In the background to all this do note that the "number 2" executive at Meta is a former UK Deputy Prime Minister, Nick Clegg [0].
Meta see the regulatory situation in the EU and UK as a potentially existential risk. They know what they are doing is bad and lobbying is their number one tactic. They are at the "cigarette company" level of trying to prevent regulation of a business model that is ultimately at risk of being legislated out of existence.
On the other hand, this seems like an easy way to avoid addressing Europe's lack of it's own tech industry.
If Europe wants more ethical tech, they should make an honest effort to create an environment that supports that. I.e., invest in their own tech industry.
I agree with you, investing in ethical tech is an important step.
However if you look at what is happening today, with everyone having a google/instagram/etc account, and the power these companies have over the competition (because of unethical tactics) it is not feasible to actually compete with them.
Legislation is needed to make *everyone* in the tech industry that operates in europe at the same (ethical) level.
This may not be directly applicable to the linked article, but I'm mainly thinking of the DMA and DSA which will go into effect in a couple of months.
We also need to legislate against walled gardens to let other technologies flourish.
Breaking down companies would also be great. YouTube has been mostly crappy but operated at a loss , only alive due to backing by the Google colossus: how do you compete against that?
> If Europe wants more ethical tech, they should make an honest effort to create an environment that supports that. I.e., invest in their own tech industry.
Which is difficult if tech has been monopolised by US companies that break the laws, so they're addressing that for a start, as to level the playing field (both with GDPR and other regulations such as the Digital Markets Act).
> On the other hand, this seems like an easy way to avoid addressing Europe's lack of it's own tech industry.
The only reason the US has its tech industry is:
- lax laws for everything: from data protection to labor laws
- unlimited investor money that can sustain unprofitable businesses for decades Most of the top HN darling have never been profitable, and have been losing billions of dollars for years. The rest haven't been profitable for most of their existence
On top of that it helps to have a huge largely homogenous market
This made me think of Elephant in Cairo [1] and Pachydermic Personnel Prediction [2]. Specifically, it reminded me of what the classification says about the job of a politician:
> Politicians don't hunt elephants, but they will share the elephants you catch with the people who voted for them.
Along these lines, we'd have something like
> Europeans don't invent new tech, but they will regulate the tech you invented.
As a fellow European, I struggle to feel any pride or happiness about this.
I view the cookie popup like the warning labels on a cigarette pack. It's not going to stop people who want to smoke, but it's going to raise awareness of what's going on behind the scenes.
Failure to consider the second-order effects of regulation causes the greatest harm to society.
Because of GDPR, consent to cookies must be freely given, specific, informed, and based on an explicit affirmative action. On a webpage, it's pretty clear that action must be a click. The regulation does require it if you want to use cookies, and it's near impossible to code any useful page without storing state (cookies). What percent of websites use zero cookies?
> Failure to consider the second-order effects of regulation causes the greatest harm to society.
Ah yes. "Companies are willingly flaunting the law, so the law is bad"
> Because of GDPR, consent to cookies must be freely given, specific, informed, and based on an explicit affirmative action.
Indeed. So if you do ask for consent, there have to be two explicitly labeled buttons: "Agree", and "Disagree". How many of the greedy leeches siphoning user data are providing that? And how many are instead waiting how long they can get away with it before the regulators get to them?
> The regulation does require it if you want to use cookies, and it's near impossible to code any useful page without storing state (cookies).
Nope. This is a lie that has been sold to you buy the same greedy leeches that have sold you the lie that it is the GDPR that is bad, the GDPR that is requiring these bad cookie popups etc.
First thing you could do is open the law (it's not that long and is not that complex) and try to find where cookies are mentioned. Hint: they are mentioned nowhere in the main body of text, and are only mentioned in one of the Recitals.
However, you rely on the industry to tell you that the law is bad even if the industry is extremely interested in painting the law in a bad light.
So.
If the data you get/process/store is strictly required for the functioning of your business (whether it's for storing login info or a shopping cart, or because other laws say so as they do in the case of banks), consent is not required.
If you get/process/store that data for any other reason, you must get a specific informed consent from the users. And no, pre-selected checkboxes, hiding "disagree/reject" behind fifteen clicks etc. is not it.
There are many ways to target cookies without saying 'cookies' directly.
>If the data you get/process/store is strictly required for the functioning of your business
This is also quite the oversimplification, by this logic Facebook/Google don't need any consent as that user data and ability to serve targeted ads is required for the business to function.
It's also telling that the GDPR.EU website itself seems to flaunt the law with this: "We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it"
> There are many ways to target cookies without saying 'cookies' directly.
Because cookies are just one piece of data, and GDPR is, suprise, General Data Protection Regulation
> This is also quite the oversimplification, by this logic Facebook/Google don't need any consent as that user data and ability to serve targeted ads is required for the business to function.
It is an oversimplification that works in the vast majority of cases. Even if targeted ads are required, protection of user data is still required. And when pressed Meta and Google have to prove that they actually need, say, a full facial profile of every person on the planet to sell someone a haemorrhoids cream.
> It's also telling that the GDPR.EU website itself seems to flaunt the law with this
This is a good catch. I think they changed that in not-so-distant past. Things like this need to be called out and fixed.
And not swept under the rug with a shrug and "the law is bad". That's exactly what happened before GDPR but without any visibility: every country had its own version of data protection laws, and all tech companies couldn't care less. Suddenly they care (and try to blame the law).
There's really a parallel issue, which is private vs. public interests (companies vs. government / the people).
You see it play out with European companies too, where they exploit populations where either there's lack of regulation or where they can bribe the officials. Profit, see what you can get away with. That's just on the legal front (like this case), not the moral or ethical front.
This is just about user choice and freedom from dark patterns.
If you want tracking and targeted ads you are still free to enable that option.
All others are asking for is a chance to opt out of targeting. I don't see why having that as an option is so bad.
If ad targeting was such a great thing for users Facebook/Meta wouldn't have to fight tooth and nail to prevent people having nothing more than an opt out.
Well then openly ask users for consent. EU law does - in absolutely no way, shape or form - forbid targeted ads. What it does is it forces companies to specifically ask for consent before collecting data for such things and people must know that they're consenting to data collection specifically for ads.
I unironically enjoy non-targeted ads. Every time I see one that has nothing to do with my interests, I know that my meticulously tuned home network and browser settings are working.
1.) I have a work computer that is basically unprotected because it only has Chrome with a very lacking extension whitelist. It lives on its own VLAN because my regular one blackholes all requests to MS and this made my employer not so happy in the past.
2.) My cookie autodelete + adblocking setup means I have to click the "reject cookies" consent on YT once per session. Except one of my filters break the form and it's invisible. My lazy workaround is to disable ublock, click reject and reenable it so the video actually plays. During this ritual I catch a 1-2 second glimpse of a YT ad.
Diluting the value of advertising is a great thing! If it is truly a waste of money to buy advertising, manufacturers won't spend on it, and then none of us will have to watch dumb adult diaper ads, or pay extra money for our adult diapers to cover the advertising budget.
The ad industry has succeeded in conditioning me to hate ads in general. So, let them waste money; hopefully the takeaway will be buying less ads in the future. If it means that some ad companies go out of business, that's even better.
If you enjoy targeted advertisement you can freely consent to companies tracking you. This is fundamentally about consent and how it's given, not targeted advertisement per se.
Of course, companies can still target ads based on where the ad appears, so it would be silly for adult diaper companies to advertise on, say, blogs about children.
Otherwise, it's just like every other form of advertising ever, yes. Rather than have ad companies know everything about me, I gladly choose more generalized ads.
No different than the commercials on broadcast tv before targeting.
Remember that in total no more diapers are sold regardless of these commercials, they just cause consumers to buy a specific brand. If advertising diapers no longer works, they’ll all just stop advertising and be better off.
I'll bait, even though this is quite obvious a low-effort comment without any basis. If you would have read the article, you could have noted the following:
> Max Schrems: "The penalty will go to Ireland - the State that has taken Meta's side and delayed enforcement for more than four years. This case will likely be appealed by Meta, leading to more costs for noyb."
So: No, the money does not go to the ominous "EU leadership", but rather to Ireland, the country which already profits from being a tax and law heaven for Meta and other companies. See https://en.wikipedia.org/wiki/Ireland_as_a_tax_haven
Good riddance then? Time to find a new business model and maybe fire some people if your service can no longer sustain that many employees, or let a leaner competitor eat your lunch.
- not if it comes at the price of huge invasion of privacy
- Given the incredible amount of data they have, I'm constantly amazed at how bad FB/Amazon/others are at suggesting what I'm likely to be interested in
The endless barrage of insipid GDPR cookie consent banners have corrected a weird English-language blind spot I had: it turns out that the opposite of "accept" is not "reject," but rather "customize settings" or "view preferences."
Those banners are illegal according to GDPR. Once there's a threat of a fine on the horizon all those "insipid banners" quickly change to show you a reject button https://noyb.eu/en/where-did-all-reject-buttons-come
I would be totally fine with a regulation where they had to ask before using personal data to show ads. The overreach is that the GDPR requires that the user be able to say "no" but still use the service -- you can't make use of the service conditional on accepting ads, and you can't require users to pay instead.
Possibly: it's not fully clear yet whether the GDPR requires you to offer people the opportunity to use your site without ad fraud detection, but I'm expecting it turns out it does. And without ad fraud detection ad-supported sites are mostly not practical.
You can have ad models that are immune to fraud. A time-based model such as "your ad here for X days" is immune to fraud, just like ads in print or TV are immune to it. If the ad drives purchases, the advertiser renews; if it doesn't, you may have to lower your price until another one comes up.
It's not immune to fraud: if I offer you ad space on jefftk.com how do you know how much to pay for it? Without some kind of fraud detection, how do you know whether to trust me when I tell you I have 25k unique visitors monthly?
Could always be an auction-based market - you start with a trial and only do a day/week/etc and gauge your results - if they're good you know you can bid more next time. With enough "liquidity" on either side the true price of said ad inventory will naturally come up without any tracking necessary.
That works for performance advertising, where you're able to tell whether your specific ad is getting results. But most display advertising (by dollars) is brand advertising, where Ford cares that a real person is seeing their ad but isn't expecting you're going to drop everything and click through to buy a truck.
How has that problem been resolved in offline (print/TV/display) advertising be solved, and could those solutions be reused for the web?
It seems like the free-for-all with regards to personal data and decriminalisation of spyware has led the online ads market into a near-optimal situation with regards to targeting & fraud detection, but 1) is it a trade-off people are willing to accept (the GDPR being enacted suggests not) and 2) can there be alternatives that give both sides what they want?
The traditional way to handle this in the offline world is with ratings agencies like Nielsen. This is the thing where they try to figure out how many people are watching each TV channel or who read a given paper.
The problem is, this requires the readings agency to build up a representative panel of people, and track their behavior. This is pretty coarse, but it works in a relatively centralized world like traditional TV where there are only a few dozen channels. On the web, however, people visit so many different sites that the panel would either have to be extremely large or you would only be able to generate reasonable ratings for the largest sites, probably both. This would be yet another force pushing hard toward internet consolidation.
Another option is that you could somehow build a new technology into browsers with some sort of privacy preserving API. I used to work in this area [1] but I am pessimistic about it: it's very hard (and may not be possible) to build something that gets all three of (a) minimal load on the users browser (b) actually useful fraud detection and (c) sufficiently private (with a separate question of whether usage would require consent under GDPR).
I'm with you that this isn't ideal, but as a choice between the simplest options, I think GDPR was at least an improvement. The prior status quo was 'you can bury it in the ToS in a basement across town' and led to a market where new entrants couldn't compete on more privacy friendly terms.
I'd guess that even now, just allowing a simple 'pay money or <smooth lawyery wording for happiness that incidentally eliminates privacy>' choice would just lead to the same issues again. But it's absolutely like a code smell that tells me there's a more nuanced option somewhere that could be better. However, I'm glad they didn't let perfect be the enemy of good in this case.
This is because otherwise there (mostly) wouldn’t be any service you can use without tracking, because that tends to be the most profitable way to operate. What services still can do under the GDPR is provide a payed version without ads (and many do successfully). It’s just that if they provide a free version with tracking, they also have to provide a free version without tracking.
jeff. We've been through this multiple times already. You working for the ad portion of Google has made you madly in love with ads to the point that you pretend that not letting you siphon and sell my personal data wholesale means you can't show ads. This is not true. Multiple people have told you that already, across a multitude of threads.
You can still have ads on your site. GDPR does not preclude you from using ads on your site. GDPR doesn't care if you have ads on your site. Nothing in GDPR prevents you from having ads on your site.
I left Google six months ago, and don't work in ads anymore.
Ads without fraud detection are worth very little, and (my interpretation is) the GDPR requires consent (including the ability to say no without consequences) for that.
