The article is quite clear on what the issue is. Meta needs explicit consent to do this kind of targeting. With consent, there is no issue. The tracking itself is not illegal, but doing it without consent is illegal.
Yes, except that Meta is being legally compelled to provide the services regardless of whether the user consents.
They are basically being forced to separate the part of their business that actually makes money from the part that users like and then forced to lose money on those users.
I would be fine about laws requiring facebook to be up front and clear about how they are using this data, but mandating free rider status seems a step too far.
> Yes, except that Meta is being legally compelled to provide the services regardless of whether the user consents.
I mean, obviously they are compelled to do that and this is completely fine.
As users people should not be blackmailed into accepting psychological manipulation in their lives, just to be allowed to use a service. If Facebook's model for profit is so bad, that they cannot profit without manipulation, then perhaps their whole business is a shady one and they should start asking for membership fees. I could not care less, whether they need their pesky ads or the data from people viewing and interacting with them. Without consent they don't belong on the users' screens, end of story. If they cannot do business ethically, I wish they would not do business at all.
> I would be fine about laws requiring facebook to be up front and clear about how they are using this data, but mandating free rider status seems a step too far.
It has nothing to do with "free riding". They offer a service and that service should be worth its weight to the users. If it isn't, then apparently it is not a good enough service. To get back the money through the back door, by utilizing manipulation of users and spreading hate-speech for engagement metrics is not OK.
I think the logic of people not wanting their data/actions used for ad targeting being "free riders" is a step too far. Just target ads based on data I'm willing to be targeted on. Ask for it explicitly and I'll give the data (location, interests, whatever). But don't use the fact that I looked too long at a clip of a guitar on instagram to show me a targeted ad for a guitar in my facebook feed.
I didn't say that people who don't want to use their data for ad targeting are free riders, but they do become so when Meta is compelled to provide them services even if it is at a loss. It is literally definitionally free ridership.
Meta is free to charge for the services they provide. The EU isn't mandating that they provide services at no cost to the user. It's Meta's choice to finance those services with ad money.
“The prevalent regulatory approach in Europe is that currently advocated by the European Data Protection Board ('EDPB') in its Guidelines 05/2020 on Consent under Regulation 2016/679 whereby the EDPB provides in no uncertain terms that '[i]n order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information (paragraph 39 of the Guidelines)'." [0]
There was a recent decision in France suggesting otherwise, but this is not the opinion of the primary EU regulatory guidance nor has it been seriously tested. Either way, it will become fully illegal to refuse under the DMA.
What I mean is that I find the idea of giving users the impression that they are giving ip data for something else (For social network use) but using that data for ad targeting is wrong. And I agree with the GDPR (non-french interpretation) that services should not be conditioned on that use of their data. And I STILL don't think it's free ridership. They can show ads all they want. But they can't target them using data they didn't agree to. What it all comes down to is I don't think people should be ALLOWED to make the transaction of service-for-targeting, at all.
I agree with your first statement, but your second statement means that you think FB should be compelled to serve free riders. If you are being compelled to serve users that are unprofitable, a clear implication of the GDPR, then you are compelling free ridership. The difference between targeting and not is the different between net profit or not for many users.
I think the end game is that if ads are generally NOT targeted based on a huge volume of information, then the pay for ads with less targeting will go up. During a transition those who show pinpoint targeted ads while others don't will make more money. But eventually if the whole 2000-2025 era of ad targeting is confined to the historybooks, then we could have a better internet. And the amount of ad spend in total will be unchanged (perhaps some of money will return to print/tv etc. since internet ads will be relatively less effective). But the bottom line is I think it SHOULD be profitable to show ads with less targeting, not that it WILL be. And I think regulators have the power to ensure that this is the future.
> The difference between targeting and not is the different between net profit or not for many users
I don't think it's a bad idea to have regulation that makes entire regions of an industry unprofitable over night, if that's what it takes.
> If you are being compelled to serve users that are unprofitable, a clear implication of the GDPR, then you are compelling free ridership.
