So instead of making their system less-privacy-invasive (which I have seen no indication should be impossible wrt the APIs mentioned here), they just shut down services where this is regulated.
Not surprised, but there's no way to spin this in a way that doesn't make Facebook look shady and bad. So much for "working with regulators".
"We are currently working to restore these features and will continue to update this document and the changelog section with the details as they are available."
Doesn't this suggest that they aren't being shut-down?
Various websites not available in europe are saying stuff like
> Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market.
and have done so for years.
Facebook's "currently" may be worth as much as the "engaged" and "committed" of those sites.
It might be temporary, but removing features "temporary" certainly sounds like being shut down, but temporary.
Interesting that Facebook and everyone else has been knowing that these rules have been coming for years, they still haven't been ready. Certainly reads like they haven't been working with anyone, and their last resort is now to temporary shut down the features they were unable to fix, during these years.
>Interesting that Facebook and everyone else has been knowing that these rules have been coming for years, they still haven't been ready.
There's being ready, but I think there's also some wariness that the penalties for non-compliance are so severe that it's not worth taking the risk.
When GDPR was first being proposed, I was at a startup in the messaging space, and we were in the midst of expanding into European markets. The level of effort to ensure compliance wasn't that high, but without established case law and a history of enforcement actions, it was deemed too much of a risk so we pulled back.
That reminds me of the many local and regional newspapers in the US that are owned by Tribune Publishing, and whose websites have been inaccessible in Europe since the GDPR went into effect. You'll be met with the following disclaimer:
"Unfortunately, our website is currently unavailable in most European countries. We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market. We continue to identify technical compliance solutions that will provide all readers with our award-winning journalism."
It's PR-speak to make the regulators look like the bad guys who took something from you that always-benevolent FB is working on your behalf to restore.
To honest, I think this is probably the begining of the end for Facebook. I foresee that they'll be forced to reduce services in Europe repeatedly. It'll be interesting to see what takes its place.
It might be the bigginning of the end of Facebook dot com, but Facebook as a company I feel will be here for a while. Facebook used to just be Facebook dot com but they've since become almost a tech conglomerate. The big tech firms are basically just holding companies for all the stuff they've acquired over the years.
they'll end up preying on the people in 3rd world countries that don't have strong privacy legislation. Same way as Phillip Morris did with cigarettes...
A similar example is sending garbage to China. At a certain point China stopped accepting it. Hopefully soon others will do the same and recycling will be tackled correctly.
The network effects has its limits. Messengers and social media platforms have so far resisted a winner-takes-all situation. Since social networks are still more often than not rooted within geographical boundaries, it's possible for competitors to coexist on a global level.
It'll be definitely interesting to see what Facebook is going to do if one of those bills that would require it to federate and/or provide an open API gets passed.
I don’t see FB shutting down a service like Watsapp in Europe in the next decade at least, first of all because countless European politicians use it, to say nothing of the hundreds of millions of Europeans who use it regularly. There’s nothing else comparable that can take its place.
I feel like all of these apps (with special emphasis on Telegram and Signal) have almost the exact same UX and features of WhatsApp... beyond adoption numbers.
Matrix is used by the French government [1] and the German military [2]. I’m honestly surprised Matrix isn’t robustly funded by the EU yet as an open competitor to US Big Tech.
I think this is very local. Here in Sweden I have only ever met one person who used Whatsapp. I feel most people use Facebook messenger with some use of Skype, Google Hangouts, Telegram, Signal and Slack.
Do telcos in US/Europe create the same incumbency that telcos in Latin America create?
Here in Mexico, any mobile data package comes with free data for blessed services like Whatsapp and FB Messenger. Obviously trying to compete with each other on these perks.
Using a competitor like Telegram is a complete nonstarter when trading memes or video chat eats into your data. The cheapest plan from Telcel (pay-as-you-go + holding 20 pesos in your balance) lets you use Whatsapp infinitely.
In Sweden they do not do that for messenger clients but they do it for video streaming sites. Data is so cheap here that a messenger would not be a good selling point.
It is probably illegal (on the paper we have net neutrality, the telcos just blatantly break the law) to do so in Sweden which why some telcos are in a legal battle with our regulatory authority.
> There's nothing else comparable that can take its place.
Nothing that can replace WhatsApp? A simple messaging app like hundreds of others out there? If they shut down tomorrow I don't think anyone would be impacted. People would just switch to one of those. Nobody in 5-10 years would be like "I miss WhatsApp".
They're trying to monetize WhatsApp through their Business API. They have a directory of Business Service Providers that can provide API access and integration services. Their partnership model is very convoluted and flawed, though, and it's hurting adoption.
Not yet, they are obviously moving into merging WhatsApp with Messenger/Instagram Direct, but it looks like these recent actions against FB (US Congress questioning monopolistic practices, FB having promises it would not merge WhatsApp with FB Messenger at the time of acquisition, and various privacy investigations from EU countries) are making FB go very very slow on this.
Therefore, so far FB only collects contacts and improves its social network (in the technical sense) with WhatsApp.
You can see what API calls do not work on the listed page. Most of those should not require any privacy breaking features so it should absolutely be possible to implement them legally. They just don't like to do so.
