[HN Gopher] Meta fined $1.3B over data transfers to U.S.
___________________________________________________________________
Meta fined $1.3B over data transfers to U.S.
Author : jaredwiener
Score : 577 points
Date : 2023-05-22 08:42 UTC (14 hours ago)
(HTM) web link (www.wsj.com)
(TXT) w3m dump (www.wsj.com)
| rogers18445 wrote:
| If you are in the tech industry in the US this is actually a good
| thing, EU is trying very hard to remain and become even more
| uncompetitive.
|
| Already, the EU is mostly a breeding ground for talent that is
| then extracted by the US. The more hostile and bureaucratic they
| become, the grater the pressure for the talent to leave.
|
| It may appear that what the EU is doing is being hostile to US
| companies - and some individual US companies will indeed suffer.
| But the actual effect is to incentivize these companies to
| extract talent out of the EU as an insurance plan in the event of
| a pull out.
| mixmastamyk wrote:
| There's some truth in what you wrote, but certainly this brand
| of "competitiveness" (meaning tragedy of the privacy commons)
| should not be considered a worthy goal to compete on.
| sho_hn wrote:
| Given that native English speakers have a leg up in HR
| processes over here, I agree that everything that makes Europe
| a better living space is a nice thing for Americans who want
| out and largely can get out.
|
| I work for a European tech company, and we have a noticeable
| uptick of American applicants over the years. Common (as in:
| almost every time) interview questions I answer are "Is it safe
| there? I work in [say, Portland] and we had just had gunshots
| again across the street" and "Can my kids ride the subway
| alone?". Colleagues who made the leap tend to tell me they are
| "glad they got out".
| Detrytus wrote:
| > "Is it safe there? I work in [say, Portland] and we had
| just had gunshots again across the street"
|
| That's really weird. Most Europeans will never hear a real
| gunshot in their life, only those on TV.
| dr_faustus wrote:
| Those fines are ridiculously low considering VW had to pay 30$
| billion in fines and other compensatory payments for the diesel
| emission standard violations (1). So anyone who thinks its the EU
| which is using fines compensate for tax evasion should have a
| hard look at what the US has been doing for years (and mostly to
| companies, which actually ARE paying taxes on their profits
| albeit not in the US)
|
| (1) https://www.nbcnews.com/business/autos/judge-approves-
| larges...
| madballster wrote:
| A slap on the wrist. And the EU will be parading this around as a
| major win against "the evil tech conglomerates".
| 1234letshaveatw wrote:
| Well- yes. Redistribution of wealth and fining US tech to level
| the playing field is the whole point of the EU
| ccinnews wrote:
| [dead]
| chrisacky wrote:
| Can someone clarify what the legal point is here?
|
| If Meta are relying on SCCs to safeguard against the transfer of
| cross-border data processes from EU to US, the same clauses which
| was recommended by the CJEU from the Schrems II case, what is the
| legal challenge?
|
| Does anyone have any links to the actual decision so I can read
| the technical points of the judgment?
| waffleiron wrote:
| https://edpb.europa.eu/our-work-tools/our-documents/binding-...
|
| Here is the official decision, it also summarises the dispute.
| closewith wrote:
| This is the decision: https://edpb.europa.eu/our-work-
| tools/consistency-findings/r...
|
| From the press release:
|
| > The inquiry was initially commenced in August 2020, and was
| subsequently stayed by Order of the High Court of Ireland,
| pending the resolution of a series of legal proceedings, until
| 20 May 2021. Following a comprehensive investigation, the DPC
| prepared a draft decision dated 6 July 2022. Notably, it found
| that:
|
| > 1. the data transfers in question were being carried out in
| breach of Article 46(1) GDPR; and
|
| > 2. in these circumstances, the data transfers should be
| suspended.
| chrisacky wrote:
| So, what I don't understand is:
|
| Based on the EDPB Decision [1], it seems the most weight of
| the decision is from paragprah 107:
|
| > As explained by the EDPB in its Recommendations 01/2020 on
| measures that supplement transfer tools to ensure compliance
| with the EU level of protection of personal data (hereinafter
| 'EDPB Recommendations on Supplementary Measures') 243, when
| assessing third countries and identifying appropriate
| supplementary measures, controllers should assess if there is
| anything in the law and/or practices in force of the third
| country that may impinge on the effectiveness of the
| appropriate safeguards of the transfer tools that they are
| relying on 244. In this regard, the EDPB notes that,
| according to Meta IE's assessment, 'the level of protection
| required by EU law is provided for by relevant US law and
| practice' and that Meta IE implemented supplementary measures
| in addition to the 2021 SCCS in order to 'further ensure that
| an adequate level of protection continues to apply to User
| Data transferred from FIL to FB, Inc' 245 . In other words,
| Meta IE has implemented supplementary measures on the basis
| of an assessment which concluded that there was no need for
| such measures, since, in Meta IE's view, the relevant US law
| and practice were already providing a level of protection
| equivalent to the one provided under EU law
|
| My follow on question, let's say they understood the risk, I
| fail to see any safeguards which could be equivalent to the
| EU law? FISA 702 + other intrusive surveillance laws
| basically make this impossible.
|
| So it seems that because Meta:
|
| > seems to identify its own test for determining suitability
| of supplemental measures by lowering the standard to include
| measures that can "address" or "mitigate" any "relevant
| remaining" inadequacies in the protections offered by US law
| and practice and the SCCs' 249, and concludes in the Draft
| Decision that 'Meta Ireland does not have in place any
| supplemental measures which would compensate for the
| inadequate protection provided by US law'
|
| I'm just confused what would have been sufficient for Meta in
| this circumstance?
|
| The decision continues in paragraph 121 to say:
|
| > In this regard, the EDPB recalls that the IE SA carries out
| a detailed assessment of whether Meta IE implemented
| supplementary measures that could address the inadequate
| protection provided by US law 273. More specifically, the IE
| SA analyses the organisational, technical and legal measures
| implemented by Meta IE and concludes that these measures
| cannot, 'whether viewed in isolation, or in tandem with the
| 2021 SCCs and the full suite of measures outlined in the
| ROS', compensate for the deficiencies identified in US law
| and cannot provide essentially equivalent protection to that
| available under EU law 2
|
| I am aware of zero technical and organsiational measures
| which could protect against 702 FISA DOWNSTREAM (PRISM),
| short of not transfering the data to US?
|
| Thoughts?
|
| [1]: https://edpb.europa.eu/system/files/2023-05/edpb_binding
| deci...
| di4na wrote:
| You are right. The only solutions are to not host in the US
| and/or have a parent company in the US. And/Or to get the
| US to apply basic human rights.
|
| There are no other real way.
|
| What would have been sufficient is to process all data in
| EU jurisdiction and transfer HQ to equivalent country.
| Spivak wrote:
| But since it's a global network it means that they would
| have had to up and moved the whole operation into the EU
| which is pants on head stupid. The moment two countries
| have incompatible laws it all breaks down. This isn't
| something that should even concern Meta and should be a
| US/EU negotiation.
| robin_reala wrote:
| It has been a US/EU negotiation. Unfortunately the US is
| not willing to budge on its principle of "we get to look
| at whatever we want to without the need for a due
| process".
| wmf wrote:
| Or don't build global networks. Build local networks and
| federate them.
| Spivak wrote:
| And the moment a user from the UK messages a user in the
| US?
| di4na wrote:
| I mean i could tell it otherwise which is that the US
| should maybe consider providing basic human rights to
| their citizens and residents.
|
| If they do not, why would the rest of the world let them
| interact with them and endanger everyone?
| whiplash451 wrote:
| Can you elaborate on what you mean by basic human rights?
| di4na wrote:
| Right to privacy and due process? At least for this
| specific problem. I recommend going to read the Schrems
| II opinion by the CJEU, it is quite readable.
|
| After that we can extend to deeper Human Rights but let's
| start with the basics.
| mananaysiempre wrote:
| > [M]eta are relying on SCCs [...] which was recommended by the
| CJEU from the _Schrems II_ case[.]