Facebook are the ones who've structured their business like this though — they could profitable with a subscription model instead, they've just chosen to make their product free at the point of use.
A service provider must provide its offerings regardless of the user accepting to be tracked or not. The provider is not even allowed to make it cumbersome to opt out.
If Meta doesn't like it they're free to either be fined into oblivion or, alternatively, to just fuck off from the European market.
It's been a while since I read the GDPR so I could misremember, but I don't remember anything similar to this assertion.
While I don't think it will work on the scale FAANG wants (see e.g. Youtube premium), what is the legal roadblock to let users chose between tracking or paying for the service?
It is literally illegal in the EU, I am pretty familiar with this regulation. This is both from ECJ decisions on gdpr and will also be codified in the DMA
>Although it took the view that “Pay or Okay” could be permissible in principle, it found that the approach taken by the news outlet didn’t comply with the law because it didn’t provide the option to specifically consent to certain purposes
Cheers. It is comical that so many in this thread are suggesting that the GDPR is super clear and not subject to uncertainty given this crazy patchwork of decisions and countermands.
It's still very up-in-the-air since the EU-wide regulation should be uniform. I hope the pendulum eventually stops in a way more privacy friendly place than those recent french ones. Yes it would be a pretty harsh stroke for the business model of some companies (social media, for example) but the alternative seems much worse.
Fair enough, these decisions are recent and are in conflict with other decisions in other countries around the GDPR as well as past guidance from European regulators (the EDPB explicitly said that this was not allowed in 2020). I also don't think you can really say with a straight face that this is a decision that a company like Meta could comfortably rely on, the regulatory uncertainty here is still extremely high.
It also requires a court to decide that your fee is a “reasonable” one and you cannot just refuse access outright - you must make your content available to the non-consenting user.
Regardless, all of this will be illegal anyways once the DMA comes into effect. And I still think, national exceptions aside, that my description of the current state of EU law was accurate:
"The prevalent regulatory approach in Europe is that currently advocated by the European Data Protection Board ('EDPB') in its Guidelines 05/2020 on Consent under Regulation 2016/679 whereby the EDPB provides in no uncertain terms that '[i]n order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information (paragraph 39 of the Guidelines)'." [0]
I have doubts on how effective these type of consent based system are. I for one always click “accept all” and move on for most websites I am on. Average layman has very little time the effort needed to understand and customize the consents are quite high. Not to say they purposely make the UI hostile in those consent popups. For me anyway GDPR has been largely a waste of bureaucracy, a better effort would be to educate populous about what cookies are and how tracking works and the extent of the trackings etc - these stuff should be in High School curriculum already by now.
Any site that uses a dark pattern like only having "Allow all" and "Show purposes" is in clear violation of the GDPR, and they could just as well have just ignored showing anything! The regulation is clear that opting out should be as easy as opting in. A conforming consient dialog has a "reject all" as well as an "allow" button.
And when they do, I always click "reject all". I think most people would - which is why I guess some sites still try to use those dark patterns. I'm still waiting for a big regulatory fine to make an example. If a known company is fined almost out of existence due to lack of a reject button, I think there would be instant self-regulation here.
> For me anyway GDPR has been largely a waste of bureaucracy, a better effort would be to educate populous about what cookies are and how tracking works and the extent of the trackings etc - these stuff should be in High School curriculum already by now.
Don't confuse the GDPR with "cookie banners" though. That's the end user visible tip of the iceberg. The biggest premise (and in my opinion the genius of the regulation) is that the end user is not required to know or understand anything. Instead, the people handling their data should. And if nothing else, it really has forced everyone (often even outside the EU) to think twice about how their data is stored and retained. And that's huge positive even if cookies were never a thing in gdpr.
Didn’t the EU recently cut a deal where the data from EU can be transferred to US without any legal ramifications [1]? So then this just goes to show it’s just about adding another layer of bureaucracy instead of caring about protecting user data.
They are basically being forced to separate the part of their business that actually makes money from the part that users like and then forced to lose money on those users.
I would be fine about laws requiring facebook to be up front and clear about how they are using this data, but mandating free rider status seems a step too far.