mention, A and B almost never, ever exist.

"If a business tells me to agree to onerous terms to which I could never agree or to go pound sand, I'll gladly go pound sand. As a consumer, I lose no power there whatsoever."

You've lost all power in that relationship, because you have no power to bargain. You have no power to negotiate. And while you'll gladly go pound sand, not everyone is in a position to do so.

[ovao]

Can you give me an example of someone who isn’t in a position to — in simple terms — take their business elsewhere when it comes to dealing with some sort of online company with whom they’re voluntarily sharing data?

[s73v3r_]

Lack of alternatives, for one. Second would be someone for whom the rest of their social network is on Facebook, and they use Facebook as a primary communications source. I know nobody would be willing to sign up for another network or use another messenger just because I don't want to use FB messenger. I cannot get behind the idea that ostracizing yourself from there rest of your friends and family is an acceptable thing.

Turn it around; why should Facebook be allowed to have "take it or leave it" terms? Why should we as a society allow that? And don't just say, "It's their business;" I don't find that to be a compelling reason. Why should users not have the control over their data that the GDPR brings?

[ovao]

I believe users should have control of their data. I don’t have any issue with the GDPR in that respect, and that’s not what I’ve taken issue with. When you say “no thanks”, that’s a user exercising control over their data, and is an action which necessarily involves no governmental body.

I take issue with this specific stipulation that — even with clear and upfront user consent — a business simply cannot operate in ways that are A) not opposed to the safety or health of their users and B) potentially necessary to succeed in the markets in which they participate.

[s73v3r_]

"I believe users should have control of their data."

If you believe the only way they should be able to do that is to become a digital hermit, then you don't really believe that.

"When you say “no thanks”, that’s a user exercising control over their data, and is an action which necessarily involves no governmental body."

What about Facebook's shadow profiles?

"a business simply cannot operate in ways that are A) not opposed to the safety or health of their users"

There is nothing about the GDPR that opposes this. Not a one.

"B) potentially necessary to succeed in the markets in which they participate."

This most assuredly is not part of the GDPR. If the only reason your business has a chance of succeeding is by ignoring user privacy and ignoring the safety of user data, your business does not deserve to succeed.

[ovao]

I'm sorry, but we can't have a productive discussion if you're simply going to mischaracterize what I've said and make false assertions as to what my own beliefs are.

I've been cordial to this point, but if cordiality isn't there on both sides, there's no point.