|
| An unofficial summary[1] of _Schrems II_ doesn't put it quite
| like that: _Schrems II_ invalidated Privacy Shield, did not
| invalidate SCCs in general, but said that the latter are only
| valid insofar as they can provide EU-mandated privacy
| protections given the legal regime of the destination country.
|
| Arguably, because of the last point, a US company is incapable
| of entering a contract that provides such protections: they
| include judicial review of privacy violations, while US law
| says that noncitizens don't have standing to sue over those for
| surveillance under the FISA mandate (expires this December but
| will probably be renewed).
|
| [1] https://gdprhub.eu/index.php?title=CJEU_-
| _C-311/18_-_Schrems...
| pdimitar wrote:
| Yeah, as if they have to pay that fine next week.
|
| They can appeal it to hell and back and negotiate installments.
| They can do a lot.
|
| They already have a legal team. This is just the cost of doing
| business.
|
| Meta is a tumor that has to be cut down from society but I think
| we all know it's not happening. Either too much money is promised
| through lobbying, or the policy-makers are asleep at the wheel.
| berkes wrote:
| > They can appeal it to hell
|
| Can they, though?
| mu53 wrote:
| I think the winds have shifted for tech companies. They are no
| longer plucky young startups, but they are billion dollar
| companies raking in profits.
|
| Facebook did pay 725 million out of the original 5 billion to
| the FTC over Cambridge Analytica's scandal. That is a hefty
| fine still. [1]
|
| Another $122 million out of $276 million over Whatsapp merger
| [2]
|
| Granted, it does get negotiated down, but it really is the most
| they can do.
|
| [1] https://www.bbc.com/news/technology-64075067
|
| [2] https://www.reuters.com/article/us-eu-facebook-antitrust-
| idU...
| Sharlin wrote:
| > I think the winds have shifted for tech companies. They are
| no longer plucky young startups, but they are billion dollar
| companies raking in profits.
|
| "What has happened before will happen again. What has been
| done before will be done again. There is nothing new in the
| whole world."
|
| Microsoft was also once a plucky young startup. And Apple,
| and Oracle, and Dell, and...
| pdimitar wrote:
| > _They are no longer plucky young startups, but they are
| billion dollar companies raking in profits._
|
| True, and exactly because of that they have much more
| leverage.
|
| The only true wind shift would be for the regulators to get
| sick of their crap and start hitting hard at the first sign
| of misdemeanor. And that's the part I am skeptical about.
| jwildeboer wrote:
| Meta does $118B in revenue (2022 numbers). They claim 10% of ad
| revenue is generated by EU users. So this fine represents around
| 36 days of ad revenue generated by EU users. GDPR is in force
| since 5 years. So around 7 days of ad revenue per year lost to
| this fine (which will be appealed, obviously). I'd see this as
| cost of doing business with no real impact in Facebook/meta.
| whimsicalism wrote:
| I do not think there is any amount of money that could be fined
| that HN commentators would not call a slap on the wrist.
| feoren wrote:
| Let's say a train ticket costs $10. If you board without a
| ticket, the probability of getting caught and having to pay a
| fine is, let's say, 10%. Do you see why the amount of the fine
| must be greater than $100? Otherwise the optimal strategy is to
| never buy a train ticket, and just always pay the fine when you
| get caught.
|
| That's a slap on the wrist: it's cheaper to pay the fine than
| to follow the law. The correct amount of money for a fine is a
| multiple of the amount of revenue gained from ignoring the law.
| I don't know what that is in this case, but I'm fairly certain
| it's at least an order of magnitude larger than $1.3B.
| whiplash451 wrote:
| I can't tell if you're trolling.
|
| A fine of even 20% of revenue would basically kill any
| company, big or small.
|
| And we are talking revenue, not profit.
| whimsicalism wrote:
| 20 days of profit is a ton and I doubt they made that much
| from doing it.
| moolcool wrote:
| Even beyond that though, it needs to be enough to make them
| actually care.
| whiplash451 wrote:
| A few % of revenue would make any company care, even a
| company the size of Meta.
|
| Reading the comments on this thread makes me wonder how
| many commenters have been close to real company
| operations in the past.
| sacnoradhq wrote:
| FYI: There will be another round of layoffs at Meta again this
| Wednesday.
| meghan_rain wrote:
| These numbers should be written as "hours of revenue".
|
| Then people would notice how laughably small those fines are.
|
| > Meta was fined 12 hours of revenue for violating your
| fundamental human rights for years of profit.
| pyrrhotech wrote:
| It's amazing to me how many otherwise intelligent people on HN
| inevitably make this same comment, when in fact, this is a
| substantial fine even to a company the size of Meta. Much
| higher would be borderline extortion, and Meta would seriously
| start to consider whether doing business in the EU is worth it.
| thunkshift1 wrote:
| Revenue is not the same as profit.. this fine is coming out
| metas income
| fauxpause_ wrote:
| They should be written as a % of profit from the area
| generating the fine
| ilyt wrote:
| The max fine is 4% of a firm's annual revenue from the
| preceding year so this is around ~1% of revenue
| detaro wrote:
| Given the creativity in accounting possible for
| multinationals and the difficulty in capturing value added to
| other areas from activities in an area that's a number with
| very little actual value.
| fauxpause_ wrote:
| The accounting is not what matters. What matters is using
| your brain to to figure out if a fine is actually
| meaningful.
|
| Comparing to revenue is a stupid way to think about things.
| Profit is the incentive to conduct business. Not revenue.
| And not global profit, but in this case Ireland/EU profits
| only, because that is the location fining them.
|
| People are so eager. Every. Single. Time. To say that a
| fine does not matter even if it clearly outpaces multiple
| years of profits for the area given.
| Spivak wrote:
| > Comparing to revenue is a stupid way to think about
| things. Profit is the incentive to conduct business
|
| Because it is and it isn't. Companies can make people
| filthy rich while not making a single dollar of profit
| thanks to the stock market where the price does grow,
| broadly, in terms of revenue.
| fauxpause_ wrote:
| You're right in that it ought to be compared to the scale
| of profits, not a percentage, as many run on a loss
| during growth. But profit is still what matters.
| Including the promise of future profits.
|
| Talking of the future doesn't help much because both
| numbers will change. And punishing a company based on its
| future state is... not possible
| hfkwer wrote:
| I am getting tired of always reading this same old tune. It's
| damned if you, damned if you don't.
|
| - EU fines a company a small percentage of its annual revenue.
| "Laughably small", "cost of doing business", EU has no fangs,
| blablabla.
|
| - EU fines a company a large percentage of its annual revenue.
| Damn EU bureaucrats, trying to make money on the back of
| hardworking US multinationals, zero innovation over there so
| they steal from America, blablabla.
|
| What do you want? For the EU to impose such large fines that
| they put every tech company out of business? No one wins at
| that game.
| bcrosby95 wrote:
| HN isn't a monoculture. Different people have different
| opinions.
| pyrrhotech wrote:
| HN may be slightly better than other platforms, but it's
| still largely an echo chamber
| loeg wrote:
| It's even worse than that -- you'll get both opinions on the
| same fine. Can't please everybody.
| toth wrote:
| While I don't disagree with you, if you are going to say
| something like you should really at least give the right
| number. Or at very least include a disclaimer that 12 hours is
| not the right number.
|
| 2022 Meta revenue was 116 billion USD [1]. So the fine was 1.1%
| of yearly or revenue, or pretty close to 4 days of revenue.
|
| In terms of yearly net income, it is 5.6% or 20 days of income.
| Don't think this is a trivial fine.
|
| [1] https://www.statista.com/statistics/277229/facebooks-
| annual-...
| ChatGTP wrote:
| Bit off topic, but how on earth did Meta gross 116 billion
| USD ? lol
|
| Of course we all find tech valuable, but that is absolutely
| stupid money for what I get out of their services, which is
| almost nothing hence I've not opened FB for weeks and I open
| Instagram for 2-3 minutes every day and turn it off, lately
| maybe every other day.
|
| Even with more engaged users it's hard to believe it's worth
| that much money. Is the advertising really this effective ?
| Insane.
| ndsipa_pomu wrote:
| I would guess that a chunk of income comes from selling
| datasets to interested parties, especially politically
| affiliated ones e.g. https://en.wikipedia.org/wiki/Facebook
| %E2%80%93Cambridge_Ana...