> I left Google six months ago, and don't work in ads anymore.
But you did work there, and you keep saying the same things over and over again.
> and (my interpretation is) the GDPR requires consent (including the ability to say no without consequences) for that.
You posit your incorrect interpretations as if they were fact. And you keep on conflating several things into one. Even though you've had plenty of time to, you know, read something about the things you're talking about.
1. Not all ads need to be personalised ads. No, personalised ads are not a requirement. No, if it doesn't mean that you can't have ads at all.
2. No, fraud detection doesn't mean your ads are personalised. No, fraud detection doesn't mean that your ads must be personalised.
3. No, fraud detection doesn't mean you need to collect personalised data beyond what's necessary for fraud detection. No, fraud detection doesn't mean you can willy-nilly use that data in anything other than fraud detection. No, fraud detection doesn't mean you can use that data for personalised ads, sell that data to third parties, or keep that data indefinitely long.
And yet, here we are, again, when you keep saying that these three disparate things are one and the same and that "GDPR is an overreach that prevents sites from showing ads". You keep repeating the same falsehoods over, and over, and over again. Please, stop.
I agree with your #1, #2, or #3 and you're right that I've been saying several different things in different parts of this thread, where it's not entirely obvious how they fit together. I do have a coherent view, though -- let me walk through the whole thing and try to clarify.
My main view is that it should be legal to offer advertising-supported services where users can't just opt out of the advertising. If before a service can show any ads they need to offer the user a free choice on whether to see ads, where there are no consequences for clicking "no" other than that they don't see ads, users will overwhelmingly click "no" and the site will not be viable.
(I additionally think that it should be legal to offer services that are supported only by personalized ads, where users can choose between (1) using the service and having personalized ads vs (2) doing neither. I've argued that elsewhere in this discussion, but that's a bit of an aside to my main point.)
While I don't think the GDPR as-written prohibits such services, with the decisions coming out of the data protection agencies in the more privacy sensitive European countries I think the GDPR as-interpreted does make them economically non-viable for most sites because viability requires effective fraud detection.
If a service is going to show ads even if the user has clicked "no" and consented to nothing, it needs to be able to run the full ads stack without relying on anything that requires user consent. This includes:
* No cookies or other client-side storage, not even for detecting ad fraud. See the recent CNIL decision against Microsoft. [1]
* No network requests to any server operated by a US company or any subsidiary of one. See Schrems II [2] and follow-up rulings on applications such as analytics [3], fonts [4], and CDNs [5].
Together these rule out all commercially available adtech options I know about.
But let's say you decide to build something fully in-house, or you use some future ad product from a startup run by very careful Germans. What do you still need to do?
The GDPR requires you to have one of several legal bases for any personal data you process. With "consent" out of the picture, almost all of them are irrelevant for ads, with the potential exception of "legitimate interest". [6] Is detecting ad fraud or other invalid traffic something a site has a legitimate interest in?
The ad industry has historically thought that sites did. For example, the TCFv2 categorizes this under "Special Purpose 1", with users having "No right-to-object to processing under legitimate interests" [7]. On the other hand, points 52 and 53 of the recent Microsoft ruling [8] read to me as saying that since users do not visit sites to see ads that sites cannot claim that they have a legitimate interest in using personal data to attempt to determine whether their ads are being viewed by real people. This is not fully settled; among other things the Microsoft ruling was on the interaction of GDPR and ePrivacy, and ePrivacy is stricter on some points. But I think it's more likely than not that when we get clarity from the regulators it will turn out that the kind of detailed tracking of user behavior necessary for effective detection of ad fraud is not considered to be within a publisher's legitimate interests.
It's strange that you agree... and yet your coherent view keeps on repeating the same lies, falsehoods, and keeps conflating things.
> My main view is that it should be legal to offer advertising-supported services where users can't just opt out of the advertising.
Let me re-iterate: You can still have ads on your site. GDPR does not preclude you from using ads on your site. GDPR doesn't care if you have ads on your site. Nothing in GDPR prevents you from having ads on your site.
I mean, come on. Go to spotify.com, download Spotify, and you will disover (undoubtedly to your surprise) that it offers exactly two tiers: ad-supported, and paid.
It's GDPR-compliant.
> it needs to be able to run the full ads stack without relying on anything that requires user consent
You can do that. Again. To re-iterate:
Not all ads need to be personalised ads. No, personalised ads are not a requirement. No, it doesn't mean that you can't have ads at all.
> No cookies or other client-side storage, not even for detecting ad fraud. See the recent CNIL decision against Microsoft. [1]
This is, of course, a blatant misinterpretation of that decision bordering on a lie. And a false generalisation.
> No network requests to any server operated by a US company or any subsidiary of one. See Schrems II [2]
Exactly. Because the US literally said: we don't care about user privacy and we assert the right to view and peruse any data of any citizen of any country in the world if they use American companies.
It is just amazing to me that for a person who keeps saying "I care about privacy" you complain about everything that improves privacy.
> The GDPR requires you to have one of several legal bases for any personal data you process.
Yes. Of course. Why do you want it any other way?
> With "consent" out of the picture, almost all of them are irrelevant for ads
Not all ads need to be personalised ads. No, personalised ads are not a requirement. No, if it doesn't mean that you can't have ads at all.
> Is detecting ad fraud or other invalid traffic something a site has a legitimate interest in?
No, fraud detection doesn't mean you need to collect personalised data beyond what's necessary for fraud detection. No, fraud detection doesn't mean you can willy-nilly use that data in anything other than fraud detection. No, fraud detection doesn't mean you can use that data for personalised ads, sell that data to third parties, or keep that data indefinitely long.
> The ad industry has historically thought that sites did.
No, The ad industry has historically thought that users' data is a free for all buffet with no consequences. They are now facing those consequences, and you go out of your way to protect the status quo.
> Go to spotify.com, download Spotify, and you will discover (undoubtedly to your surprise) that it offers exactly two tiers: ad-supported, and paid. It's GDPR-compliant.
Why do you think Spotify is GDPR compliant? For example, if you look at https://support.spotify.com/us/article/gdpr-article-15-infor... they say "we use your personal data to tailor advertising to your interests" and their declared legal basis is "Our legitimate interests here include using advertising to fund the Spotify Service, so that we can offer much of it for free."
I agree there are tons of ad-supported services where if you decline their consent banners they still show you ads. But I think somewhere between "extremely few" and "none" of them are actually GDPR-compliant.
> for a person who keeps saying "I care about privacy" you complain about everything that improves privacy.
I think there are commonly significant tradeoffs involved around privacy, and "maximize privacy over everything else" is not my view.
> > Is detecting ad fraud or other invalid traffic something a site has a legitimate interest in?
> No, fraud detection doesn't mean you need to collect personalised data beyond what's necessary for fraud detection. No, fraud detection doesn't mean you can willy-nilly use that data in anything other than fraud detection. No, fraud detection doesn't mean you can use that data for personalised ads, sell that data to third parties, or keep that data indefinitely long.
You're not engaging with my point. I agree that if you say you're doing something for "fraud detection" but it isn't actually needed for fraud detection than the GDPR prohibits that. But what I wrote in my previous message is that even "actually trying to do fraud detection and nothing else" is very likely not something courts will consider to be within the legitimate interest of companies.
All I can say is: even though you say you agree with me, you keep deliberately saying the same falsehoods, deliberately clumping disparate and non-related things together, and deliberately misrepresenting and misinterpreting everything related to privacy decisions in Europe.
For a person who writes things like "I rarely see enough concern over is that you can't trust the future to keep things private", you do sure go out of your way to defend arbitrary bulk data collection for the most mundane of things, ads. Oh, and the defeatist "we can't expect to keep things private, so to hell with it, no consent for any private data is necessary".
If they just defaulted to "no" with no option to opt-in this would prompt the argument that people love targeted ads and Apple is the bad guy for not allowing them.
If they give the choice, they can put out real-world proof out there that nobody wants them, as demonstrated by low single-digit acceptance rates.
They can use this proof in the future to default to "no" without possibility of opt-in.
> They can use this proof in the future to default to "no" without possibility of opt-in.
Maybe that's their strategy, but it's manipulative and a sneaky way to obtain what they want while avoiding [SOMETHING]. Where something is lawsuits? regulations? outrage? No idea.
The Irish DPC is supposed to be an independent regulator. In practice, it has acted as an arm of Irish economic policy.
This story shows the DPC for what it is: a regulator that was captured from the beginning. The idea that the DPC might sue EPDB is astonishing and shocking.
This comes as I read of Irish plans for a watered-down Northern Ireland Protocol. That would certainly please the UK government; but it risks subverting EU law. If the Irish government is bent on circumventing EU law, perhaps they should just get out of the EU.
Them "leaving", as in having no legal/corporate presence in, the EU wouldn't remove obligations under GDPR. They would have to block all access from EU citizens to do that.
* Governments can reach Apple and Google, and thus force them to remove the apps from their app stores.
* Diplomacy. EU and USA will have a lot of negotiation to do pretty soon. USA doesn't like how EU handles big tech and privacy. EU doesn't like how USA's preferred treatment of domestic electric cars in the "inflation reduction" act that went into effect a few days ago. If Meta pulls out of EU to dodge enforcement, the EU diplomats will surely bring that up, and work a solution into whatever treaty comes out of this.
I bet Facebook will still happily provide service in a region, even if the only customers for their ads there are groups like companies with no footprint in the country, foreign regimes that would like to influence elections, and locals who’ve figured out ways to evade local laws.
Punishing companies directly that do business with Facebook/Meta would probably be the strongest deterrent. If we can sanction countries, why not companies?
That's how sanctions are usually implemented. See: Russia and Iran, trickling down to their state businesses and armaments industries, tricking down to their suppliers. The only difference here would be there isn't a nation-state as the starting point.
Yup. That's what I meant too. The Iranian Revolutionary Guard Corp doesn't care much about US sanctions, but other companies selling them {insert thing} do, if it has financial repercussions.
1. Force Apple and Google to remove the apps from stores.
2. Lowest effort DNS blocker to exclude the 90% who don't care enough to circumvent.
2. Let the lack of network effects and time do the rest.
Sure, a few will hold on, and there will probably be a temporary "buy a phone with fb installed for 10000$" market, but given time, Facebook/Whatsapp/etc. will be dead in Europe.
Except politicians will have to come out as supporting a ban on the most popular apps that tens of millions people use every day. Which outside of HN circles would probably be unpopular (see how the proposed Tiktok ban was received in America). And have sites ever even been blocked for GDPR violations before / in which member states would mandating ISPs block sites on that basis even be allowed?
They could press criminal charges against all Meta executives and extradite them from the US. Of course this is ridiculous and will never happen for a number of reasons, but it shows that the EU doesn't have literally no teeth.
America requires dual criminality for extradition. America has no privacy law similar to GDPR so that couldn't happen + I think GDPR violations are a civil thing only (?).
The sad future of the internet is companies picking a country and keeping all their servers and employees local. It's up to other countries to block; nobody is going to extradite over cookie warnings.
I like Facebook targeted ads. They're more interesting than generic untargeted ads. When I was shopping for an electric bike Facebook showed me ebikes of the type I wanted (cargo) for weeks. It's convenient. Yesterday I made a comment on a hat ad (I didn't think any man except Walter White should wear a pork pie hat) and now all my ads are for hats. I didn't realize their were so many kinds of men's hats. I don't feel like my privacy was violated
It seems like everyone would be best served by a catalogue of ads that you could search through at your leisure. We could even call it a "magazine"?
Either way, it's great that you are comfortable with Facebook's tracking and even get value out of it - in which case you will be able to opt-in once the changes required by this ruling get implemented. Those who don't feel comfortable with it can opt-out. Everyone wins!
I am not a hat wearer but now I might become one because I saw some cool hats I like. This was by accident because I wasn't in the market for hats.
I don't believe privacy exists when using modern tech which is why I make all my Facebook posts public. I don't ever want to kid myself that what I am staying stays private to only my friends and family. I have not encountered a downside to Facebook tracking, but maybe you can point one out.
>I don't believe privacy exists when using modern tech
It doesn’t because tech companies like META and it won’t be fixed so long as your narrative remains the norm. We can fix this but not by letting these companies get away with it
Stopping Meta would only solve a small percentage of the problem. Hackers stealing our data is also a huge problem. My philosophy is to assume that I don't have privacy online or even offline due to facial recognition software. I've decided to accept it instead of fighting it like I used to.
> Meta is now prohibited to bypass the GDPR via a clause in the terms and conditions. Meta has to get "opt-in" consent for personalized advertisement and must provide users with a "yes/no" option
It's not like they haven't been fined before, and continued doing shady shit. I'm sorry, but I have such a low opinion of Meta/Facebook/theZuck that none of this means anything positive to me. I am a much more pessimistic person regarding these kinds of things that I give no credence of benefit of doubt. I also don't trust these legally-binding orders as they are only legally binding until some sharp tongue lawyer figures a way to weasel out from under them.
