10 votes

Vienna judge delivers "non-judgment" in GDPR Facebook case

13 comments

  1. [12]
    Bauke
    Link
    I don't remember where I read it, (maybe in a Reddit AMA?) but a privacy advocate recently (albeit jokingly) answered "How do you increase your privacy?" with "Don't use the internet." And this...

    Facebook allegedly does not violate the GDPR because users have entered into a "data processing agreement". If they don't want Facebook to misuse their data, users should simply leave the platform.

    I don't remember where I read it, (maybe in a Reddit AMA?) but a privacy advocate recently (albeit jokingly) answered "How do you increase your privacy?" with "Don't use the internet."

    And this judge out here really arguing this for real... 🤦

    8 votes
    1. nothis
      Link Parent
      I thought the GDPR more or less was made to counter that argument. They can't just hide anything they want in the small print of the EULA, there's rights you can't sign away.

      I thought the GDPR more or less was made to counter that argument. They can't just hide anything they want in the small print of the EULA, there's rights you can't sign away.

      11 votes
    2. [10]
      archevel
      Link Parent
      A few questions that are interesting to ponder: should people be allowed to sign away their privacy and if so to what extent? should checking a checkbox on a website and clicking ok be enough to...

      A few questions that are interesting to ponder:

      1. should people be allowed to sign away their privacy and if so to what extent?
      2. should checking a checkbox on a website and clicking ok be enough to agree to a contract?
      3. is Facebook such an essential part of society that limiting people's access to it is too harsh (unless they give up some privacy), i.e. should people just move if they don't like it?

      I think there should be more privacy laws in place so that storing and processing people's data is not allowed except in some settings (eg. science, some law enforcement).

      As for 2 the way we agree to different ToS and EULA should probably be standardized and limited to a few different levels of invasiveness. That way what is allowed to be done by companies can be limited.

      Lastly, while Facebook is big it doesn't seem like an essential part of the web. Ignoring tracking pixels and shadow profiles for a moment (those should just not exist), then not using Facebook is not really a sacrifice in my view, but YMMV.

      7 votes
      1. [2]
        Bauke
        Link Parent
        I do agree with most of what you're saying, but if it's fine for Facebook to illegally misuse people's data, then why not for another company like Amazon? Can you imagine trying to not use...

        I do agree with most of what you're saying, but if it's fine for Facebook to illegally misuse people's data, then why not for another company like Amazon? Can you imagine trying to not use anything Amazon-related or even Google-related? Someone with the necessary time and knowledge tried to do it for a bunch of these platforms and they say it's impossible... I can't imagine any regular people trying to do this.

        9 votes
        1. archevel
          Link Parent
          I do think a distinction should be made between using services hosted on AWS/GC/Azure vs using Amazon for purchases, Google for search etc. In the latter case I am the product and in the former...

          I do think a distinction should be made between using services hosted on AWS/GC/Azure vs using Amazon for purchases, Google for search etc. In the latter case I am the product and in the former from the providers perspective the buyer of the VM/hosting is a customer. If Google is using data collected from end users accessing their customers services that would be very bad.

          It seemed at a cursory read from the link you provided that the person tried excluding all things hosted by any of the big firms. I can see that being a problem, but that seems like a market failure more than anything. In my eyes it is a separate problem though.

          1 vote
      2. [7]
        vektor
        Link Parent
        Here's an idea: Any internet contract that is not very ad hod ("yes to all cookies, whetever") should require writing. As in, you enter your email address and receive a copy of the terms for later...

        Here's an idea: Any internet contract that is not very ad hod ("yes to all cookies, whetever") should require writing. As in, you enter your email address and receive a copy of the terms for later reference. Add in some requirement to make searching your inbox for contracts easier - a mandatory use of a certain keyword would suffice.

        I'm not saying it's a sufficient step, but it sure would help a lot if I could get an overview over all parties I have contracts with. That's how serious businesses like banks and e-retail do their contracts, and for good reason. Why is that not a requirement for the shadier types?

        1. [4]
          Gaywallet
          Link Parent
          This places the burden on the consumer. Not everyone has the resources to train themselves in law to the extent they need to appropriately understand what they are signing. The whole point of...

          This places the burden on the consumer. Not everyone has the resources to train themselves in law to the extent they need to appropriately understand what they are signing. The whole point of consumer protection laws is to prevent an entity with nearly unlimited financial means from using that means to exploit their consumers through legal loopholes.

