Hacker News new | ask | show | jobs
by Nextgrid 1050 days ago
It's only unclear if your business model is malicious and relies on finding innovative ways to breach it and pretend it's compliant.

The regulation is very clear: non-functionally-essential data processing requires explicit consent. If in doubt, err on the side of caution and use consent and opt-in rather than another legal basis such as legitimate interest. Business models based on stalking or spamming are no longer allowed.

Keep in mind that the objective of the regulation is not some punitive shake-down but to give people rights on how their data is used. A good-faith effort that accidentally falls short will be given guidance and a reasonable timeline to implement changes - there's no risk to ever get a fine as long as you err on the side of caution. You can also proactively ask your local regulator for guidance if something is unclear.
1 comments
whimsicalism 1050 days ago
Your own link indicates that they have gone back and forth on the guidance around "opt in or pay" models three times already.

As I have said, this model attempts to enshrine free ridership, which might work while there is the rest of the world subsidizes it, but it is not a sustainable model to force tech companies to serve users at a loss.

The objective of the DMA which will serve to enshrine the illegality of these models is to target American tech companies and European legislators have explicitly stated as such.

link
Nextgrid 1050 days ago
> this model attempts to enshrine free ridership

No it doesn't - you can still charge for a service.

It just makes stalking/spamming an unviable method of payment.

link
whimsicalism 1050 days ago
No, it makes it a legal method of payment as long as you permit free riders or alternatively you can pull up the drawbridge and charge all users for it, preventing poorer people from using the largest public squares in the world.

Free access to global communication is not a bad thing.

But this is besides the point: the guidance is absolutely not clear and if local regulators cannot even get their story straight I am not sure how you expect foreign companies to figure it out. And collecting information about how users use your property is not stalking.

link
Nextgrid 1050 days ago
> preventing poorer people from using the largest public squares in the world.

Advertisers aren't charities and the purpose of advertising is ultimately to drive profit. Subsidizing poor people is not in their interest.

The fact that poor people can currently access things for free is a result of imprecise targeting. If there was a way for advertisers to reliably tell apart poor people from the rich ones they'll happily block the poor ones.

Without laws like the GDPR in place to curtail data collection and profiling, it's only a matter of time before more and more data is collected to enable this kind of targeting and lock out poor people too.

> Free access to global communication is not a bad thing.

Global communication being subsidized (and thus controlled) by a handful of commercial interests is very dangerous.

> And collecting information about how users use your property is not stalking.

I'm not talking about basic self-hosted (very important difference!) web analytics or server logs here, I'm talking about large-scale stalking such as what Google/Facebook or any major ad provider does. The information they collect go way beyond what the user does on their platforms.

link
whimsicalism 1050 days ago
> The fact that poor people can currently access things for free is a result of imprecise targeting. If there was a way for advertisers to reliably tell apart poor people from the rich ones they'll happily block the poor ones.

You are absolutely wrong about that and you do not understand the business model. I am not saying it has anything to do with the goodness of their heart but this is absolutely not something that would be in their interest. They benefit from the networks effects just like the users do.

> Advertisers aren't charities and the purpose of advertising is ultimately to drive profit. Subsidizing poor people is not in their interest.

It is possible for self-interested action to have knockoff positive effects. In fact, it is actually quite common: most exchanges are mutually beneficial.

> I'm not talking about basic self-hosted (very important difference!) web analytics or server logs here, I'm talking about large-scale stalking such as what Google/Facebook or any major ad provider does. The information they collect go way beyond what the user does on their platforms.

If you read my original comment, you would see that I am in favor of banning cross-site stalking but that is both not what Meta is being fined for here and not the only thing the GDPR/DMA prohibits.

Targeting based on only your own platform is a good middle ground.

link
Nextgrid 1050 days ago
> Targeting based on only your own platform is a good middle ground.

I think it's still a problem because it's a grey area as to what "own platform" means exactly. Malicious actors will stretch that definition beyond what's reasonable.

Publicly-available data posted by the user seems fair, but things like scroll position, or the time you read a particular item, or forms typed but not submitted (all things I'm sure Facebook is absolutely collecting via client-side JS) should not be considered fair.

Either way, I'm personally in favour of ad-based business models getting shut down/being made unprofitable as it will ultimately realign the incentives, surface the true price of platforms and mean that we can finally have communication/entertainment tools that are designed with those primary purposes in mind as opposed to spam machines with the bare minimum amount of functionality sprinkled in. I want our online public squares to be accountable to their end-users rather than advertisers, and facilitate communication rather than outrage (what they call "engagement").

link