[HN Gopher] Facebook faces 'devastating' EU-to-US data transfer ban
___________________________________________________________________
Facebook faces 'devastating' EU-to-US data transfer ban
Author : underseacables
Score : 215 points
Date : 2021-05-15 02:33 UTC (20 hours ago)
(HTM) web link (aje.io)
(TXT) w3m dump (aje.io)
| rblion wrote:
| The WWW is still in it's adolescence. Facebook empire is the next
| AOL, Yahoo. Mark my words.
| lanstin wrote:
| But Steve Case was not pushing to win 100% he was happy to be
| biggest player with competitors. So AOL was a lot less
| ruthless. Also our revenue model was "fun stuff for people to
| use so they pay a subscription" not "sell peoples intimate data
| to data brokers." But definitely a lesson in how innovation can
| leave an organization. Informally, I blame the influx of MBAs
| and people attracted more to success than to building fun user
| experiences, but of course lobbying from phone and cable to
| block access to the higher speed plumbing which was allowed by
| law for POTS made the business model of subscribe for a good
| experience untenable.
| [deleted]
| marderfarker2 wrote:
| All these problems are already solved by China, by outright
| banning these data leeches a decade ago.
| sterlind wrote:
| ah yes, that great bastion of privacy. and they've had the
| right to be forgotten since June 4, 1989!
| trasz wrote:
| So how exactly the privacy laws in China (if any) compare to
| the privacy laws in the US (if any)?
| lucasnortj wrote:
| only a mad person uses this cancer of an application
| hirundo wrote:
| > The case stems from European Union concerns that United States
| government surveillance may not respect the privacy rights of EU
| citizens
|
| These are valid concerns that I share as a U.S. citizen concerned
| about my own privacy from government surveillance. It's
| appropriate for other countries to share them and to take action.
|
| But is it clear that government surveillance by EU countries is
| more respecting of privacy? It seems to me more like the 5/9/14
| Eyes countries are cooperating on just these kinds of intrusions.
| It isn't clear to me that Facebook data held on European servers
| will be any more secure from intelligence agencies than on U.S.
| servers ... including from U.S. agencies.
| trasz wrote:
| Would you, as an US citizen, be fine with Facebook transferring
| all your data to another country with no control over it?
| pessimizer wrote:
| I'd be more comfortable with that than with my own
| government, that cares what I do and how I vote, having
| access to facebook's data on me. The scariest part of
| European data sitting on US servers for Europeans is that the
| US will have absolutely no regulations keeping them from
| harvesting, slicing, and packaging every bit of it, and
| sending it back to Europe.
|
| Keeping the data from being shipped out is a good step
| (hopefully not just focused on Facebook), but reimportation
| of that data is a laundering process that can render local
| data protections moot.
| jmclnx wrote:
| People using facebook ? They do not care at all about where,
| how and volume of their data. All they want is
| "pointy/clicky" access to numb their minds.
|
| But storing data outside the US, where would US people get
| their pics from should facebook fold, I will loose my best
| and free Backup Servise, the NSA :)
| etrabroline wrote:
| I've seen this argument a lot recently. "If we screw other
| people in a sufficiently convoluted and Rube-Goldbergian
| enough way then it's almost like we're not screwing over
| anyone at all!"
| wrren wrote:
| The difference is that, as an E.U citizen, the governments and
| agencies that might access this data, along with the laws that
| allow for that access, are ultimately accountable to me and my
| fellow citizens. If my data is transferred to the U.S, I have
| no ability to influence how it's used at all, I effectively
| have no rights.
| skinnymuch wrote:
| I'm an average random person. I have zero, even being high
| paranoia, of some other country surveilling me.
|
| But my own country "spying" and surveilling me can be scary.
| They have a lot of power over me. My one voice isn't
| important enough to change any legislation or actions. I
| doubt yours is either. If something unlucky happens with the
| surveillance of you in your country, you're likely out of
| luck. OTOH, nothing happens if Russia or China surveils me
| (common boogeymen of the west)
| dane-pgp wrote:
| > My one voice isn't important enough to change any
| legislation or actions. I doubt yours is either.
|
| It sounds like you're suggesting human rights (such as the
| right to privacy) should only be granted to those who
| really need. Presumably the government would then get to
| decide who really needs each right, and who isn't important
| enough to warrant them.
|
| Also, I think you're forgetting cases where people have
| been spied on and ultimately renditioned or murdered by a
| hostile government while in a third country. Perhaps
| Assange and Khashoggi aren't perfect examples of that, but
| there are plenty of examples of Russian and Chinese
| dissidents who have been killed or threatened while living
| in the West.
| ComodoHacker wrote:
| > I have zero, even being high paranoia, of some other
| country surveilling me
|
| Right until the point of some weird twist in geopolitics
| and oops, that other country is sharing all it had on you
| with your home country.