| loeg wrote:
| Your guess is wildly mistaken. They did not intend to
| sell data to CA; and the CA events happened in 2014-2015
| and the program CA abused was subsequently shut down.
| ndsipa_pomu wrote:
| To my mind that could be explained as CA exploiting
| Facebook users' data and Facebook shut down that program
| so that it could instead explicitly sell similar
| datasets.
| loeg wrote:
| Well, you're wildly mistaken again. The dataset is the
| golden goose -- they have no interest or incentive to
| sell it.
| ChatGTP wrote:
| That's nice and terrifying then.
| cheriot wrote:
| Selling data erodes Facebook's ability to make money
| selling ads (because then other people will be able to
| target users just as well). It's never been something
| they did intentionally.
| aierou wrote:
| Meta only lost income and credibility from that scandal,
| unless you believe the data breach was conspiratorial.
| ndsipa_pomu wrote:
| Seems likely to me. I can't recall Facebook acting in
| good faith at any point in time. If there's a bunch of
| money to be made assisting well-funded politicians, then
| I'd fully expect Facebook to be wanting a piece of that
| pie when their business model is generally to act against
| the users of the site by selling their data to
| manipulators.
| cheriot wrote:
| > that is absolutely stupid money for what I get out of
| their services, which is almost nothing
|
| That's why it's a free product! Revenue is from the value
| they deliver to advertisers. Meta's average revenue per
| user is significantly higher than other ad platforms
| (except Google).
|
| For someone selling to a particular group of people,
| getting ads to that specific group, and ONLY that group, is
| really valuable.
| anpe wrote:
| Also to add, this fine is concerned with the EU. I'm not sure
| why we care how much money Meta makes in other regions. EU
| accounts for about 25% of their revenue [1]. So in terms of
| yearly net income it then gets closer to about 15%. Again,
| the job of EU is to regulate businesses in the EU and not the
| rest of the world.
|
| [1] https://businessquant.com/facebook-revenue-by-region
| Vespasian wrote:
| The GDPR allows for fines based on global revenue to
| prevent companies playing games with where there income is
| "technically" generated.
| bboygravity wrote:
| Sounds to me like a clever EU work-around to force Meta to
| pay taxes over its EU revenue :p
|
| This "fine" just feels like "cost of doing business in the
| EU" to me...
| nirimda wrote:
| Well, companies are known for organising their affairs to
| avoid taxes. I suppose they can organise their affairs to
| avoid fines as well.
| jtode wrote:
| I am SO glad I was not taking a sip of my very hot coffee
| when I read this.
| tchaffee wrote:
| They broke a law that violates basic human rights.
| Privacy is important to EU citizens, and unlike the US
| they largely enjoy that right thanks to laws which are
| enforced.
|
| Nothing to do with taxes.
| Capricorn2481 wrote:
| A lot of EU countries are also in "big eyes" esque spying
| agreements. The occasional story of a privacy law being
| enforced doesn't change that
| tchaffee wrote:
| Facebook is not the government so even if what you say is
| true, it's really off-topic. Being protected from
| businesses violating your privacy is a good thing.
| bcrosby95 wrote:
| The reason why Facebook transferring data to the US is
| illegal in the EU is because its spy agencies and law
| enforcement can force them to turn over data.
|
| It's not off topic at all.
| smoldesu wrote:
| And the United States can't? Facebook is part of PRISM,
| and they are incorporated in America. They are arguably
| in a more compromised state when operating domestically
| than abroad.
| bcrosby95 wrote:
| That's not the argument I would go with, but you could. I
| would argue that the EU has more oversight into its spy
| agencies and can reign them in if wrongdoing comes to
| light, whereas they have little to no control over those
| in the US.
| tchaffee wrote:
| Can EU governments force companies to turn over data? If
| not, then you are talking about what EU governments do
| secretly. That's a different topic.
| [deleted]
| smoldesu wrote:
| This isn't about protecting users from spying. This is
| about managing user data and privacy in accordance with
| the laws that privately-owned businesses must abide by.
| You can claim that it's a double-standard, but it's still
| wrongdoing and needed to be sorted out either way.
| ilyt wrote:
| Funnily enough, country that is biggest on that recently
| left EU...
| conductr wrote:
| > Nothing to do with taxes.
|
| If companies view it as cost of doing business, it's akin
| to a tax and the rights you hold dear are not respected
| tchaffee wrote:
| That's true but the evidence points to companies changing
| policy to avoid increasing fines and the risk of being
| banned entirely.
| june_twenty wrote:
| > Privacy is important to EU citizens
|
| The people on the ground didn't do anything with this
| ilyt wrote:
| Nah, GDPR is great.
|
| For example now random security camera operator can't
| just take some scenes and post it on youtube, as that
| would violate GDPR in several ways and few companies paid
| tens to hundreds of thousands in fines for that.
|
| It also cut sooo much bullshit when it comes to PII
| management. Because there is actual teeth behind it very
| little companies will try the old trick of "oh you wrote
| email to us ? Let's just send marketing stuff on that",
| as that would require separate consent.
| tchaffee wrote:
| That's entirely untrue. Countries in the EU had strong
| privacy laws before the EU existed. And before the
| internet existed. Mostly around phone companies, but not
| only. Having lived in a few countries in the EU I can
| also anecdotely say that privacy laws are generally
| liked.
|
| GDPR laws are so popular that 17 countries outside the EU
| already have similar laws.
| scarface74 wrote:
| So how do you have "privacy" when the entire purpose of
| social media is to share your likes, dislikes, social
| graph, etc. worldwide?
| smolder wrote:
| The data that Facebook collects about people goes far
| beyond what is explicitly shared and visible in their
| profile. E.g. which sites they visit (and when) with
| Facebook widgets on them, on-site browsing habits,
| private conversations, their phone contacts, location
| data, etc.
| baby wrote:
| I imagine that a number of features are built on top of
| these. I remember that you could easily see what friends
| where nearby you when you were traveling (I ran into a
| friend who was visiting Milan at the same time as me a
| few years back!) but the feature doesn't exist anymore.
| I'm wondering if it's because of regulations that they
| had to cut down on these features.
| tchaffee wrote:
| Facebook posts can be made for only friends to see. Other
| social media has similar controls.
|
| Facebook also has private messaging.
| scarface_74 wrote:
| And when those private messages get sent to someone in
| the US or those friends are in the US, what do you think
| is going to happen with the data?
| tchaffee wrote:
| You're moving the goal posts. Your claim was that all
| posts are globally public. That's wrong.
|
| But to play along, what happens to the data depends on
| where it is stored. If the data center is in the US then
| the government can get a court order to seize that data.
| Which is not the same as in some other countries, is it?
| ilyt wrote:
| well, what would happen is facebook getting 1.3B fine
| scarface_74 wrote:
| So now the EU is saying that Facebook shouldn't allow
| people in the EU to talk to people in the US?
| johannes1234321 wrote:
| They got 5 months to fix the issues. So after 5 months
| they can collect a bigger fine ... and then 5 months
| later again, with three increasing charges within 12
| months it's more notable.
|
| Ok, realistically it's unlikely to happen exactly that
| way, ...
| pyrale wrote:
| Fortunately, we can count on FB to move fast and break
| this hazard much faster than that.
| beefield wrote:
| Sometimes I wonder why there are so many people
| advocating three strike and out laws, but never against
| corporations. Would be interesting if the third fine
| would be so large that shareholders are wiped out and
| debt holders are left with scraps.
| rmm wrote:
| Wasn't the fine for breaches since July 2020? So more like 2
| days revenue and like 3%profit.
|
| Actually meta had bigger year last year so a bit less than
| that.
|
| Cost of business ?
| nicce wrote:
| The investigation lasted 10 years.
|
| https://noyb.eu/en/edpb-decision-facebooks-eu-us-data-
| transf...
|
| So, the fine is ridiculously low. 130 million per year?
| toxik wrote:
| 20 days of income for this seems extremely low. Were it a
| person, they would have been jailed and indebted for life.
| JCWasmx86 wrote:
| Yeah agreed. They will simply continue to violate the GDPR.
