30 votes

Facebook argues that they don't need consent under GDPR due to users agreeing to a "contract" ordering personalized advertising

10 comments

  1. [9]
    nothis
    Link
    Heh, predictable. The bullshit with "consent" is that it basically just spams the web with "click here to agree" popups that people learn to click blindly. Same as the EU cookie policy. What we...

    Heh, predictable.

    The bullshit with "consent" is that it basically just spams the web with "click here to agree" popups that people learn to click blindly. Same as the EU cookie policy. What we need is a law that bans the practice, period. Staying transparent is also important and there should be information available on the website to those who search for it. But otherwise, just ban the damn practice of storing user data indefinitely. At least cross-site tracking information.

    21 votes
    1. [7]
      skybrian
      Link Parent
      I think I know what approximately what you want, but I think defining it clearly in law would be a bit tricky. Presumably this law would be worded so it doesn't imply that our photos and online...

      I think I know what approximately what you want, but I think defining it clearly in law would be a bit tricky. Presumably this law would be worded so it doesn't imply that our photos and online documents should be deleted automatically. After all, they are user data. And forwarding email or cross-posting messages could be considered cross-site user tracking.

      The terms would need to be defined so Facebook can't weasel out of them while at the same time not banning things we do every day and rely on.

      5 votes
      1. [3]
        nothis
        Link Parent
        I’m not saying it’s easy, but I don’t see how that’s an impossible task. One could start by separating content specifically posted (say, a blog post entry or an image on Instagram) and the myriads...

        I’m not saying it’s easy, but I don’t see how that’s an impossible task. One could start by separating content specifically posted (say, a blog post entry or an image on Instagram) and the myriads of meta information and tracking data that runs in the background.

        5 votes
        1. [2]
          skybrian
          Link Parent
          Yeah, it's not impossible and there are probably some bright-line rules that would help. But then you get into corner cases, like if someone take a photo of a crowd scene and posts it on Facebook,...

          Yeah, it's not impossible and there are probably some bright-line rules that would help.

          But then you get into corner cases, like if someone take a photo of a crowd scene and posts it on Facebook, and then someone else notices their friend and tags them. Or someone posts something on a public web page and then Google indexes it. Or just when is quoting people "fair use". And when does some whistleblower invade other people's right to privacy?

          2 votes
          1. nothis
            Link Parent
            Yea, it's a legal nightmare. But I think those are questions that will have to be answered, by law. Again, I think the most icky part about the way it's currently done is that so much is happening...

            Yea, it's a legal nightmare. But I think those are questions that will have to be answered, by law. Again, I think the most icky part about the way it's currently done is that so much is happening in the background and that this data can be sold and connected with other products without telling you (a "click ok here to run this" button isn't enough). This should simply be banned. I know that would kill huge parts of the ad business but that plain doesn't seem sustainable any more. We need alternatives.

            1 vote
      2. [3]
        ThatFanficGuy
        Link Parent
        I get what you're saying: "user data" as in "all content generated or uploaded by user on The Platform". May I argue a case where there's a distinction made between that definition of user data...

        Presumably this law would be worded so it doesn't imply that our photos and online documents should be deleted automatically. After all, they are user data.

        I get what you're saying: "user data" as in "all content generated or uploaded by user on The Platform".

        May I argue a case where there's a distinction made between that definition of user data and something seemingly more reasonable?

        See, when I think "user data", I think metrics. "Seen this", "liked this", "has this many posts on their feed". It's the things used to define you as a user of the platform. If I have visit-tracking on my website, then user data is the amount of visits recorded. If a user leaves a comment under one of my articles, then the content of their comment is user data. Not their name, not their username, not their IP: these all originate from the user, not from the platform, there are not mine to collect, store, or manipulate. (If they explicitly ask me to do so, for whatever reason, it creates a subject of its own.)

        In short, user's details is not user data. Their account on your platform may be, but not their name, not their date of birth, not their relationship status.

        How to encode that in a language that the legal department may operate on is beyond me.

        1. [2]
          skybrian
          Link Parent
          I'm having trouble understanding the distinction you're making. I understand that there's a distinction between user metrics that are gathered implicitly from users' browsers, versus the form...

          I'm having trouble understanding the distinction you're making. I understand that there's a distinction between user metrics that are gathered implicitly from users' browsers, versus the form fields that users fill in explicitly. But it seems you have some other distinction in mind?

          When I leave a comment in reply to a blog article, they typically ask for name, email, and comment, and I fill all three in explicitly. (Possibly with a bit of help from autofill.) My name and the comment need to be collected and stored in order to display to other users when they visit the page, or there wouldn't be any point. (Arguably, email should be optional, but in practice it's required and used for verification.)

          1. ThatFanficGuy
            Link Parent
            I'm thinking of a system where the data you come with (e.g. your real name, the username you had to enter to register, your date of birth) cannot be treated the same as the data you generate (e.g....

            I'm thinking of a system where the data you come with (e.g. your real name, the username you had to enter to register, your date of birth) cannot be treated the same as the data you generate (e.g. your comment's contents, the messages you send to your social-network peers, the likes you submit and accumulate). In this case, your photos are what you come with because you had to bring them to the platform, but the edits you make to that photo (not the resulting photo – just the edits) are generated platform content.

            The distinction in my head is that the platform may not need your permission to use the data you generate (unless it's a priori private, like the messages you send that aren't marked by the recepient as worrisome or spam), but they would need your permission to use the data you come with. If they want to use your comment to show how good their platform is (essentially turning it into a review), they may be able to use the comment's text, but they should ask permission to attach your name to it should they choose to use it.

            2 votes
    2. DanBC
      Link Parent
      The practice is prohibited. Consent is one basis for handling data, but it doesn't allow the data processor to do what they like. In Europe law is what's written in recitals and regulations, which...

      The practice is prohibited.

      Consent is one basis for handling data, but it doesn't allow the data processor to do what they like.

      In Europe law is what's written in recitals and regulations, which are then translated into national laws and written into (in the UK) acts and statutes, but also the courts then need to interpret it and case law is important.

      This works well until you have government agencies that don't prosecute because it means companies are free to implement weird schemes (eg, weird tax avoidance schemes, or here Facebook claiming they can do what they like because they have consent). These are likely not lawful, but we don't know until the regulators take action and some of them just don't.

      This was the most frustrating thing to me about the discussion around GDPR implementation - all the people who were saying it would end Internet business in EU. Anyone saying that has never seen how ICO (the UK information commissioner) operates - with the lightest of touches.

      3 votes
  2. annadane
    Link
    Here's the issue with "but you consented". People use this stuff to talk to their friends. Yeah you gotta advertise to make money off it but it should be as least destructive possible and you...

    Here's the issue with "but you consented".

    People use this stuff to talk to their friends. Yeah you gotta advertise to make money off it but it should be as least destructive possible and you shouldn't use algorithms to pit friends against friends.

    People don't have an alternative to Facebook. And if they did, they bought it.

    Please align the internal things you say amongst yourselves with the rosy view of Facebook Zuckerberg paints to the media

    5 votes