|
| It's like Microsoft buying Skype or Facebook buying
| WhatsApp, but you can't opt out and delete your account.
| rich_sasha wrote:
| I can't see why it would be devastating in practice. Why can't
| the servers that deduce every little thing about the users be
| also based in EU?
|
| If I want a worldwide ad (is that even a thing?) for left-leaning
| horse owners between ages of 20-27.5 with a child and at least 2
| partners, can't that be dished out from an EU server for EU
| users?
| tchalla wrote:
| > I can't see why it would be devastating in practice. Why
| can't the servers that deduce every little thing about the
| users be also based in EU?
|
| It's devastating to their "cost of doing business" not "conduct
| of business".
| rbinv wrote:
| >If I want a worldwide ad (is that even a thing?)
|
| With regards to targeting: yes, you can target any country (and
| all of them).
|
| With regards to reach: yes, because you'll reach the user on
| pretty much any site/app with ads, so it's virtually "running
| worldwide" (from the user's point of view).
| Iv wrote:
| In some countries like France they will have to comply with the
| local laws that restrict strongly non-anonymous listing of
| persons and basically bans some criterion like race or religion
| (bad memories from WWII). I suspect their algorithms can't
| offer the guarantees asked by the law for personal data.
| twobitshifter wrote:
| I, an American, have a friend in France, where is our
| friendship stored? I send a message to my friend in France they
| send me one back, where are these two messages stored? We have
| a photo taken while traveling together in Belgium with 2 other
| Americans, what server? I could see this being a problem only
| effectively solved by a separate EU and US Facebook.
|
| It is not clear what data they are worried about transmission
| of, but each type seems to need special consideration. You
| mention ad-targeting data, but most data collected by Facebook
| useful to the surveillance agencies Ireland is worried about
| are more personal than that.
| mrighele wrote:
| An "easy" solution would be for FB to lobby for the USA to
| adopt privacy laws similar to those in Europe. Then maybe the
| data transfer ban could be lifted (somehow I suspect that
| will not be the case)
| [deleted]
| martin8412 wrote:
| The US would have to agree that data on EU citizens is not
| theirs to snoop in. They would also have to trust that the
| US would actually honor that, and I think most will agree
| that the EU can't trust the US on that.
| galgalesh wrote:
| In case it wasn't clear; this was the exact issue. The EU
| decided that current US legislation makes it impossible
| for Facebook to ensure the US government will respect the
| privacy of EU residents.
|
| Search "privacy shield invalidated" for more info.
| trasz wrote:
| I suspect cases like this are a tiny minority. You could
| handle them by falling back to the current way of doing this,
| ie US servers, and still protect the vast majority of data
| that's not related to US citizens.
| pjc50 wrote:
| A tiny minority of Facebook users is millions of people.
| Lots of people have international family and friends. A
| fallback approach is infeasible for legal requirements,
| unless it's there for appealing the fine to a lower value.
|
| The question is potentially very difficult, and could only
| be resolved by constructive engagement with the party
| making the rules.
|
| Don't forget what happens when people travel.
| trasz wrote:
| The question can be solved trivially easily by just using
| a big-hammer approach of banning any transfer of personal
| information to US, period. There are no reasons for
| allowing the transfer to happen, other than making it
| easier for Facebook to make money. FB would implement it
| by only storing interactions involving any EU nationals
| in EU.
|
| We do want to make it easier for Facebook for political
| reasons, though, and it's still not particularly hard:
| just declare that only the data/conversations involving
| US citizens can be stored on US servers.
| bryan_w wrote:
| Are you saying that an American shouldn't be able to pull
| up the profile of an EU user? Seems a bit extreme.
| trasz wrote:
| Of course not; the data would come from FB's EU servers.
| The "transfer" above applies to where the data is stored,
| not where it can be accessed from. From the users point
| of view the only change would be... nothing; the latency
| is already at the point where it wouldn't incur any
| observable penalty.
| peoplefromibiza wrote:
| many more people have friends and family in the US, but
| are not allowed to enter the country freely.
|
| Borders are heavily controlled by USA, why shouldn't
| other countries to the same?
| messe wrote:
| > I suspect cases like this are a tiny minority.
|
| Knowing people in other countries is a tiny minority? Maybe
| in the US, given its size, but it's pretty widespread and
| normal in Europe.
| stingraycharles wrote:
| I think you'd be surprised that HN is not representative
| for the general population, and that talking with people
| from another continent over WhatsApp is, in fact, an
| exception and not the rule.
| peoplefromibiza wrote:
| > Knowing people in other countries is a tiny minority?
|
| Absolutely yes.
|
| Especially across two continents.
|
| Europeans who have friends from Europe would all be in
| Europe anyway.
|
| Europe is larger than US btw, it has two times the
| population.