I'm happy for you that you are much more optimistic about these things, and I hope for all our sake you are not disappointed. From point of view, I can only be pleasantly surprised. To disappoint me at this point would be an ultimate new low.
> The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.
If the EU maxes out on the fines and companies like Meta still don’t comply, I’m sure that legislation will be adjusted to further increase the pressure. It’ll just take time.
Simple for you and I, but not so simple if you're a lawyer working for Meta that can twist words and interpretations of those words strung together into sentences in a legal contract. At the end of the day, you and I don't matter in our interpretations. It is the lawyers and judges. Who do you trust?
"The decision would still allow Meta to use non-personal data (such as the content of a story) to personalize ads or to ask users for consent to ads via a 'yes/no' option. Users must be able to withdraw consent at any time and Meta may not limit the service if users choose to do so."
How is that supposed to work? FB is required to provide a service at a loss? If I were FB I'd work to actually make a yes/no contract - yes, or get lost. You can use EU social networks - oh wait, there aren't any! I guess in line with other EU decisions, EU citizens can switch to VKontakte :D
FB isn't required to operate in the EU, but if they want to, they're required to follow EU law. It's FB's problem to find a way to be profitable while following the law. It's normal that companies have to find a way to live with the cost of regulations, and if they can't, leave the market or go bust.
For example, manufacturers are required to avoid use of harmful substances, and follow health and safety regulations, even though it'd be more profitable not to. Sweatshops and child labor would be more profitable, but these business models were rejected by the governments too.
I was not asking about the letter of the law, that's obvious from TFA. I was asking about how it is fair in any way. It's kinda like a user comes into my store and I say "I can give you a haircut bundled with you giving me $30, yes/no", the user says "no, I'll only pay you $10", and EU says I am still required to give them the same haircut with the same quality.
Ofc if I/FB choose to shut down or alter my service for everyone under these conditions, the other angle is that EU govt has decided that it knows better than mere proles who want to explicitly consent to the exchange. It's less like manufacturers avoiding harmful substances, and more like e.g. govt of China requiring Apple to alter Maps to display "correct" information under threat of a ban.
Yes. Although how much of a loss it would be is debatable. Unless you upload lots of media, the costs of providing you the service top out at a few cents a month, so it can trivially be subsidised by even untargeted ads.
> You can use EU social networks - oh wait, there aren't any!
Maybe the long-term objective is that we actually get some social networks that are sustainable without misusing people's personal data?
"Users therefore need to be provided with a yes/no ("opt-in") consent option, otherwise Meta may not use their data for personalized advertisement."
I guess Facebook's solution could be a pop-up asking whether you want to continue using it as before or if you want to deny access to your personal data and pay $50 a month.
I don't think this is true, many news sites either offer the option to accept cookies and show ads or offer a subscription without ads and tracking cookies.
I'm not sure I ever got on such a website! They usually ask you to disable ad-blockers in order to accept ads, but they cannot force you to accept personalized ads.
According to gdpr they must still offer the same service regardless of the user opt-in. Remains to be seen if FB can follow the GDPR there. Also not sure whether that point of GDPR is compatible with other kinds of trade agreements.
Probably they will go for "Please choose between 50 horrible autoplaying spammy ads or 4 personalized"
Those websites are in violation of the GDPR. Article 7 item 4:
“When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.”
This basically means that if
providing the service is made conditional on consent of personal data processing despite the processing not being necessary for the service, then the consent can’t really be considered to be freely given.
Have any of these companies (meta, google, etc) actually had to PAY any of these fines? I hear about them getting the fines, but usually they can weasel out of them or just delay them indefinitely.
Getting fined 400 million over some trivial thing- that's behavior I'd expect from the mafia or maybe Genghis Khan. It's not like they killed anyone. They just resisted the stupid checkbox.
Well, first of all, it's not "prohibited", it's "prohibited without a consent". Second, less personal data - less useful (relevant) ads, less revenue for Meta - less investment in R&D, less open source/research, more focus on "gathering contextual portrait". Which... won't end monopoly if that's what the general public on HN wants (hard to say what this whining is all about). Maybe more advertisers will go to Google instead (if the ruling is only about Meta).
I'd wager that if you would put it to a referendum, the vast majority would prefer access to Meta's services for free to GDPR in Europe. Max Schrems isn't helping anyone.
I'd wager the vote would be way more nuanced if it came with a form where you can log in with Facebook and get a dump of all the data they captured on you, including what's been inferred by machine-learning models or stolen from other people's contact lists.
EU is first, with foolishly predictive tech regulation before it emerges. Like e.g. the requirement for AI to explain itself. GPT can surely explain to you very elaborately how they came to the wrong medical conclusion
But what you say is actually accurate, the globalized world (excepting russia) has settled to these roles for these 3 players. EU is more of a legacy player without an army (or strong production base) that still "upholds ideals" and sells this image for worldwide PR. But you see where this ends up, countries bribing EU politicians to improve their world PR by association.
So even if the fine sticks and doesn't get overturned on appeal, that's 390 million over 4 years of blatantly breaching the GDPR, so on average ~97M/year. This means it's merely a cost of doing business and they should continue.
They have also been ordered to stop doing what they're doing, and will face additional sanctions if they don't.
When calculating fines under the GDPR the supervisory authorities have to take in to account whether the violation was intentional, previous violations and compliance with previous orders.
In other words, if they don't stop now the fines will get bigger.
> This decision, as I understand it, renders large swathes of tech service revenue models untenable.
To be honest, good riddance. If it is no longer possible to offer users a "free" service in exchange for extremely invasive spying and psychological manipulation (without explicit consent [0]), it forces companies to 1) innovate in order to offer such services for a sustainable price, and 2) encourages competition from new entrants.
[0] By the way, one can imagine a scenario where users are somehow compensated for the permission to use their personal data. For example, let's say Facebook now costs 20€ per year. If you allow Facebook to use your personal data for ad targeting, now it costs 5€ per year.
If the standard becomes "make illegal business models that the media gets enough people upset about" (without even a vote where the alternatives [paying for service] are clearly explained), then -yeah- people are going to be left poorer.
Europe already endured centuries of this when the majority Christian ethos was that usury & banking were an evil to be banned. This, among other things of course, helped sentence millions of people to poor and deprived lives for centuries.
> If the standard becomes "make illegal business models that the media gets enough people upset about"
I think you're giving "the media" too much credit here, it's also very possible that the business models are actually unpopular and people are upset after learning about them. I think in general that's the basis for all the laws we have - a bunch of people thought there should be a law against something and made it.
The only alternative to this is someone doing top-down laws based on what they personally think is right or wrong, and I'd argue that's much more what was happening in Christian-ruled Europe. The church was making laws - they weren't coming from a democratic government.
I'll preface this by saying that I don't like Meta and am very privacy-conscious.
> it's also very possible that the business models are actually unpopular and people are upset after learning about them.
I am 100% convinced - from people around me - that those who use FB and IG don't give a damn about privacy and would rather it be free of charge. This is clearly a small group of "elite people in the know" (which in this case I consider myself and yourself a part of) deciding this.
Those people will be given a choice (assuming Meta doesn’t throw a tantrum and decide to leave the EU in Brexit fashion - which they are more than welcome to do!).
“Do you want us to use [extensive list of all of the kinds of information we have meticulously gathered about you] to show you more relevant ads? Yes/no”
I have a personal belief on what most people will answer to that question. You may disagree. But it doesn’t really matter - the key is that people will be given the chance to make an informed decision.
You don’t have to guess. We know. How many people use Gmail vs paying for a provider not owned by an advertiser company? How many people use Hulu free/lite tier vs paying more for zero ads? How many people are flocking to use a paid privacy focused search engine like Neeva? Hell even DDG hasn’t taken over and it’s free! People have choices and their preferences are clear: “give me free shit!”
> How many people use Gmail vs paying for a provider not owned by an advertiser company?
Ads shown in Gmail are not based on the contents of the emails, rather on other characteristics inferred from the associated Google account [0]. It's a bit of a "splitting hairs" thing, but it's not an apples-to-apples comparison in this case.
I'm not familiar with Hulu.
> How many people are flocking to use a paid privacy focused search engine like Neeva? Hell even DDG hasn’t taken over and it’s free!
Those search engines are not as good as Google. All things being equal, I posit that people would prefer products that respect their privacy.
> You don’t have to guess.
Again, that's beside the point. The point is that people should be given the opportunity to make an informed choice about whether a company is allowed to process their personal data for the purpose of showing "more relevant" advertisements, and that is a Good Thing.
A ton of people use Outlook.com. The choice is usually not about the presence of ads (these are very moderate with both providers), but about the UX one finds more convenient / used to. When something like Protonmail supports tags, I may give them a try.
I do pay for Youtube premium, because without that, the amount of ads really annoys me. I usually buy ad-free versions of freemium Android apps. There must be some value to pay for; making the free version annoying subtracts enough value that paying for the uncrippled version becomes a reasonable choice. (I usually buy paid versions of open-source apps to keep them open-source; that's also a value.)
Also, a lot of people are very much not well off. They often don't have that extra $5; I remember being in that state myself as a student. So they will put up with free shit, even if it has a noticeable shit component :(
I’m not so sure. My observations are certainly not statistically significant, but I’m a Brazilian who moved to Germany. One of the things I noticed when using email here is that the amount of people who have an email not @gmail.com, but whatever German provider that has to follow GDPR is much higher than what I saw back in Brazil.
This suggests that the population in general in Europe is indeed more privacy-conscious.
I very much doubt that people will actually get that choice, because if Facebook does give it to them, the response numbers won't look good for the model. It's easier to remove the choice altogether and then spread FUD about how it's forced on them.
> I am 100% convinced - from people around me - that those who use FB and IG don't give a damn about privacy and would rather it be free of charge.
When Apple forced apps to implement App Tracking Transparency which asks a neutral, OS-provided question to the user, only 4% opted in.
Furthermore, people generally don't care about privacy because they don't understand the ramifications of that decision (which is exactly why the GDPR was enacted instead of letting consumers and "the market" decide), but they do freak out when the tracking ends up backfiring on them.
> people generally don't care about privacy because they don't understand the ramifications of that decision
Every single time I point that out, I get told to show proof of such "ramifications". They just don't think they'll be impacted by this tracking, which is ridiculous. Even more strange is the position of "I have nothing to hide." - privacy != secrecy.
100% agreed - the issue is that people aren't giving _informed_ consent, I think it'd be great to have a law that basically says "the default has to be not tracking, and you can prompt and allow users to opt-in for targeted ads"
> Wealth inequality is much worse in the US than Europe, so relatively speaking, "poor" in EU is still much better than "poor" in the US.
Besides the questionable practice of lumping all of European countries into a single "Europe" block for debates like this, a single metric like wealth inequality, for instance, isn't useful to compare how countries or regimes are faring.
For instance, by that metric, the following countries are better than Sweden: Belarus, Moldova, UAE, Algeria, Iraq.
And places like Myanmar and Poland are better than Austria.
Well, only if the total amount of wealth in the US is equivalent to the EU does your second statement follow.
Obviously this is not the end alm be all of how good life is, but there are numerous studies indicating the average of goods and services provided to the poorest 20% in the US is higher than the amount of goods and services provided to the median EU citizen.
One should probably account for a margin of error as well as different measurement standards as well as timing differences, but by Europe and the US's own governments, Europe has double the poverty rate of the US:
When the Mises Institute publishes articles arguing that "drunk drivers cause accidents but so do sober drivers, and many drunk drivers cause no accidents at all," and therefore drunk driving should not be outlawed, it's hard to take this type of source seriously [1]. Note that the article above was published by the institute's founder.
The thrust of the article [1] is that the income defined as "Poverty Level" (60% of disposable income), is higher in the US than in many European countries. This definition is based on disposable income, which does not account for spending on childcare, healthcare, housing, etc., many of which are heavily subsidized, or simply less expensive in these European countries that are being compared to the United States.
Note: I appreciate your calm responses and engagement of the arguments. I concede that I should have included some refutation or concession based on the merits of the article themselves in my original reply.
I feel that attacking the credibility of a source is fair game. I don't expect someone to refute every single point of an argument if the central thesis of the argument is erroneous.
How did we jump from attacking the credibility of a source to the central thesis of the argument being erroneous? I'm missing the part where that was shown.
Even if they got the numbers right, which I doubt, they completely miss that US income has to pay for a lot more than in most of Europe, healthcare and education just as the most prominent examples, also lack of public transit etc.
And of course anyone who has ever lived both in the US and in one or more European countries knows that this "analysis" is BS.
if you read the article, you would see that they account for social service transfers.