| If the last years global revenue was 116 Billion USD, the
| fine should be at least 200 Billion. Otherwise companies
| just will see the fine as cost of doing business.
| trogdor wrote:
| Whether something is a 'cost of doing business' is based
| on whether the cost is expected or unexpected, not its
| magnitude.
| EduardoBautista wrote:
| No, they wouldn't. An appropriate fine would have been
| given to a sole proprietor.
| TeMPOraL wrote:
| Not really. The EU isn't trying to kill Meta, it's trying
| to get it to follow GDPR where it applies. For most people,
| fining them an equivalent of their monthly salary, is a
| blow painful enough the person won't forget it soon, and
| will try to avoid getting fined again.
| hartator wrote:
| 4 days is actually pretty high.
| vmfunction wrote:
| 1.1% seems like slap on the wrist or cost of doing shady
| business. 20% would be more appropriate, then again this
| seems like political discussion between US and EU.
| danieldk wrote:
| The fines can be up to 4% of global yearly turnover. I
| think they don't go for the full amount immediately,
| because you always want to have room to increase the
| penalty if the don't comply after this fine.
| Yujf wrote:
| Reminder that this is revenue, not profit AND it is a fine
| from the EU so really only EU revenue should be counted
| when discussing how hard this hits Meta.
| johannes1234321 wrote:
| > a fine from the EU so really only EU revenue should be
| counted
|
| You can't really fully seperaten EU revenue. I as a
| European write very intelligent and relevant posts on
| Facebook, thus people from other regions go there to read
| them. (well, I don't post anything on Facebook these
| days, but the point stands)
| cheriot wrote:
| Meta revenue is from showing an ad. "Is the ad shown in
| the EU?" seems like a pretty clear line. IFRS rules
| already require tracking the action that recognizes
| revenue so seems hard to play games with it.
| ndr wrote:
| This implies that Meta doesn't make money outside of EU
| by exfiltrating EU users' data.
|
| If Meta made zero money in EU whilst still offering a
| service to EU users, and still exfiltrating their data,
| should the fine be zero?
| ben_w wrote:
| Even if the calculations for how to attribute income from
| different places would be difficult to decide upon
| precisely, and doubly so if the calculations are used to
| determine a penalty fine thanks to the possibility of
| being gamed, it can probably be guessed at without too
| much error in cases where Goodhart's Law doesn't bite.
| cheriot wrote:
| How does anyone make money with EU data outside the EU?
| Seems like the value of that data is trivial anywhere
| else.
| nicce wrote:
| It should hit the global revenue. Otherwise they could
| play even more regionally with the rules, and fines are
| just a cost of doing the business.
| andrewinardeer wrote:
| Agree.
|
| A few years ago I was on around AUD90,000 and driving my
| wife's car which to me she had failed to register.
|
| I got a AUD990 fine.
|
| So I equate this fine to Meta getting busted for driving an
| unregistered car.
|
| Not even close to a drink driving charge.
| blitz_skull wrote:
| Okay am I insane or does "20 days of income" for a company
| that generates income 24/7 seem like the definition of a
| "trivial fine"?
| loeg wrote:
| It doesn't seem like the definition of "trivial fine," no.
| chias wrote:
| Given that you are on HN, you are likely salaried employee.
| This means you are also generating income 24/7. If you were
| fined for 20 days of your income, would you still argue
| that this is "the definition of a trivial fine" for you? I
| certainly wouldn't.
| whimsicalism wrote:
| Nietzsche wrote about this stuff, doubt there is any
| magnitude of fine that would be acceptable to the baying
| masses.
| [deleted]
| gavaw wrote:
| You can't just attach the "human rights" magical pixie dust to
| anything to make it more serious. Oh wait you said
| _fundamental_ human rights.
| cccbbbaaa wrote:
| Privacy is a human right in the EU.
| gavaw wrote:
| Having the datacenter that stores your data in another
| region does not affect your privacy in any way.
| hfkwer wrote:
| Clearly EU judges disagree with you.
| ilyt wrote:
| It does if US government can take that data. Which they
| do.
| tpm wrote:
| The EU member states are responsible for protecting
| various rights of their citizens and they can't do that
| if the private data is placed in a uncooperating
| jurisdiction.
| tchaffee wrote:
| That's wrong. A data center in the US can be forced to
| hand the data over to the government. And that's not the
| only protection you lose.
| gavaw wrote:
| It's very naive to think moving the datacenter to the EU
| makes it impossible for American agencies to data off it.
| cccbbbaaa wrote:
| That's exactly why the privacy shield was invalidated by
| the CJEU.
| tchaffee wrote:
| I never made any such claim that it would be impossible.
| Your initial claim is still wrong.
| danbrooks wrote:
| Is this comment GPT generated (following the description in
| meghan_rain's bio)?
| cromka wrote:
| Revenue tells you nothing in terms of how severe that fine is.
| As others pointed out, it should be in relation to net income.
| ilyt wrote:
| Its in relation to turnover, not revenue. Up to 4% and
| another 4% for noncompliance
| belorn wrote:
| Neither revenue or net income will really represent the value
| of a company. Company evaluation would be more fitting,
| especially if the company is publicly traded.
| xerxesaa wrote:
| Not sure net income would tell you that much either. Many
| companies deliberately keep net income low by reinvesting in
| further growth. Think of Amazon's model. At least revenue
| gives you a sense of the upper limit.
| Algent wrote:
| Agreed, fine on net income is meaningless it just mean it
| won't hurt. Should be at least 10% of revenue like
| antitrust tend to do, this would make anyone think twice.
| [deleted]
| JustFinishedBSG wrote:
| So Amazon can just say "fuck the law" and get negative fines
| ?
|
| It obviously doesn't work.
| mattigames wrote:
| Well, one could say that that is a problem about how Amazon
| is allowed to use some shady accounting tricks to declare
| low net income, and therefore that problem is the one that
| should be addressed directly.
| avianlyric wrote:
| I don't think GP is suggesting that the fines should be
| calculated based on net income. Just that you should
| evaluate the _impact_ by comparing to net income.
|
| So in Amazons case you absolutely see a fine greater than
| their net income, but still only 1% of their revenue, and
| obviously such a fine would have a greater impact on Amazon
| than the equivalent 1% fine applied to Facebook.
| usrusr wrote:
| So when you're having a bad year because you over-hired, or
| because some upstream service you depend on too much is
| abusing their power to squeeze you you should be entitled to
| break any law?
|
| What if your company is set up with the usual tax tweaks
| where all net income is zeroed out by some licencing
| agreement about hand-wavy IP from a sibling company in the
| corporate family?
|
| Taking it a step further, will you get a fine-back as a
| reward for breaking the law if your accountants manage to
| declare negative income?
| danieldk wrote:
| _Taking it a step further, will you get a fine-back as a
| reward for breaking the law if your accountants manage to
| declare negative income?_
|
| I think the GP meant that you should see the fine in
| relation to the net income, rather than that the fine
| should be computed in terms of the net income.
|
| E.g. if a company has 100b revenue and a net income of 4b,
| then a 1.3b fine has a large impact. If a company has a net
| income of 50b, then 1.3b is peanuts.
|
| (I don't necessarily agree, but just elaborating what they
| probably meant.)
| usrusr wrote:
| An interesting way to look at it, the impact of a given
| percentage of revenue will certainly differ a lot between
| some tight margin reseller and a business that is
| basically market printing once established. But I can't
| parse the wording of the last sentence in GP post as
| "should be _seen_ ", it's to "should _be_ ". If there is
| ambiguity I fail to see it.
| nologic01 wrote:
| There are two aspect to this, the message to the company and
| the message to the users:
|
| Yes, the fines are small enough that they are normalized by the
| violating corporate as just as small additional cost of doing
| business. A dramatic negative externality gets trivialized. The
| signal to _other_ corporates is: go ahead feasting on the
| corpse of user privacy, just do a proper cost-benefit analysis.
|
| But, these fines _are_ legal events, in jurisdictions that
| _are_ relevant to large numbers of people.