|
| Russia+Turkey+Germany alone account for 95% of the
| population of the United States.
| jltsiren wrote:
| I would assume that most Europeans know people living on
| another continent, or at least people who have lived
| there in the recent past. There are plenty of careers and
| hobbies where you make international connections, plenty
| of jobs that require you to live somewhere else for a
| while, and plenty of people looking for opportunities
| elsewhere.
|
| Globally, around 1 person in 30 lives outside their
| country of origin, so knowing people in other countries
| should be common.
| peoplefromibiza wrote:
| > I would assume that most Europeans know people living
| on another continent
|
| Not most, just some.
|
| 1 out of 30 is a bit more than 3% and many of those have
| family connections, they are not strangers living abroad,
| they are - for example - Italians living in Canada.
|
| EU citizens whose data should be kept in EU.
| davidgay wrote:
| And then said person acquires triple citizenship via
| naturalisation and marriage, and moves to a fourth
| country. Does your principle still apply? What happens if
| those other three countries have similar rules?
| trasz wrote:
| If other countries had similar rules for protecting
| personal information, the problem wouldn't exist in the
| first place.
| usrnm wrote:
| > Russia+Turkey+Germany
|
| I believe, in the context of this proposed ban "Europe"
| means "the EU", not geographical Europe. So both Russia
| and Turkey don't count.
| anticensor wrote:
| Russia and Turkey have something like GDPR minus a few
| clauses plus national scope instead of EU scope. Data
| portability agreements between those would be pretty
| straightforward.
| [deleted]
| DeusExMachina wrote:
| I don't think it is.
|
| I belong to a group that has several connections in
| countries all around Europe due to frequent traveling to
| dance events. Most of these people post on Facebook in
| their own language and attend local events.
|
| Outside of this bubble, things are very different. The
| majority of people never move from where they are born,
| speak poor English and never travel.
|
| While the people with international connections are
| surely a relevant amount, and even adding expats that
| keep contact with friends and family, it's the group with
| not international connections that I would define as
| "widespread" and "normal".
| dylan604 wrote:
| We're not talking about storing/transferring data between
| different countries within the EU though. The cross-the-
| pond-friendship example was only provided as an example
| of the topic at hand and not the fact that 'mericans
| don't have European friends.
| skinnymuch wrote:
| I was initially thinking like you too. But it likely
| isn't true.
|
| With Facebook's lowering importance and my self getting
| older, my interaction with non Americans has lowered. If
| we are talking about the EU only, the amount is minimal.
|
| Thinking about others around me, most don't have anything
| significant with EU residents or have one specific set of
| friendship[s] in the EU.
| trasz wrote:
| No, interactions - like, discussions - with people from
| other countries is, for most people, a minority of their
| overall interactions.
| amelius wrote:
| > I, an American, have a friend in France, where is our
| friendship stored?
|
| Sounds almost philosophical. I have a friend. We both have
| brains. In which brain is our friendship stored?
| ta988 wrote:
| Both, unless your "friend" does not consider you as a
| friend, in that case it is only in yours.
| adolph wrote:
| _People who live in society have learnt how to see
| themselves, in mirrors, as they appear to their friends.
| I have no friends: is that why my flesh is so naked?_
|
| https://www.goodreads.com/quotes/548471-people-who-live-
| in-s...
|
| Let us consider your hypothetical glitched friend-state
| within Antoine's concept of distributed self awareness.
| Does the friend delusion lead to self delusion or vice
| versa?
| ta988 wrote:
| I may not consider someone a friend, but still know they
| do. Imagine the case of people that make "friends" to
| abuse them or steal information. Note that it doesnt stop
| them from feeling the friendship is fake and faking that
| themselves. You see patterns like that in spy stories
| with double or triple agents. Not sure how many
| recursions a human brain is able to handle on an everyday
| basis, I would guess between 2 and 4?
| [deleted]
| MaxBarraclough wrote:
| If you're both cryonically frozen, is the friendship
| suspended? Does it spring back into being when you're both
| defrosted, arising from the process of living? By this
| account, friendships aren't purely a matter of data
| storage.
|
| If we're feeling especially poetic, we could make the case
| that friendships can live on despite the death of one of
| the participants.
|
| Also, do we always assume a binary friendship of exactly
| two participants?
| endymi0n wrote:
| This is spot on and a big problem. And although nobody here
| including me would shed a tear about Facebook in this case, I
| am worried about the precedent this sets.
|
| Facebook has the deep pockets to either build this through or
| fight it legally to the bitter end.
|
| But for any startup trying to build a global X, this can put
| a serious blocker in the way. Global sharding of entities and
| working with that isn't for the faint of heart. I know we'd
| stand still for a year or two trying to implement something
| similar as a small to mid sized startup.
|
| Philosophically and as a user, I actually like the idea, but
| wearing the systems architect here, this requirement scares
| me to no end and could throw a literal wrench into the
| operations of any global effort.