> And of course anyone who has ever lived both in the US and in one or more European countries knows that this "analysis" is BS.
mm. if we are going by anecdata, my dad grew up in Europe in latter 20th century and they could not afford shoes or electricity. his siblings were put up for adoption. things have certainly changed, but that is intense material deprivation relative to latter 20th century US.
> mm. if we are going by anecdata, my dad grew up in Europe in latter 20th century and they could not afford shoes or electricity. his siblings were put up for adoption. things have certainly changed, but that is intense material deprivation relative to latter 20th century US.
Take a tour of rural Alabama or Appalachia today and you will see plenty of extreme poverty like that. We have a whole industry of NGOs and bin manufacturers [1] just to supply them with used clothes and shoes, massive subsidies to provide them with internet and electricity, and so on.
Once you get out of the big cities, especially in "fly over" states, the poverty in the US can be downright staggering.
They claim to account for them. Whether they actually did so in any way that makes sense is not documented. Given the credibility of the source... ¯\_(ツ)_/¯
Also, their claim is "social benefits paid to households". That wording strongly suggests that they only took into account those social benefits that result in a payment, of money, from the government to the households, such as social security payments or unemployment benefits.
Which would miss the vast majority of benefits, including all the ones I mentioned, because those benefits don't work that way.
Just because someone has more material items than you doesn't mean your life is worse or that you are poor. Poverty isn't about how little you have to others - its about being able to provide and sustain yourself and your family in society. As far as I understand it, poverty is much less now than 100 years ago.
For example, I voted with my feet. I used to live in the US, but I moved (back) to Germany, because despite the fact that I could make tons more in the Bay Area, my standard of living is much higher here.
Don’t know why this is being downvoted when it’s objectively true. Parent says wealth inequality is less in Europe therefore being “poor” is more desirable which makes no sense. The US could have higher inequality but that could just mean the richest are richer and the poor have the same standard of living. It could mean the poor are poorer in the US and the richest are even. It could mean the poor AND the rich are richer and better off than their EU counterparts. Just looking at inequality numbers doesn’t tell you anything about quality of life between the two continents…
Your analysis is wrong. Wealth inequality by itself is a problem, even if absolute levels are higher. This has been shown in study after study.
This obviously doesn't mean that any wealth inequality dominates any absolute level (quick: everyone gets nothing!), and getting the balance right is tricky.
But looking at the world happiness index, it is obvious that European countries are doing a pretty good job.
That’s lovely. It sounds like the kind of thing that would work well in a fortune cookie.
Meanwhile, in the real world, we find that that’s not how happiness works at all. People want more than they used to have or they want more than the people around them. If they don’t, they aren’t happy.
You can blame capitalism all you like, but this is a fundamental tenet of brain chemistry. No matter how well off we are, our dopamine level adjusts to that.
That's not true though if you look at at global "happiness" studies, it's not the countries with the highest individual material wealth which typically come out on top, but the countries with the least wealth inequality, usually the Scandinavian countries.
That’s pretty much what I said. People are comparing themselves with those around them. If they’re about equal, they’re happy. If the society has high inequality, they’re unhappy. The absolute level of what they have is irrelevant, which is weird. You’d think that a person who doesn’t have to worry about food, clothing, shelter, entertainment and social connections would just be objectively happy. But no, the existence of many rich people makes them feel worse.
This isn’t good or bad. It’s just the way humans are.
I disagree with the previous comments, but wealth inequality is not a measure of wealth (or poor-ness). In a way the previous comment has some truth in it: equalitarianism and socialism in Europe is keeping us poor; you cannot make all equal and rich, but you can make all equal and poor and this is the trend that I see. Background: born and grew in Romania, poor and socialist.
Europe is a museum at this point. Tourism is their future. What industrial sectors are left are protected by huge government subsidies and tariffs, but as energy goes up in price and their economic dynamism continues to fall, their future is keeping the capital cities pretty for US and Chinese to visit and take pictures.
A friend of mine is a Norwegian in the US. He told me all the ambitious people in Norway scheme to come to the US to make their fortune then retire back in Norway. Seems to be a very common pattern in Europe - make your money someplace without the excessive taxes and regulations, then travel back for the social safety net. Somehow they see this as moral and just which is quite perplexing.
Such derogatory commentary is not adding any value to the conversation. I would refrain from dismissing Europe's industry, and cities with such a tone. The most perplexing part in all of this is the stance that this thread seems to commend.
Even more so, given the societal unrest seen in the USA. Just baffling.
> Even more so, given the societal unrest seen in the USA. Just baffling.
To be fair, the social unrest of the US fueled by social media & advertising is now exporting itself to other countries - starting with the English-speaking ones (since the content can be reused as-is) but it's just a matter of time before it consumes other countries too.
> Europe is a museum at this point. Tourism is their future. What industrial sectors are left are protected by huge government subsidies and tariffs, but as energy goes up in price and their economic dynamism continues to fall, their future is keeping the capital cities pretty for US and Chinese to visit and take pictures.
German and swedish machining/mechanical engineering industry is essentially powerong the world's manufacturing. The biotech companies that gave us RNA vaccines are based in Europe. Where Europe is lagging is large supernational social media, software companies (although Spotify is Swedish). Hardly a museum. Also in comparison to the US or China the European market is quite open (the whole US defence is essentially a large government subsidy scheme).
I find it interesting that free market maximalists are always pointing to FANG companies as examples how the US unregulated market is so much better. The irony is that these companies are so big that they are largely outside free market pressures and competition and I would argue are a good example how the US dropped the ball on regulating industry to keep competition alive.
What is being ignored is basic macroeconomics such as the Theory of Comparative Advantage which states that the net benefit to countries is the specialization in the production of certain types of goods and subsequent trade with each other instead of each country trying to produce everything domestically.
This is literally the system the US built since WWII and what globalization is all about after the Iron Curtain fell.
Of course, the US being at the center of all this trade as the military guardian of naval trade routes and financier of specialized production capabilities all across the globe.
It was and still is a smart as hell play.
But that's exactly why anyone hitting on any one part of that web of trade as being irrelevant is so... unimaginative: The fact is that it's NOT a zero sum game, but a system where everyone benefits if trade happens.
There are some EU companies that can produce tech in some domains without much or any competition in the US (or think of semiconductors of Taiwan) and the same is true for companies in the US.
> without even a vote
I’m not sure I follow what kind of “vote” you mean here. The legal framework behind the decision has been in discussion since at least 10 years ago, and most EU countries and the EU parliaments are democratically elected. The lawmaking progress in the EU parliament also is very open to public scrutiny and feedback, and the privacy laws went through it. This all supports the idea that the right to privacy online is pretty much a core value supported by most of the EU population, one which they have been supporting through their votes and participation in the law-making for many years.
And if your implied suggestion was that the business model of company X (and whatever benefit they may provide through this model) is a more important vote than the basic value of privacy, or that the issue of cost was not brought to the table enough times for people to understand the trade-offs, then I guess my understanding of how democracy works is different than yours.
> Europe already endured centuries of this when the majority Christian ethos was that usury & banking were an evil to be banned. This, among other things of course, helped sentence millions of people to poor and deprived lives for centuries.
But why do you think legislation should be the one forcing that choice on everyone, rather than the market allowing consumers to choose?
The issue isn't what we personally like or prefer for ourselves -- it's more about when we think it's legitimate to take away the right of businesses to experiment with business models, and of consumers to be free to enter into the tradeoffs they prefer.
Why shouldn't a consumer be allowed to agree to what you call "extremely invasive spying" in exchange for a free product, if they want to? As long as you're not signing away rights (e.g. you can't agree to sell yourself into slavery) or engaging in physical harm (e.g. food and safety regulations), then what's the moral basis for taking away choice?
After all, what you call "extremely invasive spying" other people might consider no big deal at all, in terms of their own personal data.
Legislation is used in cases where individuals either can't make that choice or if individuals' choices would cause negative externalities for some people.
That's how we get food safety laws, employment laws, waste disposal laws, etc. With regards to food safety for example, the vast majority of people don't have the equipment nor knowledge to be able to test whether the food they just bought isn't contaminated, so it's better for everyone if the law just uses the threat of significant penalties to force companies to produce safe food and that people can buy and eat food and be 99% confident there is nothing nasty in there.
The same can apply for data protection - very few people have the skills and resources to reverse-engineer every single binary they run and inspect network traffic, so it's better if significant penalties just force all companies to not misuse personal data by default.
> the vast majority of people don't have the equipment nor knowledge to be able to test whether the food they just bought isn't contaminated,
Back in the late 1800's and early 1900's food companies actually tried to convince people that this was the right thing, instead of, you know, just selling unadulterated food. The argument was literally "if we just put 'borax' on some sort of ingredients list people can choose for themselves." Women's magazine and cookbooks explained to house wives how to chemically check their food for contaminates (which required a lot of interesting acids) which included fun things like formaldehyde and liquified cows brains (to simulate "cream" on top of really water-downed milk).
Just to be clear, this only helped the companies and in certain circles ~1850-1906 (when the pure food act was passed) is called "the great stomach ache" because people were essentially eating poisons in every meal.
People are awful at understanding their own risk profiles, especially in the face of advertising.
> People are awful at understanding their own risk profiles, especially in the face of advertising.
Advertising is also regulated, by the government. The same one that regulates what goes inside of food. If the public is vulnerable to manipulation by advertising, the government is also vulnerable to manipulation by lobbying (remember the USDA "food pyramid" that put grains at the bottom due to industry lobbying?). Your argument is inconsistent because it implies that the government is somehow both simultaneously going to allow the public to be deceived by advertising, but correctly regulate the contents of food itself.
Yes, and we also have food labeling laws that require companies to truthfully warn consumers about some mildly-unhealthy things (sugar, trans fats) on the nutrition facts label - but, crucially, these laws do not ban those things.
That's the argument being made - that companies should be able to run on business models that aren't extremely bad (putting yourself into slavery, physical harm) as long as they clearly communicate to consumers exactly what they're doing (which, to be clear, is not happening now - a 30-page privacy policy in legalese with lots of "mays" is nowhere close to the "privacy nutrition label" that we deserve).
> The same can apply for data protection - very few people have the skills and resources to reverse-engineer every single binary they run and inspect network traffic, so it's better if significant penalties just force all companies to not misuse personal data by default.
That's a crazy invalid argument. The fact that very few people can reverse-engineer binaries doesn't actually matter. The government also isn't going to reverse-engineer every binary in existence, nor do they test every single product that is sold for banned substances, because that's not the way that (e.g. food safety) laws work.
The way that food safety laws actually work is that the government says "here are the rules for labelling, and here are a list of things that absolutely cannot go into your product at all" and then may occasionally test for compliance. That's exactly how both (a) labelling (but allowing) and (b) banning sale/(mis)use of personal information would work.
Your (invalid) argument has nothing to do with the argument about whether it's better for companies to not do thing x vs do thing x but clearly warn customers about it, because the enforcement/detection mechanism is exactly the same, whereas you're (falsely) implying that it somehow differs.
> Yes, and we also have food labeling laws that require companies to truthfully warn consumers about some mildly-unhealthy things (sugar, trans fats) on the nutrition facts label - but, crucially, these laws do not ban those things.
The US is pretty big in the war on drugs, so yes they ban things. Moreover they use their military and economic power to pressure others to do the same.
> That's the argument being made - that companies should be able to run on business models that aren't extremely bad (putting yourself into slavery, physical harm) as long as they clearly communicate to consumers exactly what they're doing (which, to be clear, is not happening now - a 30-page privacy policy in legalese with lots of "mays" is nowhere close to the "privacy nutrition label" that we deserve).
So in principle you are agreeing companies should be regulated. You just disagree on the extend.
> > The same can apply for data protection - very few people have the skills and resources to reverse-engineer every single binary they run and inspect network traffic, so it's better if significant penalties just force all companies to not misuse personal data by default.
> That's a crazy invalid argument. The fact that very few people can reverse-engineer binaries doesn't actually matter. The government also isn't going to reverse-engineer every binary in existence, nor do they test every single product that is sold for banned substances, because that's not the way that (e.g. food safety) laws work.
> The way that food safety laws actually work is that the government says "here are the rules for labelling, and here are a list of things that absolutely cannot go into your product at all" and then may occasionally test for compliance. That's exactly how both (a) labelling (but allowing) and (b) banning sale/(mis)use of personal information would work.
> Your (invalid) argument has nothing to do with the argument about whether it's better for companies to not do thing x vs do thing x but clearly warn customers about it, because the enforcement/detection mechanism is exactly the same, whereas you're (falsely) implying that it somehow differs.