|
| The common argument "people don't care about privacy" is more
| truthfully "people assume that widely popular online businesses
| are legal and ok, since services that are not ok are generally
| not allowed to operate". In fact, when all sort of public
| institutions are actually _on_ facebook (and other adtech
| platforms) and even _encourage_ people to join and interact
| there, they actually endorse that implied legal status. This
| has been a fiasco that has cut to size any "proud" democracy
| out there.
|
| News headlines of legal fines help puncture that implied
| institutional endorsement. The average user _doesn 't_ know
| that the fine is just 12 hours of revenue. They actually have
| no clue what sort of lucrative business is running behind their
| backs and against their interests. Using these legal events,
| provided they get some press, does help the argument of those
| pushing to use (where available) privacy-respecting
| alternatives.
|
| Of course such is the ability of the public to get desensitized
| to any uncomfortable truths that eventually that effect will
| wear out too.
| ilyt wrote:
| > Yes, the fines are small enough that they are normalized by
| the violating corporate as just as small additional cost of
| doing business. A dramatic negative externality gets
| trivialized. The signal to other corporates is: go ahead
| feasting on the corpse of user privacy, just do a proper
| cost-benefit analysis.
|
| Non-compliance just causes another fine. So they could be up
| to 8% of turnover (not income) a year
| lopkeny12ko wrote:
| You realize how silly this would be right? If you got a parking
| ticket, how would you feel about being fined some % of your
| monthly paycheck instead of a flat $50?
| Broken_Hippo wrote:
| Like it is more fair. Why should a poor person pay nearly a
| day's wages for a violation when other people don't have to
| have such a harsh punishment?
|
| Does it seem ridiculous at the edges? Sure, but it also makes
| the fine an actual punishment for all rather than a rule that
| the better off can afford to ignore. This _is_ true even in
| the case of driving laws. Sure, you might lose your license
| regardless of finances - but only one of them can fairly
| easily afford the reinstatement fees and the extra costs of
| not driving.
| gen220 wrote:
| Not sure if you're aware, but some fines in some
| jurisdictions actually work this way [1].
|
| [1]: https://www.euronews.com/2023/01/04/finlands-
| progressive-pun....
| m_eiman wrote:
| Another way to seek it is: $2 per EU citizen.
| TeMPOraL wrote:
| Sure, but let's also add a reminder that the point of the fine
| isn't to torture or kill the company - it's to incentivize it
| to comply with the law.
|
| Whatever ills people may ascribe to Meta, EU DPAs aren't in the
| business of social activism, or taking their annoyance out on
| multinational corporations. The job is to get Meta to comply
| with GDPR. If that fine will do the trick, mission
| accomplished. If it won't, the next one will be bigger, and
| then fining will continue until compliance improves.
|
| (There's a sub-story here about Irish DPC, but that's
| orthogonal to the size of GDPR fines issued.)
| throw_a_grenade wrote:
| https://archive.is/dSg66
| jokoon wrote:
| There are so many big fines related to IT, at some point I tend
| to believe it's a way to get a back a part of all those taxes
| they don't pay.
|
| It seems to be a diplomatic way to handle this thing.
| TurkishPoptart wrote:
| Does this have anything to do with the class action lawsuit? I
| submitted a claim at https://facebookuserprivacysettlement.com/
| earlier this month.
| Veen wrote:
| Curious how Nick Clegg has changed his tune on data collection
| since he went to work for Facebook. When he was leader of the
| Liberal Democrats and UK Deputy PM, he was strongly in favour of
| a data "Bill of Rights" that would limit and control data
| collection and sharing. I wonder what changed his mind?
| jacquesm wrote:
| This is par for the course. Critical voices get hired. It's a
| 'win win' in the sense that the critical voice gets to shut up
| and they get some money out of it. /s
| aldous wrote:
| Clegg's credibility in the UK is pretty poor due to some well
| publicised policy u-turns during his tenure in political power,
| most notable being tuition fees. He went from hero to zero very
| quickly over there, becoming almost an archetype of the slimey,
| untrustworthy politician.
|
| https://www.theguardian.com/politics/2015/may/12/nick-clegg-...
| [deleted]
| avianlyric wrote:
| I can't help but feel that Clegg get an unfair rep for that.
| The tuition fees thing was never going to happen, and was
| always put out by the Lib Dem's to apply pressure to the two
| main parties (Conservative and Labour).
|
| The Lib Dem's then made the fatal mistake of actually making
| it into government, which they obviously never anticipated
| happening when they originally made the tuition fees promise.
|
| Personally I think Clegg and Lib Dem's did a fantastic job of
| reigning in the worst aspects of the Tory party, and the UK
| public raking them over coals for tuition fees has only
| benefited the Tories by removing the only thing that stopped
| them going off the rails completely. Which of course happened
| immediately after the Tories got rid of the Lib Dem's and we
| got Brexit a year later
| JansjoFromIkea wrote:
| It was the Cameron/Clegg government that normalised food
| banks in British society.
|
| I'd like to know what the fantastic job they done was,
| because if it's solely holding off a Brexit situation for 5
| years I could argue their relatively weak opposition whilst
| in coalition actively enabled a shift further to the right
| and their extremely weak position by 2015 allowed Cameron
| to be so assured of the centre-right vote that he could
| court the UKIP vote with a referendum he assumed would
| never pass.
|
| He did get voting reform to the point of a referendum in
| the UK at least, which regardless of how badly it was
| executed is something (and I don't think I can blame him
| for that too much, it was doomed with the UK's media), it's
| just a shame that seems to be the entirety of what he
| managed.
| pjc50 wrote:
| Nah, they made a commitment against tuition fees which they
| then reversed spectacularly. If they'd merely said, "since
| we're unable to agree on the changes to tuition fees they
| will be left at current levels in this parliament", I think
| people would have accepted that. It was the (three-line
| whip) voting to treble them that did them in.
| Veen wrote:
| It was the electorate that got rid of the LibDems, not the
| Tories. They went from 57 MPs to 8, largely because they
| broke promises like the one on tuition fees.
| samwillis wrote:
| There may be some truth to that, and they did get the
| Conservatives to run a referendum on changing the electoral
| system from "First Past The Post" to "Alternative Vote". In
| some ways, getting that referendum should have been an
| incredible win worth sacrificing some short term policies.
| Unfortunately the campaign for the change was a disaster,
| and the misinformation and fear mongering about the change
| pushed the country to vote it down.
|
| https://en.wikipedia.org/wiki/2011_United_Kingdom_Alternati
| v...
| JansjoFromIkea wrote:
| I dunno how much the campaign for reform can be blamed
| really; the bulk of the political and media classes were
| rabidly against it and it's very easy to make any kind of
| PR sound more confusing than it is.
| pjc50 wrote:
| > Unfortunately the campaign for the change was a
| disaster, and the misinformation and fear mongering about
| the change pushed the country to vote it down.
|
| It was an absolutely extraordinary level of bullshit,
| especially the ads trading off changing the voting system
| cost vs NHS funding, which was really a prelude to how
| bad the Brexit debate would be.
| aldous wrote:
| Good points. I guess a counter is if seemingly 'cast-
| iron' pledges are put out there for the electorate (such
| as the scrapping of tuition fees) and people subsequently
| turn out in big numbers to vote for them (this was the
| year people were turned away due to large queues forming
| at the polling stations - obvs not all students voting
| for Lib Dems but you see my point) it's understandable
| that people will expect said pledges to be delivered on.
| The Lib Dem's flagship political broadcast was titled
| "Say goodbye to broken promises" for example. The ire is
| understandable, whether one agrees or not.
| vonquant wrote:
| Money is often a compelling argument.
| spuz wrote:
| Nick Clegg isn't mentioned in the article - what are you basing
| the statement that he's changed his mind on?
| Veen wrote:
| I am basing it on my knowledge of the story, which I gained
| by reading things. Feel free to do the same.
| johneth wrote:
| > I wonder what changed his mind?
|
| Probably a lack of integrity.
| jacquesm wrote:
| He has millions of reasons, really.
| kybernetikos wrote:
| > It is difficult to get a man to understand something when his
| salary depends upon his not understanding it
|
| -- Upton Sinclair
| samwillis wrote:
| The fact that the _number two executive_ [0] at Facebook /Meta
| is a former legislator and politician who's responsible for
| lobbying governments shows just how much of an existential
| threat Facebook face.