| 6510 wrote:
| Implementing it from scratch does seem less of a
| clusterfuck.
| trasz wrote:
| For any startup parasitizing on its users, you mean.
| evanelias wrote:
| Yes, this is exactly the challenge. It extends far beyond
| just ad-targeting. On the database side, social network
| sharding, replication, and caching schemes aren't typically
| designed based on national origin of users.
|
| If you have a full datacenter (i.e. containing databases, not
| just a frontend or CDN / PoP footprint) in a country, then
| typically the entire logical data set -- all data for all
| users worldwide -- is presumably replicated there. Other
| systems and services will then make assumptions that _any_
| object can be looked up with low sub-ms latency.
|
| Social networks often contain activity streams and other
| pages that include content from many users at once. Consider
| algorithmic ranking of feed content, comments on popular page
| content, etc: how do you even implement this if even some
| small subset of the data needs to be fetched from halfway
| around the world _on every page view_?
|
| Anyway, to answer your original question, friendships are
| bidirectional associations and would typically be stored in
| two places: one entry in your db shard, and one entry in your
| friend's shard. Photos are objects and presumably would be
| "owned" by a single user or page and located there (at least
| in terms of the metadata about the photo); however tags may
| be associations which have entries on multiple shards just
| like friendships. If some of these shards can only be
| accessed across a trans-Atlantic link, the entire scheme
| falls apart due to the latency.
| oldgregg wrote:
| There is an assumption that everything in the world should
| have 10ms latency. Why? Borders have always been meaningful
| to protect unique people groups. Maybe the extra latency is
| a way to protect indigenous cultures and allow local
| solutions to compete with Facebook. There are indigenous
| people groups all over the world where governments have
| said "leave those people alone!" American tech companies
| have done FAR more to destroy local cultures than
| missionaries could have ever dreamed of. Just because you
| can doesn't mean you should. Ultimately where it's going is
| that to the degree Facebook can't buy off all the local
| politicians it's going to have to follow the local laws and
| have unique policies for each jurisdiction. Ideally you
| would just have local companies running the social network,
| enforcing local norms, with federated APIs to communicate
| globally. Unfortunately the tech companies already control
| so much media and mindshare they are gonna probably keep
| that from happening in most places.
| trasz wrote:
| So Facebook would have to redesign their sharding. Who
| cares?
|
| Also, let's not forget that we're talking about a service
| with absolutely horrible reliability. Facebook only cares
| about reliability at scale; at a single person level
| reliability is quite poor; you can suddenly discover that
| your random post has 60 thousand likes (for a few minutes),
| or a friend of yours has a new post (they don't). Thus, the
| questions of "what if something has >10ms latency" don't
| really matter - Facebook fails much worse than that all the
| time.
| corobo wrote:
| Sounds like the challenge is using peoples' data in a way
| that isn't scumbaggerific to be honest
| gentleman11 wrote:
| Correct. There would have been no problem if Facebook
| were not abusing peoples data and trust so dramatically
| and brazenly, but Europe is forced to do this to deal
| with the American lawmakers refusing to step up
| mackman wrote:
| This guy shards. This is the correct answer.
|
| "The social graph is tightly interconnected; it is not
| possible to group users so that cross-partition requests
| are rare. This means that each TAO follower must be local
| to a tier of databases holding a complete multi-petabyte
| copy of the social graph. It would be prohibitively
| expensive to provide full replicas in every data center.
| Our solution to this problem is to choose data center
| locations that are clustered into only a few regions, where
| the intra-region latency is small (typically less than 1
| millisecond). It is then sufficient to store one complete
| copy of the social graph per region. Figure 2 shows the
| overall architecture of the master/slave TAO system."
|
| https://www.usenix.org/system/files/conference/atc13/atc13-
| b...
|
| edit: Oh hah, didn't realize parent was former DB person at
| FB. I was too, just a few years before :-)
| blablabla123 wrote:
| > the entire scheme falls apart due to the latency.
|
| Every proper Microservice zoo also has the exact same
| problem of ownership of data and latency. Holding
| duplicates of often needed parts of the data works
| surprisingly well and would also be fine with GDPR.
| toast0 wrote:
| If this was required, the solution wouldn't be too bad.
| There is a latency penalty, but in a normal browser on a
| normal computer, FB doesn't feel that close to the latency
| minimums as it is.
|
| Option A) client sends feed request to all regulatory
| domains and mixes results itself. Downside is either you'd
| always see the tail content from all regions, or client
| would have fetched content it doesn't display. Also, if
| client has to contact a load balancer in the regulatory
| domain directly, you're at the mercy of the client's
| international transit which is often worse than FB's.