          7 votes
          1. [3]
            vektor
            Link Parent
            As if anyone would ever read any contract. No, that's not really the point. The user agreement or whatever is available. The point is to give that contract a lot more weight in the consumer's...

            As if anyone would ever read any contract. No, that's not really the point. The user agreement or whatever is available. The point is to give that contract a lot more weight in the consumer's mind.

            The whole point of consumer protection laws is to prevent an entity with nearly unlimited financial means from using that means to exploit their consumers through legal loopholes.

            That's (as said) not the direction I'm going for, but gets me to another idea: Contract transparency laws with teeth. Any contract must of course be reasonably legible and understandable by a pleb. You can sue if a reasonable person wouldn't get it. Also: Any terms in a contract must have relevance to the case at hand (or must be easily and conclusively identifiable as being irrelevant). The overall length of the contract must be reasonable given the business conducted via that contract. The goal of the latter parts is that you can't hide in the sections people usually skip because they're irrelevant. If I skip a section because I believe it is irrelevant, it is not part of the contract. If I'm unsure whether a part of the contract even pertains to me, guess what? It doesn't. Reading the contract shouldn't be a war of attrition.

            2 votes
            1. Gaywallet
              Link Parent
              There has been decent precedence in case law for this in European courts, but I have yet to see any substantial legislation on this. I think it would be hard to put into words and there needs to...

              There has been decent precedence in case law for this in European courts, but I have yet to see any substantial legislation on this. I think it would be hard to put into words and there needs to be a balance between both the consumer and the entity offering a product. You can't place 100% of the burden on the entity or the consumer as there are problems with both.

              You also, in general, need a system of law which respects the spirit of the law and not the letter. In a place like the US, this kind of legislation would be impossible. In some European countries, however, this might fly.

              1 vote
            2. patience_limited
              Link Parent
              It doesn't matter if a contract is transparent when one party to it has no practical means to enforce its terms, and the service provided is so opaque that the customer has little visibility into...

              It doesn't matter if a contract is transparent when one party to it has no practical means to enforce its terms, and the service provided is so opaque that the customer has little visibility into whether those terms have been breached.

              1 vote
        2. [2]
          archevel
          Link Parent
          I think finding the actual contract text is not that big of an issue for any service I sign up to. Interpreting that document is non-trivial and that seems like the main problem. That and the...

          I think finding the actual contract text is not that big of an issue for any service I sign up to. Interpreting that document is non-trivial and that seems like the main problem. That and the issue with people signing away their privacy because they are unaware/don't care.

          1 vote
          1. vektor
            Link Parent
            The written form is supposed to give this more weight. The moment people offer up their email, they get much more alert: "Oh, but what if they do shenanigans with that"... but you're already...

            The written form is supposed to give this more weight. The moment people offer up their email, they get much more alert: "Oh, but what if they do shenanigans with that"... but you're already giving them way more sensitive information. That's why I imagine this tiny change could help.

            It sure gives it a bunch more weight than a checkbox.

  2. vektor
    Link
    TBF, the judge has a point. There is a case floating around in germany, where an ISP is sporting a (imo) intentional misreading of a piece of consumer protection law. Two regional courts have said...

    TBF, the judge has a point. There is a case floating around in germany, where an ISP is sporting a (imo) intentional misreading of a piece of consumer protection law. Two regional courts have said their interpretation is correct, but not the highest court. I'm still adamant that the highest court would rule in favor of consumers if it came to that, but the case ended there - probably because the plaintiff didn't want to bother pursuing a few hundred dollar judgement at the cost of exorbitant lawyer's fees.

    So from that lense, it makes sense for the judge not to rule on matters of law that are, in all reality, above her paygrade. Either her opinion will be overruled in the superior court, or it will be upheld - but it will be argued in the superior court. A harsher judgement against facebook would almost certainly be appealed by facebook, so with what she did, she gave the plaintiff a good out. Had she ruled more aggressively, she could have forced the plaintiff into a prolonged legal battle (I think). If she ruled less aggressively, she would have set dangerous precedent. This way, the plaintiff had the option of pursuing a more privacy-friendly judgement or cut his losses. I'm not very familiar with austrian law, much less austrian codes of procedure, so I might be wrong here.

    Why this took 6 years beats me though. Probably a very overworked court system?

    4 votes