|
| Facebook/Meta are at the "cigarette company fighting for its
| right to operate" stage of its existence. They know they prey
| on people, and are ultimately "responsible" for a coming mental
| health crisis, disinformation, and potentially worse in some
| countries.
|
| My bet is, just as with cigarette and oil companies, we will
| discover in 30 years time that Facebook had unpublished
| research into just how bad for the world some of their
| activities are.
|
| 0: https://www.bbc.co.uk/news/uk-60410636
|
| > _The move puts the former Lib Dem leader on a par with Mr
| Zuckerberg himself_
|
| > _Mr Zuckerberg said Meta needed "a senior leader at the level
| of myself... who can lead and represent us for all of our
| policy issues globally"._
| ssnistfajen wrote:
| FB internal researches have already found that Instagram is
| having negative impacts on the mental health of teenagers: ht
| tps://www.forbes.com/sites/jemimamcevoy/2021/09/14/faceboo...
| bentcorner wrote:
| IMO it's much worse than cigarettes, in that the ills that
| Facebook delivers upon us is very nuanced and isn't a
| concrete object like a cigarette is. It's only when you start
| pulling all the pieces of FB together (commenting, sharing,
| liking, friend graphs, etc.) that it starts becoming a bad
| thing.
|
| Maybe data privacy turns out to be the "lower receiver" of
| social media but I doubt it.
| yung_steezy wrote:
| Not just any politician/legislator: He was deputy PM of the
| UK for 5 years.
| ModernMech wrote:
| > My bet is, just as with cigarette and oil companies, we
| will discover in 30 years time that Facebook had unpublished
| research into just how bad for the world some of their
| activities are.
|
| Ahem... Facebook researchers have found that
| 1 in 8 of its users report engaging in compulsive use of
| social media that impacts their sleep, work, parenting or
| relationships, according to documents reviewed by The Wall
| Street Journal.
|
| https://archive.is/zhGBC
| samwillis wrote:
| Tip of the iceberg.
| cjrp wrote:
| About PS10m in Meta shares, apparently.
| padjo wrote:
| I wish people would stop assuming that all politicians believe
| in the things they propose. Many are basically sociopaths who
| just agree with whatever gets them votes.
| kderbyma wrote:
| almost all of them are imo - if in office and that office
| manages 1M or more people. Those aren't usually aren't
| elected sadly because they aren't willing to sell their
| souls.
|
| There are good odds that a sociopath will start to show
| up...and who wants to tell others how to live their
| lives....sociopaths and antisocial people....great choice of
| leaders but time and again...they lie and cheat and steal and
| make sure they look good for the pictures....so you elect
| them to give themselves raise, increase homelessness,
| increase poverty and spread policies that kill.....and
| enslave the future.
| trynumber9 wrote:
| America should learn from the EU here. Fine ByteDance billions
| repeatedly until they get the memo. Much easier to enforce than a
| ban.
| rcMgD2BwE72F wrote:
| Did Meta get the memo yet?
| rvz wrote:
| Seems like these sort of fines in the billions at tech companies
| is much more better than a outright ban as I said before.
|
| Given that Meta has gotten another fine in the billions it is
| time for another privacy violating social network that has done
| similar [0] [1] and even worse privacy violations [2] [3] than
| Meta, and that is TikTok, which should also be fined in the
| billions just like Meta.
|
| [0] https://www.independent.co.uk/tech/tiktok-user-data-
| europe-u...
|
| [1] https://theguardian.com/technology/2022/nov/02/tiktok-
| tells-...
|
| [2]
| https://www.buzzfeednews.com/article/emilybakerwhite/tiktok-...
|
| [3] https://futurism.com/tiktok-spy-locations-specific-americans
| hutzlibu wrote:
| I am all for it, but china would consider this an attack on
| them an retaliate somehow (taxing european cars more for
| example). Just like the US government would intervene, if the
| fines would be actual existential for FB. Behind the scenes it
| is all politics.
| tantalor wrote:
| Isn't this another way of saying Facebook for US and Facebook for
| Europe are incompatible, and must be separate businesses and
| networks?
| xyst wrote:
| https://archive.is/dSg66
| timcavel wrote:
| [dead]
| 6510 wrote:
| The solution seems simple: Stop blaming companies for things done
| by people who work there. Companies should not be their own judge
| jury and executioner nor be punished as a whole. Go after those
| who implemented things and those who ordered the implementation.
| Punishments should be small enough to still be in proportion with
| the offense and large enough to encourage others not to repeat
| the offense.
|
| If someone doubts the legality of a request they should be
| obligated to report it internally to a member of a formal
| organization like lawyers and doctors have. Lose their title if
| they do not act on a report along with fines and prison
| sentences. Long prison sentences if they are new.
|
| We pay the giant salaries to people with great responsibilities.
| Why would we shield them from responsibility? They should earn
| even more and have even more responsibilities.
|
| It sounds like a blunt weapon but people are asked to do things
| that could have terrible implications all the time. With each
| data breach [for example] there was a dev who could have said no.
| It should have just enough personal implications to at least
| report it internally. If legal wants to stick their neck out for
| it personally the dev and their management are off the hook.
|
| A few years back companies here were forbidden to pay speeding
| tickets for their employees. It was funny how some got a bill in
| stead of a pay check.
| ckastner wrote:
| The fine may not be significant enough given how much Meta has
| profited from this, but that was only one consequence of the
| decision.
|
| The second consequence is that they have to stop doing this,
| which is far more damaging than the fine.
| top_sigrid wrote:
| Notice from NOYB, on whose complaint this goes back to:
| https://noyb.eu/en/edpb-decision-facebooks-eu-us-data-transf...
|
| And HN thread for that link:
| https://news.ycombinator.com/item?id=36029050
| Tallianar wrote:
| Great!! Now stop FATCA and show you actually care about the
| privacy of people that live in the EU.
| mtlmtlmtlmtl wrote:
| Good! Now, fine them that amount another 485 times and the
| problem will be solved!
| smashah wrote:
| Criminal organisation. They are now actively bullying open source
| developers with legal threats. Meta should be broken up.
| Neil44 wrote:
| Ha, can you imagine if TikTok did this in reverse.
| [deleted]
| lifeisstillgood wrote:
| Pros: For years America has disproportionately benefited from
| post-hoc enforcements (I mean mostly it was New York DAs suing
| banks for 2008, money collected from around the globe and then
| put into a single State)
|
| (sane) Tech regulation is a long time coming and it's not coming
| out of the Five Eyes nations - good to see EU taking a lead
|
| cons:
|
| I wish this had been for a "harder violation. Yes it's bad. yes
| they are ignoring EU law. But it's you know drawing a social
| graph.
|
| This leads to a fundamental issue - global capabilities (drawing
| a graph between all the people you know) should not be limited to
| arbitrary geographical boundaries. Social graph is fairly obvious
| - I have friends in US, where do we process the edge between
| those two nodes? If we cannot sort that one out we are going to
| struggle with epidemiology and medical inferences across
| boundaries.
|
| Where data is processed _should_ not affect the care with which
| it is processed. I can conceive of some verifiable processing
| package that ensures data can be processed wherever and still
| meet regulations. Can that be part of the future?
| dingledork69 wrote:
| You ask consent from both users to store it wherever you'd
| like.
| kmlx wrote:
| is it that easy? in which case what's all the hubbub about?
| d1sxeyes wrote:
| No. You also have to take adequate technical and
| organisational steps to protect data privacy.
|
| In particular, the EU believes that by transferring
| personal data to the US, it could potentially be accessed
| by law enforcement/three-letter agencies without 'adequate'
| process.
|
| More here: https://www.osano.com/articles/privacy-shield-
| invalidated#:~....
|
| In short, the US does not have "a level of protection
| essentially equivalent to that guaranteed within the EU".
| ben_w wrote:
| Has to be meaningfully informed consent, IIRC, and a set of
| T&C the length of a Shakespeare play isn't that, not even
| when it's the shortest Shakespeare.
| carlmr wrote:
| And I think we should get rid of the pop-ups.