|
| Option B), like option A, but client sends feed request to
| nearest server, nearest server bifurcates the request to
| one per regulatory domain. If regulatory domain is local,
| satisfy request (with all the sharded queries), otherwise
| send it to a request processor with local data and do the
| processing there. Feed request processor mixes the data.
| Downside, extra memory used holding results waiting for the
| remote regions to respond and managing more requests in
| progress. You could get tricky and use recent response
| times to try to get all responses back around the same
| time, and reduce the time where you had some region's data
| in memory, but not all of them, but that's probably silly.
|
| Both of these are more work than the current scheme, and
| nobody likes regulation requiring more work, but still.
| Figuring out where things are permitted to be stored when
| they involve people in multiple domains sounds like a
| headache though. And actually splitting the data once the
| parameters are clear doesn't sound like my kind of fun
| either.
|
| Disclosure: I worked at FB, but not with FB user data.
| teachingassist wrote:
| > We have a photo taken while traveling together in Belgium
| with 2 other Americans, what server?
|
| EU GDPR is pretty clear that all of the cases which involve
| transferring data from the EU to the US fall under EU GDPR
| rules. It refers to the location of the data, not the
| citizenship or residency status of the individuals who are
| involved.
|
| So, the photo that you took and uploaded within EU borders is
| theoretically in scope for EU GDPR - even if your French
| friend is not in the photo.
| teachingassist wrote:
| I'm not sure why I get downvoted for observing this -
| people don't like the truth?
| pm24601 wrote:
| Oh gee, you're right. URLs don't work across national
| boundaries.</snark>
|
| Seriously?
| duxup wrote:
| That's an interesting challenge.
|
| Social connections span legal jurisdictions.
| 6510 wrote:
| You 4356324 have a friend 6434535.
|
| Easier than CSS.
| trasz wrote:
| Your friendship can be stored in US or France. The problem
| is, everything else about that French national is still being
| stored in US, even if it's in no way related to US nationals.
| rich_sasha wrote:
| Good point. Is the ban more about where content is _stored_
| or how it is accessed? I guess there is nothing bad about you
| _seeing_ a page served from Europe.
|
| Otherwise, a lot of this data presumably isn't covered by
| GDPR. You and your friend are ultimately user_ids with a
| relationship_id or sth, and these surely aren't GDPR-
| controlled (but they point at details that are)
| corty wrote:
| Data that can be traced back to a person is covered by
| GDPR. If the user_ids have attached user datasets somewhere
| they are covered. If they don't have that, but the graph
| formed by user_ids and relationship_ids is isomorphic to
| publically known facts or facts that people with access to
| the graph have, that make people identifiable in the graph,
| it is covered by GDPR. One example would be a is-neighbour-
| of relation for peoples' addresses together with a public
| phone/address-book.
| gumby wrote:
| Still, solving that is hardly "devastating".
| [deleted]
| foolfoolz wrote:
| i don't think it's that complicated. your account is in a US
| database. your friends in a french database.
|
| the us db can have a list of friends by user id and those
| friends might be in other countries db. however your identity
| and data live in us db only.
|
| if you create a message the message can either be stored in
| the us and referenced by id in france (or duplicated since
| you intentionally sent it there). same for photos
|
| this makes each transmission of data across regional
| boundaries more intentional and easy to add governance checks
| oauea wrote:
| Facebook hires a lot of very smart people. I'm sure they can
| figure it out, or just, you know, stop their illegal
| behavior.
| NicoJuicy wrote:
| What I think:
|
| Your message will be stored in the US. Your friends message
| in the EU.
|
| The metadata ( conversation table of both) would be stored in
| the US.
|
| Your picture from Europe as a US user with US residency will
| be stored in the US. As Facebook wouldn't want your data
| under GDPR and since it's also not required.
| saddlerustle wrote:
| I guess a US company running that ad would no longer be allowed
| to do purchase attribution.
|
| More practically through, all of facebook's infrastructure is
| built on a transparently globally replicated database. Data
| siloing was only originally considered for launching facebook
| in China
| londons_explore wrote:
| > can't see why it would be devastating in practice.
|
| It's really hard to design systems split like that. There are
| so many corner cases. What when a user from the EU shares an
| image with a US group containing users from Australia. Where
| will the image be sent? Where will it be stored? What happens
| if the US members leave that group? Need the image be rehomed?
| What if at the moment that happens there is a trans oceanic
| bandwidth shortage/outage? Will there be a queue for rehoming
| images triggered by the final member of a group from a
| continent leaving the group?
|
| To avoid all the complexity, 99% of 'distributed' systems have
| a 'master' for the data in just one place. I'm not sure there
| are any distributed datastores that are masterless outside
| academia.
| barbazoo wrote:
| To be honest, that doesn't sound like a problem FB can't
| figure out.