This is just speculation on my part, but if facebook implemented these API calls in a privacy-respecting way for the EU market, then it would be very easy for the US government to suggest that the already-existing privacy-respecting version should be used in their jurisdiction too. Maybe that's what facebook wants to avoid?
While Messenger is linked to our Facebook account state, where you can be arbitrarily banned for any reason without any accountability or recourse, the idea of relying on Messenger as a communcations app is an absurd proposition.
Problem with this is, that you have a massive number of users on facebook, and not wanting to do business using them, could be a massive hit to your sales.
I know people, who only look for businesses on facebook, ask for support questions there, and dont't care if the business doesnt have a full webpage, if it has a facebook page (and even if it has, sendin an email is a lot "harder" than just clicking "chat" on a facebook page, to ask something (eg. if they're open now, due to pandemic,etc.).
Seems like a huge hit to the myriad business-to-consumer chat startups that sell premium messenger experiences to brands for customer service etc. It’s also a hit to any business who has invested in chat as a service/sales channel, assuming that all chat APIs will be subject to the same limitations.
These APIs that are being limited have very little to do with user privacy and mostly impact usability. For example it looks like handoffs between chat apps are no longer possible in Europe- a company could have an entry point chat bot that routes to a live human, or routes to an order-taking bot. That routing is no longer possible without the “handoff protocol”.
It looks like users can no longer send attachments to a business either. (Or rather they can still send the attachment, but the business can’t use the api to access it?). I don’t believe this is a win for users and just shows some unintended side effects of EU legislation.
Unintended by the legislators, maybe, but I'd wager this punitive reaction by Facebook is very intentional. Many EU businesses are going to have their commerce and customer service flows break 9 days before Christmas. It will be interesting to see how much backlash from these businesses is leveled at the EU regulators and how much is directed toward getting off Facebook's platform.
This is desperately short on explanation? The very high granularity suggests that some features are more privacy-invasive than others, but not why that is.
While come January the UK won't be part of the EEA, at least initially GDPR will continue to apply as most EU law has been grandfathered into UK law post-transition.
Yes, but as far as I'm aware the question of whether the UK will be a "third country" for purposes of data transfer outside the EU after January 1 is still undecided?
(Where is Facebook's data center anyway, is it Ireland?)
The UK is subject to EU law and is part of the EEA today; they have to go on what's true now, not what may be true in a few weeks. In any case the UK will inherit most EU data protection rules; they'll presumably change the wording in January, but the rules won't change.
I've the initial impression that this will be a good step for reducing the drift of user content into other websites and spaces where messages or user data may end up outside of the context for which it was generated.
This means that data sharing between the US and EU is a lot more complicated, as the EU ruling basically says that US data protection regulations are not sufficient to comply with the requirements set out in the GDPR.
Sorry but epd (ePrivacy Directive)[0] is from 2002 with last amendments in 2009 and has nothing to do with this.
There's a draft for "ePrivacy Regulation"[1][2] introduced in 2017 that looks to replace ePrivacy Directive, but it's still in a draft and discussions stage. There's no guarantee it'll become a law.
Sorry but you’re mistaken. The original ePD applied to messaging services, ie, SMS providers. What changed this year is that a few months ago the EU decided that providers like Messenger should be covered by the regulation too.
It seems like some of these features were loading images directly from the client. So presumably this could have been used to get info like your browser and IP as your phone made the request to the server that they provided.
The recommended work around to to just send the link which now makes it explicit to the user that they are connecting to the third party.
We need a decent gdpr compliant business dependable rich messaging platform for europe. it is ridiculous, now the rest of the world has wechat, messenger, kakao and line, but in europe there is nothing.
Google chat is not business dependable because google shuts down and replaces its messaging product every 4 years or so. Teams is not a platform in the sense that you could not eg. start selling pizza to random endusers with a pizza bot. I mean something that can be a european wechat revolution.
Great news, I feel much safer now. Now I'm waiting for EU to completely ban computers, this way I will never be attacked by anyone online.
But seriously, if anyone had doubts what GDPR will achieve, I think this person is pretty naive. GDPR is not a progression, but a regression, and it will seriously hit (already does) online businesses in the long run.
Same thing with cookie warnings. No normal person will read tons of legal text on every website they visit. And even if the normal person will read it, they won't be able to decline the cookies, because the site will not work. But let's say you're a technically savvy person that is actually interested in cookie privacy; I'm really surprised you're not using "cookie autodelete"-style plugins already.
Creating laws only to have laws will never work. It only creates cost for everyone in order to be compliant. And people always go where the cost is lower.
> But let's say you're a technically savvy person that is actually interested in cookie privacy; I'm really surprised you're not using "cookie autodelete"-style plugins already.
I feel this is like saying "we don't need safety legislations at work because businesses take a hit trying to stay compliant, if you don't want to be hurt at work, I'm surprised you're not wearing a helmet already."
Thing is, I wouldn't need "cookie autodelete" style plugins in the first place if companies cared about data privacy.
You shouldn't wear a helmet because other people tell you need to wear it. Instead, you should wear it in order to be safe.
The problem with law is that only good guys abide the law. And you don't need to defend yourself from the good guys, only from the bad guys. And bad guys will violate the law anyway.
Not surprised, but there's no way to spin this in a way that doesn't make Facebook look shady and bad. So much for "working with regulators".