|
| Let the service do what it does with least permissions. If
| something doesn't work there should be a settings where you
| opt-in. Don't block my view, hoping I will click the dark
| pattern as you want me to, believing I don't get anything
| if I say no.
|
| That's not informed consent. That's consent under duress.
| ben_w wrote:
| I agree.
|
| There will be some cases where you need to explain what's
| going on to a customer before they should be allowed to
| do stuff -- medical, financial, probably some others too
| -- but I think the whole thing is getting abused so much
| it can't stand, and the exceptions probably need a
| specific license already anyway, and that license can
| just also say "and you not only get to have the popup,
| you are required to".
| JoshuaRogers wrote:
| Would you settle for Rodgers and Hammerstein provided that
| the piece is largely a series of musical numbers?
| ben_w wrote:
| IMO anything more than one page of A4 in 12 point Times
| New Roman, is too much for a website where you connect
| with people and groups, chat with them, and share status
| updates and pictures.
|
| Preferably half that.
|
| (Advertisers are allowed longer agreements because they
| can be expected to hire a lawyer to explain stuff to
| them).
| avianlyric wrote:
| > Where data is processed should not affect the care with which
| it is processed. I can conceive of some verifiable processing
| package that ensures data can be processed wherever and still
| meet regulations. Can that be part of the future?
|
| To an extent GDPR already allows this. The fines are only
| occurring because Facebook is transferring data into a
| jurisdiction which doesn't have strong enough data protection
| laws to satisfy GDPR.
|
| In the U.S. case specifically, it's issues around laws that
| allow the U.S. government to force U.S. companies to handover
| data arbitrarily with very little (if any) due process. If the
| U.S. modified their draconian laws to ensure that everyone was
| afforded due process before their data was scooped up by the
| U.S. government, then there wouldn't be an issue.
|
| Unfortunately verifiable processes packages don't solve the
| fundamental problem that the various three letter U.S. agencies
| can send a secret order, with effectively zero judicial
| oversight, to Facebook and compel them to handover data, plus
| gag Facebook from telling the individuals about the demand.
| fredgrott wrote:
| Note that you are wrong on zero Judicial oversight...as it
| has originally been reviewed by the courts numerous times.
|
| And, the 5-eyes(my term) still do collect some data behind
| the scenes that has minimal court oversight including GDPR.
| pembrook wrote:
| There's a new EU-US data framework that's expected to be
| ratified within a year which should make EU-US transfers
| possible again under new guidelines. Its possible this fine
| was intended to pre-empt the passing of any new frameworks
| and cash in on the uncertainty in the interim.
|
| Fining foreign big tech over EU privacy nuances is like
| taking candy from a baby. The narrative zeitgeist on both
| sides of the pond is in support (stories of rigged elections
| for 4 years turned public opinion brilliantly).
|
| While protecting your citizens rights is a noble cause, its
| hard not to see the moral hazard inherent in this approach.
|
| Abusing your position as a desirable market to impose post-
| hoc tariffs via an endless stream of fines is questionable
| IMO. Especially while the US provides Europe with its
| extremely expensive military support blanket (NATO) against
| the angry bear at its door.
| sgift wrote:
| > Abusing your position as a desirable market to impose
| post-hoc tariffs via an endless stream of fines is
| questionable IMO.
|
| There's a simple scenario in which Meta wouldn't have had
| to pay these fines: Don't break the law. And don't continue
| breaking the law after being told to stop it. It's not
| abusive to remind companies that actions have consequences
| in the language they understand and respect.
| kmlx wrote:
| who says Meta will pay this fine? they will litigate
| until the end of times.
| mackman wrote:
| The cost of setting up additional data centers in Europe
| and re-architecting your application with a different
| replication strategy is probably 10x-50x the fine. It
| would also take years and a sizable fraction of the
| engineering team to make it happen and there will be
| significant performance and reliability issues throughout
| the process. Easier to pay the fine and lobby for rules
| changes for a decade.
| avianlyric wrote:
| $1.3bil is a huge sum of money. To put that into
| perspective you could pay 260 engineers $500k a year for
| 10 years with that money.
|
| Or 260 engineers $1mil a year for 5 years with that
| money.
|
| You honestly think it would take it would 2600-13000
| engineers 10 years to do the work needed for compliance?
| pembrook wrote:
| Do you honestly believe that Meta's hundreds (possibly
| thousands) of both full-time and contracted out lawyers
| would collectively advise them to break the law? Knowing
| full well the outcome would be $Billions in fines?
|
| EU to US data transfers used to be okay for years, then
| there was a single ruling that brought that into
| question. Because government moves slow, there hasn't
| been a new framework implemented. Ruling for Billions in
| fines during the interim, while the US government and EU
| are still negotiating the details of the new framework is
| not an environment conducive to full compliance. US
| companies would essentially need to stop operating in the
| EU altogether if they wanted to be fully compliant.
|
| Combine this with giant companies which also are slow
| moving (albeit faster than government) and you have a
| recipe for never-ending fines no matter how much you try
| to comply in good faith.
| mbesto wrote:
| > Do you honestly believe that Meta's hundreds (possibly
| thousands) of both full-time and contracted out lawyers
| would collectively advise them to break the law? Knowing
| full well the outcome would be $Billions in fines?
|
| Yes, absolutely. Laws are never clear and require human
| beings to interpret.
|
| Lawyers jobs are about assessing risk. While they might
| not have explicitly said "you will get fined $B", they
| will definitely say "here is the likelihood that the EU
| fines you" and then meta management would make a
| strategic (e.g. do we want to risk this based on how much
| money we can profit) decision based on that.
| malermeister wrote:
| > US companies would essentially need to stop operating
| in the EU altogether if they wanted to be fully
| compliant.
|
| That's exactly what they should've done to not break the
| law while there was no legal basis for what they were
| doing.
|
| They didn't. Now they suffer the consequences for
| breaking the law.
| pfannkuchen wrote:
| I believe they can still at any point stop operating in
| the EU and not pay the fine? How would the EU implement
| the fine if Meta pulled out? I thought their leverage was
| just the threat of blocking the service in the EU.
| tfourb wrote:
| Meta has plenty of EU-based assets which are not liquid
| enough to just pull out in a matter of months. The EU and
| national governments would also likely have options under
| insolvency laws and criminal statutes to freeze some of
| Meta's assets in the EU if the company made an attempt to
| pull out to avoid some fines. Of course Meta won't. The
| EU is a valuable market and even if Meta would stop
| making any profit (they won't), it can't just leave that
| market to the competition.
| malermeister wrote:
| I guess if no Facebook exec ever wants to touch European
| soil again, that is an option.
| pfannkuchen wrote:
| Wouldn't this have to be a criminal case for execs to be
| personally liable? I assume it isn't a criminal case?
| tfourb wrote:
| It's not, but not paying a fine can quickly become a
| criminal offense.
| tfourb wrote:
| Corporate lawyering is basically about finding ways to
| break the spirit or letter of the law without being
| punished for it. Or to limit the punishment so that it is
| exceeded by the likely profit of breaking the law. So
| yes, Meta's thousands of lawyers probably recommend
| breaking (or "interpreting" certain laws in certain ways
| all the time because the cost/benefit analysis makes it
| worth it. And sometimes they miscalculate and the fines
| are larger than the profit or result in some unexpected
| political blowback. See also Apple's approach to its App
| Store and payment policies.
|
| EU to US data transfers were questionable for years,
| until a whole string of rulings through several levels of
| national and E.U. courts made clear that they weren't
| under some circumstances. Other companies have found ways
| to deal with that, Meta obviously could have, but chose
| not to (because profits). One obvious way would be for
| Meta to save E.U. customer data on E.U. servers
| exclusively, splitting the social graph (and advertising
| shadow profiles, which likely is what they really care
| about). Good faith does not enter into the equation,
| would be my guess.
| nvarsj wrote:
| The law is almost a moving target, based on the whims of
| the current political zeitgeist and public opinion.
|
| And law isn't binary, yes/no. Much US law is very murky
| and ambiguous. It takes litigation and court action to
| actually figure out what the poorly worded laws mean.
| Congress is really bad at creating law for some reason.
| janalsncm wrote:
| There was also a grace period during which time Meta made
| no substantive efforts to come into compliance. If Meta
| had even a half-baked EU solution they would not be so
| thoroughly and repeatedly punished.