| macinjosh wrote:
| It is incredibly rich for governments to regulate what can be
| done with data citizen willingly give up in the name of
| "protecting privacy". Yet they can monitor our Internet and phone
| activity without consequence. It is so disheartening watching the
| EU ruin the Internet. First the effect GDPR was to litter the web
| with PITA popups and now they want to tell people what to do with
| their data. The EU cannot collapse soon enough. The weight of the
| bureaucracy will be their downfall.
| jmclnx wrote:
| I wonder what would happen if Facebook choose to pull out of the
| EU with a large banner "Due to new EU regulations, we have to
| stop operations until regulations change".
|
| Would there be a large public outcry ?
|
| Me, I would like to see facebook, google, apple... reigned in,
| but they have a large bank account where that can "donate" to
| pols, so we will probably see a big loophole appear.
| trasz wrote:
| Nothing, because the only important asset FB has is its market
| share. If they left the EU, you'd have a functionally similar
| alternative very, very quickly.
| [deleted]
| jlelse wrote:
| I wouldn't find it bad for Facebook to be banned in Europe.
| This would be a chance for less data-hungry messaging services
| and social networks.
| tomjen3 wrote:
| It would be inconvenient for me, but as long as there is
| something else we can move to (Diaspora), I will survive.
|
| I know two people who have married people from the US who have
| moved here. I imagine they wouldn't be very happy not being
| able to interact with their friends across the seas nearly as
| easily. Who would they blame? That is a good question.
|
| On the other hand, Twitter would be pretty pointless if I could
| only interact with EU tweeps. I don't know if they would be hit
| by this, I assume there is a GDPR exception for this the user
| publishes?
| varispeed wrote:
| It's not possible, because how are they going to block EU
| nationals from continuing to use the service? People can use
| VPN, disguise themselves as Americans and so on. There is no
| way they can wiggle themselves out of it unless they'll close
| the entire operation, and that is not going to happen as
| Facebook is a spying front.
| Sanzig wrote:
| That's a really risky maneuver for Facebook. Yeah, maybe it has
| the desired result and the regulators back down. Or maybe
| competitors that have been locked out for over a decade due to
| the unassailable network advantage of Facebook finally have
| their chance to shine, and a new European social network
| competitor to Facebook rises up. The new competitor would be
| able to architect their service ground-up for GDPR compliance,
| which is something Facebook hasn't really been able to do since
| their platform has a lot of architectural inertia behind it.
| lanstin wrote:
| Nice phrase, architectural inertia. Less judgy and more
| specific than tech debt.
| ramphastidae wrote:
| They would never do that. Eyeballs for ads are all that matter.
| Their service is based on quantity, not quality.
| atypeoferror wrote:
| When they tried a much smaller version of that in Australia, it
| went very poorly for them - I doubt they will attempt a similar
| maneuver anytime soon.
|
| https://www.ft.com/content/cac1ff54-b976-4ae4-b810-46c29ab26...
| jug wrote:
| I use Facebook but them leaving EU would be amazing because I
| only use it to keep in touch with friends and family, and now
| they'd be forced off it. <3
| des1nderlase wrote:
| Why would EU (government) care? It's not like EU citizens would
| leave EU. Especially given that the government is preaching
| that this is protecting citizen rights.
| iends wrote:
| Ignoring Facebook entirely, this impacts the US company I work
| for in a big way. We are in data centers throughout Europe and
| follow GDPR, best security practices, limit access to production
| data, etc.
|
| Our company's interpretation is that we will need EU based teams
| (that we will have to hire for) to help debug production issues
| and to help customers because if I look at the data to triage
| I've transferred it out of the EU.
| mdasen wrote:
| I know that a lot of people's reaction to this might be, "screw
| Facebook", but the ramification might be "entrench Facebook such
| that no one can compete with them."
|
| _If the Irish data regulator enforces the provisional order, it
| would effectively end the privileged access companies in the US
| have to personal data from Europe and put them on the same
| footing as companies in other nations outside the bloc._
|
| This isn't just about Facebook. This is about whether every small
| company trying to bootstrap itself needs to take large steps to
| architect their data storage in a way that allows for segregation
| between European and American data.
|
| For Facebook, this might be costly and annoying to deal with. But
| what if you want to launch a new Flickr, Tumblr, Twitter, Airbnb,
| recipe website, etc.? You're a team of 2-4 trying to get things
| off the ground. Do you need to make sure that you are unavailable
| in the EU? Do you need to work on splitting data storage before
| you even find product-market-fit?
|
| Like, Airbnb certainly hosts lots of data about people and
| places, but when they were just starting out and trying to get
| traction, it seems like it would be a big hurdle to comply with
| this.
|
| Facebook can comply with this. I think it would be a big burden
| on anyone trying to compete with Facebook going forward or the
| ability of new companies to get off the ground.
| laurent92 wrote:
| It was quite easy, in my software, to have a settings with
| "data storage location" EU/US/Asia, and we transfer the data
| over to the country of their choice, with a little downtime.