I think the main argument is actually not about how easy it is to understand the implications of certain labels, but an argument about power balances. The power imbalance of a single consumer compared to a company like Facebook is immense. Facebook is employing many psychologist to make their product as addictive as possible ( the notion that we are rational beings that are immune to psychological manipulation has long been proven false), moreover even if the overstep some lines, their many lawyers will ensure that as a consumer you still only have a small chance for regress.
Democracy is fundamentally a tool to balance power and that's exactly what is happening in this case, people want Facebook et al to be regulated to balance the power. Admittedly there are problems, i.e. voters are also subject to psychological manipulation, but it's still much better than anything else we have.
>Why shouldn't a consumer be allowed to agree to what you call "extremely invasive spying" in exchange for a free product, if they want to? As long as you're not signing away rights (e.g. you can't agree to sell yourself into slavery) or engaging in physical harm (e.g. food and safety regulations), then what's the moral basis for taking away choice?
Not everybody believes that individual, consumer-level choice is such a sacred cow. Why is a "moral basis" needed to prohibit choices that the broader society deems bad to offer? For example, I would be quite happy to see pyramid schemes regulated out of existence despite the fact that all participants are making reasonably informed choices to join up (certainly, much more well-informed than people who click agree on the Facebook ToS). Hopefully I don't need to offer a "moral basis" on why I think that's a good idea.
The simple answer to this and all consumer regulation related questions is information asymmetry. The service that wants to monetize privacy or other sensitive aspect of customer life is never disclosing information in a way, where customer would easily understand all the consequences. People do not speak Legalese, they do not understand technical details and they generally should not be expected to be experts in T&Cs. For this reason they choose the government that acts on their behalf and levels the playing field by defining the terms that are acceptable to majority.
That. The legislation is not forcing the choice on any consumer, it’s giving them their choice back by forcing Meta to ask the question in clear terms and allow users to clearly tell Meta they are not allowed to spy.
Now, if Meta can’t make a viable business model without denying users the choice, doesn’t that mean that their model is flawed? The thing is, for users to understand what they are choosing, they need to understand their right to privacy and why it matters. It took the EU at least a decade (possibly more) to reach the point where they are starting to apply this legislation.
I think that legislation is the right choice when companies have proven to be repeatedly deceptive and manipulative about what they are actually doing.
If companies are hiding or downplaying what their true business models are, then consumers can not be expected to make an educated or informed choice about which companies to support or use.
When large companies with massive amounts of resources are also using them to spread propaganda, it becomes even harder for people to make informed choices.
"the market" isn't some omnipotent magical force that inherently provides all options.
Given the current status quo, it's pretty clear that "the market" isn't solving this problem. Legislation is needed because "the market" has failed to regulate itself.
"the market" does not work for consumers, it's shaped for and by sellers.
Left to its own devices, capitalism creates conditions that are explicitly harmful to the population. Look at the sheer amount of labor protections we have. "the market" didn't stop employers from enforcing 80 hour work weeks and child labor, and it absolutely would not have without legislation.
Capitalism isn't magic. "the market" doesn't solve problems on its own.
>it's pretty clear that "the market" isn't solving this problem.
Have you considered that it isn't being solved because consumers don't actually mind the extra tracking? All the tracking does is attempt to give them better ads. Better ads provide a better user experience. Personalized ads are a win win for both the company and the user.
> Have you considered that it isn't being solved because consumers don't actually mind the extra tracking?
This is an interesting hypothesis, but there's no evidence for it.
Here's how we can test it: enact regulation requiring companies to disclose what personal information they collect, how they use it, and what third parties they disclose it to, and put that information in an equally prominent place as the price (e.g. "$10/month plus we collect your name, phone number, email address, and mailing address and sell it to 16 third-parties[link to list] for advertising purposes).
Then we'll see how many people are willing to pay for services with their data.
Mostly people don't know, and literally can't imagine, how much data there is about them. I accidentally freaked out a friend when they posted a photo on FB and challenged their friends to guess where it was taken, by responding 30 minutes later with a link to the Google street view photo of the same spot.
That said: The personalisation of the adverts is, at least in my case, pretty terrible — FB and Twitter categorised me as being interested in sports I've never watched, languages I've not learned, and politics of countries I've never lived in.
As someone else replied to me here, it's good that they're bad, because bad ads are easier to ignore.
> The personalisation of the adverts is, at least in my case, pretty terrible — FB and Twitter categorised me as being interested in sports I've never watched, languages I've not learned, and politics of countries I've never lived in.
Part of the reason for the push for opaquely-personalised ads could also be because advertising platforms can effectively defraud their advertisers by serving their ads to people who have no interest in them, which would be impossible in a world where people explicitly choose which types/categories of ads they're interested in.
If people don't care, then why is legislation being passed? There is little monetary benefit to a government to unilaterally enact this kind of legislation without public support or legitimate concern for public safety.
Privacy and data mining by corporations is a huge topic of discussion these days. Because the conversation doesn't enter your bubble, it doesn't mean it's not happening. You should look around more, find some diverse news outlets and actually get a sense of public opinion before making claims about it.
>If people don't care, then why is legislation being passed?
Because there is a vocal minority who does care and the media makes the collection of data sound scarier than it really is.
>There is little monetary benefit to a government to unilaterally enact this kind of legislation
Except for all of the fines that you can collect under it?
>get a sense of public opinion before making claims about it.
I have and most people do not care until you start using loaded words that make people think people are actually spying on them and people who can look at their data when in actuality their data is drop in a pond and it is only processed by computers and is never looked at by another human.
> But why do you think legislation should be the one forcing that choice on everyone, rather than the market allowing consumers to choose?
I see a lot of debate about market forces vs regulation. In my view, neither one of them will solve every problem; that's why we have both.
As others have mentioned, an issue with Facebook is that the consent was not informed and explicit.
Another group of related issues, and this is where I think the balance needs to tip to regulation, is the network effect/walled garden/near monopoly: choosing another platform doesn't just require signing up to another business model or UX, it also involves being able to communicate with a different group of people. This is compounded by their takeover of Instagram and WhatsApp.
As Facebook only offers one model (pay for the service by sacrificing personal data) it's an all or none proposition. This might satisfy the US market better than European ones.
It is rational for governments to be defensive of practices which externalize costs onto 3rd parties, and they have to balance it with a number of factors including innovation.
It is easier to understand this with health, as compared to privacy, I think. The meat packing industry used to use substances such as formaldehyde to preserve meat longer. This wasn't transparent to the end customers and the health issues lead to lower productivity of the population as a whole. Soldiers eating this meat lead to lower fighting capabilities and higher illness. The meat packing industry fought against any transparency here knowing that it would hurt their profits. After an enormous amount of advocacy over decades, there was regulation added. There is a balance here - some substances are outright banned and some are just required to be documented on the food. This makes sense, in my opinion, because we can't expect every person to be a food chemist and know what's good and not good. Market makers have relatively large amounts of money to spend to confuse customers with misinformation, if given the option.
Applying this to privacy, the question that governments have to find out is what is fair for end users to be allowed to make a choice on and what is outright harmful such that a rational, informed person wouldn't make that choice. It is a tricky thing to get right and this bill may be overreach, but that is the nature of government and any policy - iteration. But there is always a place for a government to be in the market. Otherwise the market will be dictated by the powerful, not the people. Without perfect information transparency and the ability to interpret that information, there is no such thing as a free market.
> But why do you think legislation should be the one forcing that choice on everyone, rather than the market allowing consumers to choose?
Isn't that the exact point of legislation? Consumers had no choice in the matter, because Meta collected and sold user data even if you had no facebook / instagram account.
> But why do you think legislation should be the one forcing that choice on everyone, rather than the market allowing consumers to choose?
You paint a rosy libertarian picture about choice, but choice is not an inherently good. I don't want to live in a society that allows the use of consumer data to be used adversarially against consumers to defraud and manipulate them. It is good when laws prohibit fundamentally immoral behavior.
You paint a rosy utopian picture about regulation, but regulation is not inherently good. I don't want to live in a society that allows regulation to be used adversarially against business owners to control them and manipulate the market.
> It is good when laws prohibit fundamentally immoral behavior.
Sure, but that's not relevant, because people don't agree on what "fundamentally immoral behavior" is to begin with (for instance - I see nothing wrong with voluntarily trading some of your personal data away for a product, subject to lots of terms and conditions).
However, even if people agreed on what "immoral behavior" was, you couldn't regulate it away, because you don't have the ability to directly affect laws.
Regulation is by definition a very coarse instrument. Regulation is necessary because people are evil. But who puts laws and regulations into place? Also people, who are evil. The very fact that you can have greedy CEOs who destroy the environment for profit means that you also get corrupt regulators who write twisted laws for a bit of extra money. So, regulation is inherently subject to corruption - that's exactly how you get regulatory capture[1].
So, given this fundamental truth about humanity, the only reasonable thing to do is to design a system that acknowledges the truth about corruption and is designed to resist it. In this particular case, that means putting labelling and transparency regulation into place, which is much simpler and harder to corrupt and depends far less heavily on the moral frameworks of individuals.
Your proposal to regulate the market to conform to your personal moral code is highly authoritarian and in denial of a basic truth about human nature.
I am glad that regulation prohibits human trafficking, despite the 'loss of choice' business owners have as a result. Prohibition is never perfect, but there is certainly a lot less human trafficking than if the market was less 'authoritarian'.
In 70 years, I suspect people will view the ad/consumer surveillance industry much like we view the 1950s tobacco industry today.
Your response to my comment is as irrelevant to the original one you posted.
I never said anything about "regulation being inherently bad" or "all regulation should be abolished". I certainly never said or implied anything remotely along the lines of "slavery-adjacent things should be legal".
Please make sure that your comments actually have a connection to the thing you're commenting on before posting them.
Let's also have the market allow consumers to decide how much poison they're willing to consume in their food. After all, consumers will be free to make the choice between poisoned and unadulterated food.
Some people are starving, allowing businesses to bulk their products with poisonous substances will offer much more affordable food to those people. What's the moral basis for taking away that choice?
Except they can't. If a service is only profitable with personalized advertising they aren't allowed to say "if you want to use this service you need to allow us to do personalized advertising".
Which means that in the future if there's a service I might want to use which is in this category and if I don't mind having my data used to personalize my advertising, I don't have a choice: the service won't exist.
That's a bit like saying that motor racing wouldn't be possible without cigarette advertising.
It turns out that banning tobacco advertising did not lead to the end of Formulae 1 and making targeted advertising optional won't lead to end of social media either.
So essentially you want to take choice away from the majority of consumers because it might make certain business models unprofitable and you want that business model for yourself? If that's not what you want then you need to better explain your point because right now it certainly sounds like that.
> you want to take choice away from the majority of consumers
Huh? My worry here is that privacy regulation will reduce the choices available to consumers. If it's legal for some services to offer "pay with ads + fraud detection" and others to offer "pay with your money" we can see what sort of services consumers prefer. In most areas online it turns out its the former. Regulation removes the first option.
> you want that business model for yourself
I'm not interested in running this sort of business; while I used to work in ads I'm not planning to go back. My main perspective here is as someone who uses and enjoys many ad-supported sites (including HN) and doesn't want to see them regulated out of existence or behind paywalls.
You’re straw-manning ads against personalised ads. There’s nothing stopping sites from targeting ads in ways that don’t require the processing of personal information (as your example, HN, already does).
As I wrote in my response to pif above [1] it's pretty likely that the GDPR also requires consent for detecting ad fraud, without which advertising isn't practical on most sites.
I'm on board with governments stepping in over externalities, but if A and B make a deal that includes "B will, in addition to observing A's behavior to implement functionality, use these observations to target ads and detect ad fraud" I don't see how externalities enter into it.
I think the normal reasoning is that services that don’t use data in this fashion can’t compete with those that do. Hence users who don’t want to be tracked have no other options. Whether that bothers you is a personal question.
Edit: I think it’s comparable to something like warranties. Enforcing an automatic 1/2/etc. warranty on products makes certain business models untenable. Do we consider blanket warranties on end products more important or an individuals freedom to forego such a warranty more important? Different societies may reach different conclusions.
Because having something priced as "free" is distorts the market. Consumers don't see immediately the price they pay for the product. There's plenty of experiments with people having to choose between something that is $1 in price difference and when both options are paid, people make a rational choice. However, when one of the options is free and the other cost 1$, a disproportionate amount of people choose the free option. [0]
So yeah, I think legislation should strongly push things away from free - because everything has a cost and it should be visible to end users.
> Because having something priced as "free" is distorts the market.
Only if you consider the "market" to only take price into account - which is a very simplistic model that most people don't adhere to.
You pay for things with your money, time, attention, and personal information. The only problem with the current market is that, while it's extremely easy to see monetary prices (due to effective government regulation, I might add), it's far more difficult (or impossible) to see those other three "prices". Were they equally visible, there would be no problem.