| Granted there is a main database with everyone's
| key/auth/chosen database, but that's the only centralized data.
| ramblerman wrote:
| You are assuming every company immediately needs to serve the
| "whole" world.
|
| This regulation might actually make EU startups serving the EU
| more competitive vs competition from Silicon Valley.
|
| Which would be a double win for the EU legislators.
| akarma wrote:
| A social startup only being available in a certain country
| would be a substantial hindrance to adoption in most cases.
| edoceo wrote:
| > team of 2-4
|
| It seems you'd have loads of other hurdles to get over before
| intl-data becomes the thing that would block your growth.
|
| My 4 person team solves with country specific domains and
| hosting.
|
| Before that we had to figure out how to be profitable and
| "default alive" which was orders of magnitude harder than data
| silos.
| worewood wrote:
| Yeah agree with you. I don't see what the difficulty is. It
| is mostly an infrastructure issue and if you're starting from
| zero you're going cloud anyways
| saos wrote:
| Erm today is the dead to accept new terms. I obviously haven't
| done this. What will be the implications?
| jug wrote:
| Makes sense and I think this should've been required all along.
| Moving personal data into new jurisdictions is just a trainwreck
| waiting to happen.
| yawaworht1978 wrote:
| The EU lawmakers are doing what the gutless paid for and owned US
| lawmakers cannot or will not do. The US congress balooneyd around
| with Zuckerberg, he took the piss out of them.
|
| The EU politicians are a little bit less shameless and do
| something to protect the population(not even the local
| electorate, they have the ability to see beyond the box).
|
| Facebook and Instagram are designed to keep people more
| "engaged"(addicted) , in order to collect more data and push ads
| down everyones throat and retarget those who do not want any
| business with them. Tried to delete FB, ig or WA account
| completely? Every imaginable Ui obstruction and retention trick
| will bother you on the way out.
|
| The mother ship wants all the data intermingled to be more
| efficient. Hell no, team EU lawmakers all the way.
| shakezula wrote:
| This is why every time I hear someone complain about GDPR i
| gently remind them that it's the exact type of legislation
| people say they want to protect their data. People are so short
| sighted.
| saddlerustle wrote:
| > Tried to delete FB, ig or WA account completely? Every
| imaginable Ui obstruction and retention trick will bother you
| on the way out.
|
| Deleting WhatsApp is Settings -> Account -> Delete My Account
| -> Delete My Account
|
| Deleting Facebook is Settings -> Account Ownership ->
| Deactivation and Deletion -> Delete Account (With a very clear
| choice between deactivation and permanent deletion) -> Delete
| Account
|
| Compare that to unsubscribing from the New York Times...
| yawaworht1978 wrote:
| It is true that subscription s and re occuring payments are
| much worse, but we are talking "freeware" here. Especially IG
| you have to do in the browser.
| talideon wrote:
| Except that's not really what happens with Facebook. I
| deleted my account there ages ago, and discovered later when
| checking haveibeenpwned.com that the email address I used
| there was part of a data dump from Facebook. So, do I believe
| that FB really delete your data when you request to
| permanently delete it? Nope, not in the slightest.
| saddlerustle wrote:
| The last published DPC audit found that it does [1].
| There's really no reason to subject themselves to huge
| fines and lie about it, a very small fraction of facebook
| users delete anything.
|
| The "data dump" you're referring to was probably scraped
| from public facebook pages before you deleted the account.
| There has never to my knowledge been a case of private data
| becoming public that was exfiltrated from facebook proper.
|
| [1] https://web.archive.org/web/20171218060100/https://www.
| datap...
| tasogare wrote:
| Facebook have (had?) this clause of "if you reconnect in the
| following 30 days the account deletion will be cancelled"
| instead of deleting it immediately. Which is indeed one of
| the trick mentioned by GP.
| graphtrader wrote:
| Ahh poor Facebook. I feel so bad for them. Has to be tough not
| being able to steal people's data.
| toyg wrote:
| Now now, they don't "steal" it, they just "collect" it. All
| this data falls off the back of a truck, they just pick it up.
| oauea wrote:
| Indeed, just like movie piracy is not stealing.
| miralize wrote:
| "That information was just resting in our servers"
| mortehu wrote:
| Isn't the main function of Facebook to allow users to upload
| or enter contents for others to view?
|
| It seems like people here tend to think of ad profiles as the
| only data that matters, but Facebook "collects" messages you
| post and photos you upload, just like most email services
| "collect" all your emails. This kind of data is far more
| sensitive than your ad profile.
| iamacyborg wrote:
| > This kind of data is far more sensitive than your ad
| profile.
|
| Yes and no.
|
| certainly people share and post sensitive stuff on
| Facebook. But Facebook knowing I've visited certain
| categories of websites because those sites have a Facebook
| pixel or they're running a third party widget that has a FB
| pixel is historically a much more opaque form of data
| collection.
| lanstin wrote:
| The valuable data they have is to build a model of your
| personality and emotional dynamics, where they can
| control the input, what you see in timeline, and watch
| the output, the mood revealed by your subsequent actions
| and posts. Knowing what stimulus will upset you enough to
| donate or share a given type of content is pretty
| valuable, even compared to knowing you need a new laptop.
| sgregnt wrote:
| This comment is very biased, who are you to speak for all
| facebook users?
|
| For one thing, Facebook allows me to stay connected with my
| family in another country. I'm infinity grateful to it for
| that, and I'm ready to exchange getting this amazing free
| service for my very personal information. No one stole this
| data from me, I'm happy with this arrangement.
|
| Same with other the services: Google's, amazon, and what not...
| Hell, the progress all these amazing services brought made my
| live on earth a heaven really (not sarcastic)!
|
| I'm personaly not afraid of big tech, imho they compete with
| each other, they rise and fall, let them be. I'm afraid of
| regulation that incentivizes lobbying, kill competition, and
| create long term monopolies.
| ev1 wrote:
| The problem here is that the majority of users don't actually
| have informed consent. They don't know what is happening.
| They think it's just being served ads or something and are
| like "OK, I can accept the ads in exchange for the service" -
| what they don't know is FB is passing data to and from data
| brokers, purchasing your credit card purchases, matching your
| phone numbers against real life data, then leaking that data
| to unintended recipients via API or otherwise.
|
| I wouldn't care if I was served isolated display ads, even
| targetted based on my entered data.
| osmarks wrote:
| They do not compete with each other (potential competitors
| just get bought out), and already do lobbying in vast
| quantities. And there's nothing about inter-country
| communication which requires Facebook's data mining, inasmuch
| as there are already network links between them which
| Facebook uses.
| jpttsn wrote:
| I'd view "buying competitors" as a sign of "competing".
|
| Otherwise, in the Middle Ages, "European kingdoms don't
| fight wars, they just conquer one another"
| osmarks wrote:
| Possibly, but it's not the sort of competition which
| leads to more choice and better outcomes for consumers.
| jpttsn wrote:
| Maybe, maybe not. Consumers would be analogous to
| consumers of kingdoms, so it all sort of falls apart.
|
| Anyway, if the competition is not an ends unto itself it
| would seem a more direct argument can be made.
| lanstin wrote:
| The math showing free market equilibrium being the most
| prosperous depends on a large number of entities on both
| the selling and the buying end.
| trasz wrote:
| There are plenty of services that would serve that role -
| staying connected with your family - at least as good as FB
| does. That's the part most people are missing, I think: that
| FB doesn't really have that much to offer, apart from its
| market share. And, because of FB monopoly, pretty much
| anything that hurts them is good for the market, ie everyone,
| in particular their users.
| MinorTom wrote:
| You do realize _any_ potential Facebook alternative will face
| the same problems, further entrenching Facebooks market
| position.
|
| This even applies to federated social networks like matrix - a
| EU server can't easily send messages containing personal data
| to US ones without at least signing an contract with the
| required "standard contractual clauses" (technically an
| contract is always required).
| tifadg1 wrote:
| is that really the case? - i.e. what if private citizens run
| the servers - i don't see why these rules would apply to
| them.
| jpalomaki wrote:
| In modern cloud data is likely encrypted on disk and typically
| spread across servers. It's not really feasible to access the
| data by physically taking control of the servers or disks.
|
| Does the physical location really matter? If authorities need to
| access the data, they would anyways need a higher level access to
| it. In this sense it is more relevant who is controlling the data
| and where and under what jurisdiction that entity is located.
| cerved wrote:
| It's not a matter of data being encrypted, it's about the US
| authorities being able to demand decrypted access to the data
| of EU citizens from Facebook.
| ronsor wrote:
| Facebook is a US company. Even if the data was stored only in
| Europe, they'd likely cave to demands anyway.
| des1nderlase wrote:
| That's the point, not if EU said so. FB needs to comply to
| EU laws to operate in EU.
| cerved wrote:
| it's not about where the data is stored, it's about
| Facebooks inability to guarantee the rights of EU citizens
| and their data as it's transferred to the US
| cromka wrote:
| And, although this is an educated guess, about US businesses
| paying for Facebook ad services targeting EU customers using
| the collected data in a way that GDPR would block in EU.
| cerved wrote:
| No, not really. This doesn't have anything to do with US
| companies using ad targeting services that don't comply
| with GDPR.
|
| Schrems 2 is case primarily about US companies working with
| US authorities.
|
| https://edpb.europa.eu/our-work-tools/our-
| documents/other/fr...
___________________________________________________________________
(page generated 2021-05-15 23:01 UTC)