> There's plenty of experiments with people having to choose between something that is $1 in price difference and when both options are paid, people make a rational choice. However, when one of the options is free and the other cost 1$, a disproportionate amount of people choose the free option.
What's happening here is just a "rounding down" of a particular cost to zero, which isn't relevant if the associated cost isn't close to zero. Specifically, if the two options are (1) pay $1 for thing and (2) pay $0 but expose your IP address to the website, the latter option will get rounded down to zero the vast majority of the time because people usually don't care about their IP address being seen. However, if the two option are (1) pay $1 for that thing and (2) pay $0 but give them your real name, mailing address, email address, phone number, and SSN, and the buyer is aware of that upfront, there will not be the same asymmetry, because that private information does not round down to zero.
The correct solution is to regulate transparency such that, alongside the "free" sticker price, consumers see a very clear warning label "you will provide your full name, email address, and phone number, and these will be sold to 17 parties[link] for advertising purposes" - in other words, actually expose the privacy cost as part of the "sticker price" alongside the monetary cost.
>a "free" service in exchange for extremely invasive spying and psychological manipulation
/agreed
Trading trinkets to the natives for land is the most apt analogy I can think of.
In a capitalist society, we should be able to set the price for something that we own. My data is worth way more than the cost to provide the trivial services that Facebook, Gmail, etc provide.
If you think that the price is not worth it, you are free to refuse the transaction. The EU govt here is requiring the counterparty to provide you with the service even if you refuse the transaction.
I think this is like predatory lending laws - you can be forced to give someone a loan at a reasonable price, even if you can convince them to pay way more. The same argument also works for voluntary slavery - I think people have the right to say "even if it's initially consensual, it still seems like an abusive business model that we shouldn't allow"
You aren't forced to give someone a loan at a capped price, you can simply refuse to loan out your money. The government does not compel you to loan, so it is not analogous.
I get the logic of rendering certain voluntary transactions illegal. Child labor (questionably voluntary) & minimum wage laws come to mind. This is distinct because those laws don't require companies to hire people at minimum wage.
Only if part of that transaction involves non-material things such as personal data. If you accept actual payments in money, you are welcome to refuse service to anyone. The solution is easy and straightforward.
I agree that if anytime anyone came up with a business model you banned it, that would produce more innovation in business models. But you also wouldn’t get any of the products because you’ve banned all of them. So it seems like a bad way to run an economic bloc.
The EU in particular doesn’t even know what they’re doing and none of their poorly drafted “blue is green now because I said so” laws even work. You just get cookie banners everywhere.
The value you get from Facebook is the ads are relevant, rather than all being for cars you’re not going to buy. They don’t “use your data” to “make money”. They show you ads and you click on them.
Cookie banners are only necessary when using cookies that are not technically necessary, i.e. for spying.
Also, most cookie banners are designed to nag you into clicking "yes, track me". Refusing the tracking is often more difficult than accepting it, which is illegal.
The cookie banners are a result of bad/non-existent enforcement. The GDPR actually makes 90% of them illegal. Enforcement appears to be slowly ramping up.
> The value you get from Facebook is the ads are relevant
If this was true, this ruling would be a nothingburger because everyone would voluntarily opt into the targeted advertising so they can get all that "value" you're speaking of.
In reality though the value people get from Facebook is being able to keep in touch with their friends or content that interests them. The ads are just pollution. I think we used to call this "spam" in the past. The ruling now at least allows people to deny spammers usage of their personal data for the purposes of targeting said spam.
> The cookie banners are a result of bad/non-existent enforcement.
Unintended results are part of writing the laws. So is writing a law that phone ports must be USBC and forgetting about wireless charging standards. When the DMA starts enforcement and makes it impossible to block messaging spam because all messengers have to trust each other, that’ll be part of it too.
> If this was true, this ruling would be a nothingburger because everyone would voluntarily opt into the targeted advertising so they can get all that "value" you're speaking of.
No, not all markets clear. If you get a smaller market because not everyone opts in there’s just going to be less stuff in it.
(And I actually think Instagram’s ads are more interesting than, say, my family members who’ve decided to become influencers.)
Out here Starbucks still has a bunch of tables with some kind of wireless charging ring that isn’t Qi.
But more importantly, “phones must have a USBC port if they have a port” doesn’t implement “phones must charge from a USBC charger” and so users could go out and buy portless phones and discover they still have to carry around a charger, the problem you were supposedly solving.
> Out here Starbucks still has a bunch of tables with some kind of wireless charging ring that isn’t Qi.
Qi won, though. Nobody is deploying new non-qi powermat, and supposedly there are firmware updates to make those compatible.
> But more importantly, “phones must have a USBC port if they have a port” doesn’t implement “phones must charge from a USBC charger” and so users could go out and buy portless phones and discover they still have to carry around a charger, the problem you were supposedly solving.
Buying and keeping a phone with no charging port is a very intentional act and I'm not overly worried about that.
And it's still much better to have two ways to charge, one wired and one wireless, than to have three.
> The cookie banners are a result of bad/non-existent enforcement.
That is part of the regulation. If you are unwilling to consistently and correctly enforce the regulations that you're proposing, that results in selective enforcement and is bad regulation.
> To be honest, good riddance. If it is no longer possible to offer users a "free" service in exchange for extremely invasive spying and psychological manipulation
Is it right that a tiny but loud minority be able to ban these ad-supported services for all of society? Going by revealed preferences, most people don't consider targeting advertising to be "spying and psychological manipulation". If they did, usage patters would differ.
How does this reconcile with the vast majority of people clicking “ask app not to track” when given the option? Revealed preferences can’t distinguish between things people don’t know about.
Like imagine running an experiment where in option A you get $20, and in option B you get $10. Everyone picks option A, and then the experimenter punches them all in the face because buried 50 pages into the fine print filed in the basement you didn’t know existed, it says that’s part of option A. It would be absurd to then claim “revealed preferences show that people are willing to get punched in the face for $10.”
Regardless, Meta is still allowed to do this, they just have to ask for consent now. So informed preferences will be revealed soon.
Most people don't consider anything that would save them a buck to be a problem, even if the net impact on society is awful. Government exists to look at that bigger picture.
The fact is that the vast majority people have no idea they’re giving companies vast amount of data that’s used to manipulate them. Thousands of A/B tests meant to trigger just the right psychological response to optimize impulse buying drop-shipped Aliexpress junk at 800% markup.
Usage patterns can't differ if the service is effectively a requirement to participate in modern society regardless of whether you personally agree to the tracking or not.
> Going by revealed preferences, most people don't consider targeting advertising to be "spying and psychological manipulation". If they did, usage patters would differ.
By this logic most people don't actually believe cigarettes are harmful, if they did then usage patterns would differ
Facebook are NOT banned from providing ad-supported services and it's disingenuous to suggest otherwise.
Facebook are not even banned from using user surveillance for targeted ads.
All Facebook/Meta are banned from doing is making surveillance a condition of using the site. The user can still opt-in to being tracked if they think it's useful and Facebook can still show ads in any case.
While I agree with the decisions, I must point that elected officials are far from being representatives for the people for a long time; in many countries they are just puppets for their political parties and elections are a choice between all bad options.
Just because we somehow ended up in a situation where spyware got effectively decriminalised doesn't mean it's a good situation especially in the long-term.
If nobody is willing to pay for your product, maybe it shouldn't exist?
Spyware? This is about logging activity of users on the same app that you built, not tracking them across the internet.
Writing down what someone does while interacting with your own business was never "criminalized" to begin with.
Businesses do pay for this product.
Unilaterally making tech products illegal after backlash in the media is precisely why capital is deallocated from Europe to other places with less reactive regulatory environments and leaves the people in those countries poorer than they would have been, less able to afford vacations with their family, higher quality housing, air conditioning, appropriate medical care. These effects all spill over to every day life in Europe.
That's not what this case was about, though. It's about whether FB is allowed to log your behavior on their properties and use that to choose which ads to show you.
Right, and maybe that should not be permissible but this decision is about on-site personalization based on stuff like the interests you enter into Facebook yourself.
One can agree with the measure and disagree with its deployment. Here, a quasi-judicial body with opaquely-appointed members created a rule ex post facto. It’s a good opinion. But that sort of unpredictability obviously has a cost. (Agencies in America face similar criticism.)
I guess I don't understand the unpredictability argument. Everything that I've read since GDPR passed 4+ years ago has predicted that Facebook's data harvesting would be illegal. It was a very straightforward and predictable consequence of the law.
> Everything that I've read since GDPR passed 4+ years ago has predicted that Facebook's data harvesting would be illegal
The Irish DPA disagreed. We can write that off as biased, but that’s sort of the point. Each member DPA has its pet biases, and predicting how they’ll act and how those actions amalgamate at the EDPS is nontrivial. That’s a cost of doing business in Europe that derived from GDPR’s bureaucratic design, not from its regulatory aims.
If I am understanding this correctly, GDPR means that you must legally accept free riders, ie. you cannot deny service if they don't want it.
Mandating companies to serve users who provide no value at all is an example of the regulatory requirements that spill down to hurting regular consumers and workers in Europe. You can see this across all sorts of fields, youth unemployment in Europe (for example) is a mess.
I don't think you're understanding it correctly, Meta is still free to serve normal contextual ads to all users so they can make money. There are many other sustainable business models they could try out if they aren't able to get their customers to pay for that sort of ad. They are not mandated to provide any kind of service to anyone.
> Given that what is shown on the feed is also personalized, the "contextual ads" still allowed bit makes no sense to me.
This is where the line between contextual and behavioural is blurry. In theory, behavioural == who I am, and contextual == where I am/what I am reading.
Shortly after the Cambridge Analytica scandal, we started getting companies selling "ethical" contextual targeting SDKs. The issue was that the "context" was a result of a ML model running on your device and using your location, accelerometer, magnetometer readings (etc...) to define a real-time profile of the user, e.g. "exercising at the <gym name>", "they're having coffee at <restaurant name>".
Courts so far seem to mostly have decided that if you are clear and upfront, you can offer "track me" and "I’ll pay you not to track me" as the two options. Very common in Germany.
> If I am understanding this correctly, GDPR means that you must legally accept free riders, ie. you cannot deny service if they don't want it.
That is more or less correct, although some newspapers in Europe are taking the gamble on that and there might be grounds for a middle-ground decision and amendment of the GDPR down the line.
> who provide no value at all
Disagreed, those users still provide value - not only can you still advertise to them based on public information (and users put out a lot of it by liking/following certain content) but they still strengthen the network effect of the product.
If we compare it to a store, I'm OK with minimal tracking, eg security cameras, but I'm not OK with keeping the recordings forever or tracking my individual behavior (which is already happening).
Can Meta cover its operational costs without personalized ads? Re: its ability to exist. Or is the issue that it’s unpalatable to wall st and investors and advertisers without ad personalization driven growth
The thing is, if Facebook fails to deliver ad revenue growth, the investors will move to extract value and disinvest from the company, which will kill it. All of the major tech giants were sold to Wall St. as a monopolization play - i.e. you are buying into the company that will own the future. If that turns out to not be the case and Facebook is merely a chat and blogging service, then why not move your money to more lucrative places?
Of course, there are some interesting complications to this. Mark Zuckerberg specifically structured Facebook so that he would have majority control over the company. The other shareholders are just along for the ride. He can't make radical changes in the ownership structure without minority shareholder consensus, but that's not that meaningful since Zuckerberg is already running what is effectively a privately-owned company on shareholder money.
Compare this to Twitter, which did a 180 on Musk's buyout offer so quickly that Musk spent months trying to fruitlessly wriggle his way out of the deal. They did not have a concentrated ownership structure, so the alternative would have been a slow shutdown or pivot away from microblogging. Instead we get to see a rich playboy destroy the company in real time.
The continued viability of the underlying business is probably not in question yet. Advertising existed before tracking, after all; and text and images are cheap to distribute. But there are other headwinds that could absolutely devastate these businesses:
- If CDA 230, DMCA 512, or equivalent regulations abroad were to be altered to favor copyright owners and creators over platforms, then that would massively increase moderation costs. Part of the reason why text and images are cheap to distribute at scale is because the platform does not have to account for copyright liability over billions of posts.
- Noncopyright censorship[0] laws (i.e. EU TERREG) impose similar costs and risks onto these businesses.
- The US might start enforcing their antitrust laws again, and if that does happen then Facebook is particularly vulnerable since their acquisition strategy was buying up all their competition.
[0] My personal opinion is that violence is not speech. However, there is enough of a risk of misidentification at scale that I'm fine using the word "censorship" here.
The profiles and text communication, yes absolutely. That has been a solved problem on much less powerful & more expensive hardware than what we have now.
Media might be a bit of an issue, but maybe less so if the lack of ad revenue means there is no incentive for publishers to pump out infinite quantities of low-quality media-heavy content.
No idea if they can, but there are better ways to deliver personalized ads without spying on users; for example I am interested in some areas (motorcycles, home improvement/DYI, indie music) and not at all in others (fashion, clothing and perfumes).
I am no Meta user at all, but if I would be then I would love to set my ads preferences and get only adds that have value to me and to the companies paying for these ads and get right of the ones I never act on. That brings a lot of value for all parties.
I'd be more than happy to pay for HN, but I think it's a very bad example as it's not funded by any kind of ads/tracking (not directly at the very least).
The entire site is one giant ad for YC. The only difference is that HN has achieved an extremely effective content marketing strategy so tracking isn't needed.
It keeps a permanent list of your votes, comments, and submissions. It maintains your social credit score ("karma"). HN is absolutely tracking the hell out of you.
Advertisers aren't altruistic and don't voluntarily subsidise poor people's access; advertisers want to target people with money.
Poor people being able to "freeload" is a side effect of imperfect ad targeting - if advertisers could reliably identify someone's financial standing without hurting conversion rates they'd absolutely do so and deny access to poor people.
If nothing gets done against ad targeting and non-consensual data collection & processing it's likely that there will be a point that poor people will lose access to ad-supported content (despite said content being free to someone much richer).
> Advertisers aren't altruistic and don't voluntarily subsidise poor people's access; advertisers want to target people with money.
Yes and no, since at the same time _almost everyone can be monetised_, just at a lower CPM. Everyone, almost everyone has _some_ money they could spend on useless crap. The goal of advertising is not to inform (or "connect people with the brands they love") but to create a need. This is not much different from poor people spending money on lotteries or in-app purchases in shitty mobile games.
Yes, but if you can accurately predict the CPM ahead of time (without hurting conversion rates for high-CPM users), you could deny service to those users whose CPM wouldn't cover costs or required profit margins.
Of course, in reality the marginal cost of serving any given user is near-zero so ad-supported services are happy to serve just about anyone. That's why they'd survive just as well in an ad-less world as long as some minority of users is willing to pay.
China's social credit score is the future GDPR is working to prevent.
It's actually a bit worse for poor people; they don't get ignored by advertisers and instead are directly targeted for highly abusive lending practices (payday loans, rent to own, outright scams relying on desperation). There's an advertiser for every market segment.
EDIT: I know the economic arguments for high interest loans, but the fact is that they trap poor people in a cycle of poverty. It's no good pointing out that people's long-term economic prospects are quantifiably terrible without using that as an argument for effective regulation and social safety nets to break the cycle.
> China's social credit score is the future GDPR is working to prevent.
A government regulation can’t work to prevent another government regulation. Especially not in a parliamentary system that can change its own constitution.
(Or just ignore its constitution like China does.)
> Just because we somehow ended up in a situation where spyware got effectively decriminalised doesn't mean it's a good situation especially in the long-term.
Spyware is just newspeak for “I feel immune from being prosecuted under the computer fraud and abuse act and the senator I paid for agrees”
Child labor laws and minimum wage also made some revenue models untenable, and the world is better off for it. I want to live in a world where businesses can profit without having to spy on people. This is a good step in that direction.
I think their point wasn't the regulations, but the unpredictability of those regulations. It's hard to start a business if you're worried the rug will be pulled out from under you at some point in the future.
The EU regulators have been remarkably consistent in their rulings. The GDPR is quite clear that tracking for advertising purposes requires explicit consent and an opt-out. Meta's case has always been relying on a very generous interpretation of the 'contractual necessity' clause of article 6.
The only source of unpredictability is the apparent collaboration between the Irish regulator and Meta - this is the 4th time in a row they've been overruled. Much like our overruled tax arrangements we're apparently bending over backwards to keep tech multinationals happy for as long as possible.
The GDPR is only unpredictable if your business model is at best in a grey area with regards to it. The spirit of the law is actually very clear, and should your business model be compatible with it, you will be fine.
It isn't Europe's fault that the tech industry's only business model for the past decade has been about misusing personal data in ways people didn't expect or consent to (otherwise GDPR would not be a problem again since people will willingly opt-in).
Aggregate all the harms ever suffered by everyone in all of history from all kinds of ad tracking, and the total harm will be less than a single child laboring a single day on a single thing.
Besides, the EU isn’t like, banning clothing imports, which have all sorts of EU illegal stuff in their supply chains, because those are EU businesses.
Obviously people agree in principle that there are socially bad business models. I don’t think child labor and ad tracking are remotely comparable. Where do you draw the line? The honest answer is, whatever you get stylized-outraged about, because you have limited intellectual bandwidth and your job isn’t to figure shit out like this.
Spy on people? If you like a post on Instagram it is core to their service that they log that information. If they didn't, the app wouldn't work very well.
That’s my understanding as well. Point 4 being the key factor. They would have to ask, and give a clear yes/no option, on whether the user wants ads to be personalized based on their previous activity on the app (which posts they have liked, how many seconds they spent looking at posts, etc.) Otherwise, the ads would be based solely on the context that they are displayed in. Which seems perfectly fine to me.
Why do you participate in discussion about the GDPR when you clearly know nothing about it? Of course a "like" or any kind of data that is core to the service doesn't infringe the GDPR. The illegal part is about processing or forwarding personal data of users to third parties, when users haven't agreed to that aspect of the "service".
You usually see the distinction between "functional" and "advertising" cookies in those annoying banners, where you of course can't disable the former as that data is core to the functionality of the website. And guess what, if you don't do any shady stuff with user data you don't even need to display any banner (the banner is for getting explicit permission from the user to potentially do shady stuff).
If you work in a European company that has a web presence and/or collects data, you should be familiar with what is/isn't personal data by now.
I don't blame Americans or others for not knowing this, but the amount of bad takes about the GDPR by Silicon Valley people in particular is so ridiculous. Every single comment section about a GDPR topic on HN has a bunch of Americans talking about how Europe is some backwards, regulatory hellhole, always talking from a position of total ignorance.
> you should be familiar with what is/isn't personal data by now
Again, I hear this sort of thing all the time. Then you ask lawyers and lobbyists and get a host of opinions, many of which stick depending on which DPA one approaches or complains to. As a competitive stick, it’s dangerously dynamic.
+1 and what the GP is stating is not how any multinational I work with considers GDPR compliance. Properly managing "likes" and other member activity are absolutely key to compliance.
> managing "likes" and other member activity are absolutely key to compliance
As is keeping an eye on competitors, particularly lightly-capitalised ones, and noting when they stray into grey areas. Bonus points if you can get multiple DPAs to issue simultaneous requests in obscure languages.
Being roughly familiar with GDPR, I would be reasonably certain that you could keep a like as long as the identity it's attached to is deleted. Much in the same way as you may see reddit posts that just show a [deleted] user.
>Europe that keeps them from being a hotbed of technological innovation [...] across a wide swath of sectors including healthcare and tech.
In some cases it's OK and frankly preferable to prevent "technological innovation" that comes from the US. I recently signed up with a new healthcare provider that wanted me to use their portal, but buried in the signup agreement was text that said you agree that if your data is shared with a third party from this portal it no longer enjoys HIPAA protection and may be used for any purpose. Yeah, fuck that.
I consider healthcare information highly sensitive and see zero upside to handing off any hope of privacy so some middleman can make a couple of bucks reselling my data. That specific kind of "technological innovation" needs to be legislated away - if my data enjoys HIPAA protection it needs to be tainted such that it may never leave the HIPAA ecosystem, and no one should be able to gatekeep my access to healthcare by insisting I give up my right to privacy.
Problem is that bringing on a lawsuit (especially against a large company) is difficult, so maybe laws such as the GDPR that forbid everyone from misusing personal data are better, instead of forcing citizens to spend time & money getting their own justice.
Good riddance. If technological innovation is defined by abusive power, privacy invading, data hoarding/sharing/analysis, then I'm just fine living in the stone ages where this is not possible. If technological innovation is creating software that makes things more efficient without tracking the habits of its users, then I'm all for it. You can have the latter without the former. It is possible. We just need people with morals and scruples and not money hungry assholes that will do whatever they can to turn a buck regardless of the end results.
In this case “whatever they can to turn a buck” = “showing you ads targeted to 20 year old males because you said in your profile that you’re a 20 year old male”.
what profile? i don't use said platform, but they still hoard data about me anyways. so fuck 'em if they get barred from doing shady shit. and yes, i feel that all of the cursing is mandatory because being nice has gotten us fuck all for protections from these leeches.
> Feel free to downvote if you feel, as per HN guidelines, that I am not contributing to the discussion.
I feel it doesn't, as it doesn't even try to present any sort of nuanced argument, it's really just nationalistic flame-bait.
It's one thing to express the opinion that one worries that excessive regulation might mean a competitive disadvantage in the long run. It's quite another to accuse the whole continent of Europe to be "free-loaders" just because some (paywalled) opinion piece in the Economist wrote it, or to accuse it of making its people poorer.
Free-rider (not loader!) has an economic meaning. It is easy to attack a post when you put words in peoples' mouths.
The EU shares common regulatory characteristics as well as a common capital market often. Comparing the two systems is not "nationalistic flamebait" and I find it sort of absurd to suggest so.
Different economic systems have an impact on people's well being. I didn't realize it was verboten to suggest so.
re: paywalls, I agree they are annoying (ironic that given the subject matter of the post they will likely become much more common), but you can use archive.is
You're not doing "a comparison between different economic systems" in the sense of wanting to compare trade-offs. The picture you're painting is so one-dimensional that it's no basis for discussion. It's just a rallying point for people to argue whether Europe sucks or the US sucks.
> It is the lack of a predictable regulatory landscape in Europe that keeps them from being a hotbed of technological innovation
The EU recognizes the processing of personal data as a fundamental right.
That limits a certain kind of technological innovation, namely that which is in violation of that right.
> This decision, as I understand it, renders large swathes of tech service revenue models untenable.
Too bad for them, but so what? Now they can no longer label me and sell those labels of me to others, with no way of recourse to me if they get those labels wrong.
Complaining about this is a bit like Big Tobacco complaining they can no longer sell cigarettes to kids. Yeah, that's the point.
> requires continuous free-riding off of the US across a wide swath of sectors including healthcare and tech
There's an element of that. However as this ruling shows (and some of us already realise) the opposite is true too. By illegally profiting off EU data and people, and siphoning all those profits away from the member states, these companies are actually free-riding off the EU population and economy.
Hopefully these revenue models really do become untenable. Maybe then they'll be replaced with more honest business models. Which, incidentally, can include opting in to ads based on personal data if that is what people knowingly choose.
Edit: re the lack of a predictable regulatory landscape in Europe:
This has been shared law for four years across the EU (which I agree is not Europe but the EU is the subject of TFA). It was also heavily trailered prior to that. Or, in simpler terms, it was predictable. And Meta knew this, which was why they tried to override the law with contractual terms.
> Maybe then they'll be replaced with more honest business models. Which, incidentally, can include opting in to ads based on personal data if that is what people knowingly choose.
The GDPR requires that consent to use of personal data for other purposes must not affect the user experience for the main product. Therefore, the company must offer the main product without reference to any opting in to personalised ads. This effectively sets the monetary value of opting in to zero at the user/company interface.
An organisation could try and fund their operation through opt-ins, because the monetary value of opt-ins is still positive at the advertiser/company interface. However that fact encourages the company to use nefarious tactics on the users, which is clearly what has happened in this particular case. I'd like to see this incentive die, but I think that all the time this valuation remains positive there will be companies that try it on.
I get frustrated at the number of apps and web sites that place opt-in as a paywall to access. It's outrageously and explicitly illegal, but enforcement is lacking.
> It is the lack of a predictable regulatory landscape in Europe
I disagree that it is unpredictable. It is predictably a bit more pro-citizen/consumer than the USA. That should not be surprising to anyone at this point.
It's predictable. General Data Protection Regulation (GDPR) was signed into law in mid-2016 and came into effect in mid-2018.
That is two years to designate data controllers, processors, and a data protection officer, to ask for the customer's permission to collect personally identifiable data and implement secure storage.
I was working on a SaaS where personal data was the main kind of data we stored. It took two sprints and two audits to achieve GDPR compliance. It is now 2023, and Meta is still not compliant. No one can explain this away with "unpredictable".
> lack of a predictable regulatory landscape in Europe
It is predictable though, and has been clear for ten years. They are on the side of users privacy and clearly against invasive tracking and particularly profiling.
Nothing has changed, these companies have been given ample warning, they didn't change or tried to skirt the issue and now they are facing fines.
You're implying the EU is this privacy guardian fighting these evil American tech companies. Except it was the EU who mandated data retention laws, the EU who banned prepaid cards over 150 euros, the EU who mandated countries release a public registry of who owns everything, and a substantial number of member states have mandatory key disclosure and SIM card registration laws. I don't really get the impression the EU cares about privacy all that much -- this ruling doesn't even ban targeted advertising, it just requires another popup that most of users will say yes to. To me this looks like a shakedown, especially when you consider that most of the tech regulations they pass have language that makes them almost exclusively apply to American companies (some only apply to companies with more than 50 million users etc).
>You're implying the EU is this privacy guardian fighting these evil American tech companies. Except it was the EU who mandated data retention laws, the EU who banned prepaid cards over 150 euros, the EU who mandated countries release a public registry of who owns everything, and a substantial number of member states have mandatory key disclosure and SIM card registration laws.
Thinking this black and white can't apply consistently to an organization as big as the EU. The problems you listed are indeed bad and need solving. But they can do good every once in a while too.
And I'm mainly an Eurosceptic outside of tech issues mind you.
EU-based governments are at least honest about their intent of spying on their citizens, where the collection & processing of said data is at least subject to due process and can potentially be challenged in court.
The US would rather outsource it to the private sector so while the end-result is the same (the government can buy the data off the open market or request it via an NSL) they don't even have to pay for building/maintaining the surveillance systems as the adtech/analytics/marketing industry is happy to do it for them for free.
So yeah, EU's government spying efforts are a major problem but let's not pretend the US is any better in that regard.
> this ruling doesn't even ban targeted advertising, it just requires another popup that most of users will say yes to.
90% of the cookie popups you see out there are in breach of the regulation and only remain because enforcement has been severely lacking. A properly implemented popup, how Apple has done with their App Tracking Transparency (like the one that the GDPR would force Facebook to implement) has an acceptance rate of just 4%.
>EU-based governments are at least honest about their intent of spying on their citizens, where the collection & processing of said data is at least subject to due process and can potentially be challenged in court.
Not really. It can be challenged in court in that anything can be challenged in court. There's no real due process.
Thats not true. Ads are a race to the bottom (bottom being complete loss of privacy for optimizing sales). There is no one losing (not literally, but thats a s separate discussion) if the adds are "less" personalized. The industry will just settle to a less "optimized" outcome. Prime example: Newspapers were perfectly able to fund themselves with manually selling their inventory according to their reader groups before "the internet".
Keep in mind that "innovation" is a codeword for "finding someone else's value and taking it for ourselves". The entire business model of platform capitalism today is "Someone Elses Content"; the ad business today is "Someone Elses Data". Nothing here is actually innovative, it's just stolen.
The actual tech service revenue model is not untenable under GDPR. You just can't sign away people's GDPR rights by burying a clause deep within a 100 page EULA, and you can't refuse service to people who don't opt-in to ad tracking. This doesn't mean that they can't be advertised to; far from it. Advertising existed before tracking and will survive it.
In fact, most of the reason why advertising is less lucrative today is because of tracker-driven remarketing. This shifted revenue away from publishers and towards platforms, because platforms could just sell your audience out from under you. Why buy ads on the NY Times when you could just buy "people who visited nytimes.com in the last 14 days" for a fraction of the price?
My gut feeling is that legally limiting tracking is actually going to make advertising a more healthy business by taking out the power of the intermediaries that control this ad data.
Also because people are more conscious about their privacy and politics are put in place to protect European citizen from corporation. Its far from perfect but probably better than other places.
California’s regulatory landscape is similarly unpredictable but what do you know, the opposite situation occurs regarding innovation. Maybe its not the regulatory environment after all…
I think you're contributing to the discussion, but I strongly disagree with you.
In this case, according to the linked article, it seems to me like meta tried to rules-lawyer their way around the GDPR, and got told no, the words "contract" and "consent" mean exactly what they usually do. If you're testing the boundaries of a law for your own benefit, sometimes you get told you've overstepped it, that's life - not an unpredictable regulatory environment. The spirit of the GDPR doesn't seem that unpredictable to me: you MUST get users consent before doing certain things, and they MUST be able to say no.
As far as I can tell, the "contract basis" exemption was meant for things like, if you order a physical product online then the retailer is allowed to pass your address on to the shipping company. Not for "by opening this app you agree to the following terms ...".
(There are indeed edge cases, such as advertising your service as "5 EUR/month but we'll give it for free if you agree to personalised ads" when you expect that most of your users will go for the "free" one. But that's not what meta did here. If your tagline is "It's free and always will be" you're stuck on this one.)
I think it's quite a leap from not being allowed to track people for advertising purposes as much as you'd like, to Europe "keeping their people poorer". For example, Norway is doing just fine but that's oil not tech; the problems in Greece are bigger than how much their facebook ads are personalised.
I'd take the German healthcare system over the US one any day.
It's specifically and explicitly illegal. You can't distinguish service based on consent, because then your consent is no longer consent, it's extortion.
It's a grey area. It's illegal under the GDPR, but some newspapers in Europe are taking the gamble and seem to be getting away with it for the time being.
I'm not sure if it's been tested in court, but there are certainly newspapers as you say that are doing this - including from quite major publishing houses. Personally I just open their pages in private browsing tabs anyway, if everyone did that it would probably kill the business model (even before we talk about uBlock).
My (non-lawyer) opinion is it's probably illegal if you're making a sham paid tier to justify working around the GDPR, and probably fine if you're a "real" paid product which offers the extra option of paying with data instead of cash. I guess in a court case it would be interesting what percentage of daily active users are on the paid tier.
Really? I think this was extremely predictable. This is implementing the GDPR according to the spirit of the law. That is, to make personal information a liability.
The other shoe was always going to drop.
Any other interpretation including just slapping an "I agree to have my data collected" dialog on top of your product and proceeding as though the law didn't exist has been naively optimistic wishful thinking from adtech's side.
The intent of the law was never to make companies introduce new waivers to their terms of service, or to get websites to have annoying popovers you need to dismiss in order to use them.
> continuous free-riding off of the US in [...] tech
And how much of that tech sector in turn free-rides on European software like Linux, cURL and MariaDB/MySQL?
I don't understand this "free-rider" depiction of Europe, it sounds to me like a delusional and superficial classification. Can someone please explain the rational observations behind it, if any?
> Pharmaceutical breakthroughs are financed by the high prices paid by American patients (and backed by abundant venture capital); government-run health systems in Europe then bulk-buy the same drugs for much less.
If pharma companies did not have expectations for full price to be paid in America, they wouldn't waste their money developing therapies. This effect also applies to pharma companies in Europe that develop for American markets.
In general, I am not in favor of more military spending - but Europe is perceived as relying on the US for security arrangements as well.
A lot of the cutting edge basic research is done in Europe though. Played a significant part in Cas9, for example.
In general, this is just globalization. Different regions specialize in different tasks. You don't see the United States actually manufacturing much of the pharmaceuticals. That's happening off in India or one of its neighbors.
Is any of this not working towards equilibrium in an open free market? I'm talking about products created thanks to private research, since I believe that research done with taxpayers' money should be open and free (even across countries).
This is not an instance of regulation being unpredictable.
A plain reading of the GDPR makes it pretty clear that it is illegal to require consent to data processing for targeted advertising as a condition of using a service. I'm not a lawyer or a GDPR expert, and I knew this.
There is zero chance Facebook didn't know that was both the intent of the law and how courts were ultimately likely to interpret it. They decided it would be profitable to interpret the law in an unreasonable, but semi-plausible way that allowed them to increase their profits. Of course they hope they can convince the courts to accept that interpretation permanently, and I'm sure they've weighed the probability of that against the amount they're likely to be fined.
I went back and forth on downvoting. I rarely ever do and don't think it's appropriate in this case since you certainly, uhm, sparked a lively discussion.
What I would say is you take a, let's say, free-market aligned source, and present what I'm assuming (it's behind a paywall) amounts to an opinion piece and make a bold statement "It is the lack of a predictable regulatory landscape in Europe that keeps them from being a hotbed of technological innovation[...]" as if it's a statement of fact.
I could equally say "It's the lack of a common language spoken by over 300 million people that holds Europe back" or "It's the lack of technical sophistication in the US, a country that still relies on the paper check and has no open banking APIs, that supports a diverse market of companies. For example Plaid could only launch in the US and become a unicorn there because such a questionable business model only makes sense there" if we're in the making statements of opinion sound like immutable facts line of work.
What I will say is that, as an erstwhile European it brings me great joy to see the EU causing so many headaches for international tech companies in the name of consumer protection. Just my opinion.
My comment was meant as a statement of opinion and a discussion-starting-off point, certainly not a statement of fact. Social "science" is incredibly hard, certainly nothing I'm saying is incontrovertible - it's very loosely held if held at all.
The Economist article was meant for associated reading of this strand of thought, not proof of what I am saying.
> What I will say is that, as an erstwhile European it brings me great joy to see the EU causing so many headaches for international tech companies in the name of consumer protection. Just my opinion.
I think [strides in average peoples' well-being] is worth celebrating more so than [schadenfreude and the righteous downfall of the evil]. Nietzsche wrote extensively on the flaws of the latter moral tradition in Europe (again, only offering an opinion).
I lived through the days where politicians, journalists, etc referred to what was "good for the public". I felt the shift to "good for the consumer" as it kicked in and took over, and I hated it both then and now - the change was deliberate and the outcome predictable.
I’ve never understood the argument that it’s the individual people’s data. If you go and run an ad on Facebook you’ll see that the targeting is largely stuff individuals have volunteered. It’s their sex, relationship status, what brands they “follow,” etc.
It would be “my” data if Facebook were digging through my phone, looking at all my photos, and offering targeting based on that. It’s their data if I’m effectively telling them “hey, this is who I am.”
Off-site stuff is more wishy-washy and I think an opt-out there makes sense.
Just because Facebook doesn't offer finer-grained data points to advertisers doesn't mean they don't collect & use them internally. Given their business model, not doing so would be stupid.
I believe they still have a feature called "lookalike audiences" where you can target a certain audience and let FB bring you more of "those" people - "those" being defined by an opaque algorithm fed way more data points that advertisers and even the users themselves are aware of.
What a shame it’d be if we’d put cigarette company jobs first. For their victims, of course, but also for jobs. Think of all those smart, talented, gainfully employed people out there. What a shame it’d be if we’d instead fought to keep them somewhere both their talent and their lives are wasted.
For many industries like these that are heavily driven by development of intellectual property and heavily regulated by the government, nearly all the profit is made in the US market, while selling to the entire rest of the world adds a few % of revenue that by itself would not be enough to justify the investment.
Indeed. As I recall about 80% of pharmaceutical profits are made in the United States, while these same drugs are sold in other countries at much lower negotiated prices.
Is that what the surveillance capitalists call it? Loot and pillage as quick as you can before regulation catches up? These lunatics have had the run of the asylum for over a decade now- it's about time.
Also- that source says nothing about Europe's situation being due to unpredicatable regulation.
> It is the lack of a predictable regulatory landscape in Europe
What are on about? Europe's regulatory landscape is very predictable. GDPR was in the works for several years, and then had a two year grace period after going into effect. How more predictable do you want it to be?
> that keeps them from being a hotbed of technological innovation
Ah yes. Poorer. Remind me what's the rate of medical bankruptcies, people on food stamps and people working two jobs is in the US vs. the EU?
> and requires continuous free-riding off of the US across a wide swath of sectors including healthcare and tech.
Ah yes. "free riding off the US" wat? If you think that cost of healthcare is what your insurance tower of babel is telling you, you need a doze of reality pills (too bad they are too expensive in the US).
The US only spends about 5% of its healthcare spending on actual R&D (~$170-180 billion). While it's more than Europe ($100-110 billion) it's not enough to say that Europe is "free loading"
> This decision, as I understand it, renders large swathes of tech service revenue models untenable.
If your "revenue model" relies on wholesale collection and sale of people's private data, good riddance.
> and requires continuous free-riding off of the US across a wide swath of sectors including healthcare and tech.
Don't forget the military as well
It baffles me why any tech business would bother expanding into the EU when other foreign markets are available elsewhere like South America. At some point cost will outweigh benefit regarding a market that's already shifting into irrelevance
Also, overall, with the lively debate on buying gas from a guy cosplaying Sudetenland while working to dismantle nuclear, tantrums thrown over suggestions by the US that one should fund one's own defense, pillaging of foreign tech companies via the equivalent of a predatory traffic stop while regulating their own out of existence, I am starting to despise EU bureaucracy/governing institutions more and more. They are truly working to make it a dying continent.
Meta see the regulatory situation in the EU and UK as a potentially existential risk. They know what they are doing is bad and lobbying is their number one tactic. They are at the "cigarette company" level of trying to prevent regulation of a business model that is ultimately at risk of being legislated out of existence.
0: https://about.meta.com/media-gallery/executives/