|
| Yeah, standing up a data center is not trivial, but Meta
| also hires the best in the world. Move fast and break
| things. In this case they didn't even move at a medium
| speed, so they get no sympathy from me.
| Paradigma11 wrote:
| Why not do the data processing in the EU till the new
| framework comes into place?
| scarface74 wrote:
| How do you process data about an international social
| graph only in the EU? When a friend in the EU posts
| something, should their post not be seen in the US? What
| happens when I have a group conversation between friends
| in the US and EU?
| asvitkine wrote:
| Well, if the US and other countries don't have equivalent
| laws, you can move everything to the EU.
|
| Of course, this doesn't work if another country has such
| a law. But if it's a smaller country, then it doesn't
| have as much leverage (e.g. Facebook could accept the
| smaller fine or pull out).
| scarface_74 wrote:
| How do you move "everything" to the EU including messages
| sent to US citizens? What if the messages are in a group
| of people in the US and the EU?
| SideburnsOfDoom wrote:
| What is your better suggestion: The world follows lax US
| law? Or anything goes, no law?
|
| These are not acceptable options to the EU.
| scarface_74 wrote:
| I don't know, maybe let adults make their own informed
| decisions and weigh the tradeoffs versus benefits based
| on their own priorities instead of depending on the
| government?
| standing_user wrote:
| Most likely even that, if and when it will be done will
| have flaws that sooner or later will cause the fall
|
| Purely from a logical perspective, preventing the data of a
| company operating in the United States and Europe from
| contaminating or coming into contact is a pure utopia no
| matter how much effort it puts into goal or any other
| company operating in the same or similar field. There will
| always be a point of contact and a way for European data to
| be under the lens of some American agency or body.
|
| In addition to Facebook is not really famous for its
| transparency in data management so any commitment to the
| contrary I see it as a paper promise
|
| NATO's excuse that because the US finances then anything is
| allowed is a fallacious argument.
| blibble wrote:
| > There's a new EU-US data framework that's expected to be
| ratified within a year which should make EU-US transfers
| possible again under new guidelines.
|
| this will likely be found to be unlawful too in the way the
| last two were
|
| the EU commission shouldn't be creating frameworks that it
| knows are unlawful (definition of malfeasance?)
| bjornsing wrote:
| Why not? It keeps bureaucrats employed. Thousands of
| them.
| detaro wrote:
| > _Its possible this fine was intended to pre-empt the
| passing of any new frameworks and cash in on the
| uncertainty in the interim._
|
| a new framework passing wouldn't retroactively legalize the
| transfers happening before that, so this doesn't make
| sense.
| FpUser wrote:
| >"Abusing your position as a desirable market"
|
| Sounds like something that the US does routinely.
|
| >"Especially while the US provides Europe with its
| extremely expensive military support blanket"
|
| 1) I think it is more than compensating by Europe agreeing
| to use USD as the reserve currency. The US gets enormous
| benefits as the result.
|
| 2) Angry bear seems not to be able to win over a single
| country. Beside the US does it for self serving reasons. It
| is not a charity. And if it did not I think the Europe is
| quite capable to create and maintain their own army and
| weapons.
| M2Ys4U wrote:
| >There's a new EU-US data framework that's expected to be
| ratified within a year which should make EU-US transfers
| possible again under new guidelines.
|
| Until it's struck down by the court again.
|
| The agreement will not - it cannot - satisfy the
| requirements of the GDPR and CFR unless and until the US
| changes its law.
| jonas21 wrote:
| > _The agreement will not - it cannot - satisfy the
| requirements of the GDPR and CFR unless and until the US
| changes its law._
|
| Or unless and until the EU changes its laws.
| pyrale wrote:
| Why would the EU change laws about how business is
| supposed to be conducted in the EU?
| charcircuit wrote:
| Because 10s of millions of Europeans benefit from US
| services and making it easier for US services to operate
| benefits their citizens.
| pyrale wrote:
| > making it easier for US services to operate benefits
| their citizens.
|
| The reason we have regulations is that the opposite
| proved to be true.
| cccbbbaaa wrote:
| GDPR (and the national laws it replaced) does not exist
| in a vacuum, but is an implementation of ECHR art. 8, and
| CFREU art. 7 and 8. If it is changed, odds are it will
| become stronger, not weaker. And it is quite foolish to
| think the CFR will be changed to accommodate companies
| like Meta.
| Attrecomet wrote:
| Lets hope not, given that the stances are
|
| US: "we demand the right to spy on anyone for any reason,
| except US citizens where we absolutely must recognize
| their constitutional rights"
|
| EU: "we demand basic protections for the rights of our
| citizens"
| whimsicalism wrote:
| Those two views sound the same? Or am I an idiot?
| avianlyric wrote:
| > There's a new EU-US data framework that's expected to be
| ratified within a year which should make EU-US transfers
| possible again under new guidelines.
|
| There's already been two attempts at this, both of which
| were ratified, then struck down by the ECJ.
|
| There's already clear indications that attempt there isn't
| much better than attempt one and two, and the smart money
| is betting on it not being ratified, or being struck down
| if it is.
|
| In the meantime it's been illegal for a years to transfer
| EU data to the U.S. So even if it did suddenly become
| legal, those laws aren't going to retrospect, and Facebook
| still engaged in blatantly illegal behaviour.
| mananaysiempre wrote:
| > There's a new EU-US data framework that's expected to be
| ratified within a year which should make EU-US transfers
| possible again under new guidelines.
|
| Black Books (S01E01) put it best:
|
| > NICK VOLEUR: This new system, it's very closely modelled
| on the old system, isn't it?
|
| > BERNARD BLACK: I'd go further than that, Nick, I'd say it
| was more or less exactly the same[.]
|
| Given the US side of said framework is established by
| executive order[1] and the "court" it creates is part of
| the executive (much like the "ombudsperson" office that the
| CJEU struck down Privacy Shield over), it's unclear if it
| will work, or if the Commission (an executive body who can
| establish these things but is subject to judicial review)
| is setting itself up for a _Schrems III_ another ten years
| down the line for foreign-relations reasons. The EU privacy
| regulator very politely said it was dubious[2], while the
| relevant parliamentary committee[3] and later the full
| parliament[4] expressed open scorn.
|
| The US diplomats, for their part, are trying for a "you
| too" defence[5]--which might well be factually true to some
| extent, just does not change anything about EU law.
|
| > Its possible this fine was intended to pre-empt the
| passing of any new frameworks and cash in on the
| uncertainty in the interim.
|
| As the legal basis for a transfer is fixed at the time it's
| performed, a framework cannot be retroactive (but "the
| Commission was wrong, the transfers weren't lawful after
| all" decisions can be). So while the FUD may be real, the
| case could just as well have been decided after the new
| framework had been passed.
|
| [1] EO 14086, https://www.federalregister.gov/d/2022-22531
|
| [2] https://iapp.org/news/a/edpb-welcomes-improvements-to-
| eu-us-...
|
| [3] https://iapp.org/news/a/meps-urge-european-commission-
| to-rej...
|
| [4] https://www.europarl.europa.eu/news/en/press-
| room/20230505IP...
|
| [5] https://www.politico.eu/article/washington-to-brussels-
| we-wa...
| pjc50 wrote:
| > a new EU-US data framework that's expected to be ratified
| within a year which should make EU-US transfers possible
| again under new guidelines
|
| What specifically has changed about US law relating to mass
| surveillance of foreign nationals that is going to make
| this one work?
| scarface74 wrote:
| Yes it's not like the EU isn't also trying to pass laws that
| force every encrypted communication to have a backdoor so
| they can spy....
| ilyt wrote:
| > Where data is processed should not affect the care with which
| it is processed. I can conceive of some verifiable processing
| package that ensures data can be processed wherever and still
| meet regulations. Can that be part of the future?
|
| Not with US laws. The whole problem are US laws essentially
| allowing government to force any company to disclose whatever
| they need with little reason. That's the problem. That the
| moment data are processed by US company (not even neccesarily
| _in_ US), US government have right to violate privacy
| [deleted]
| bjornsing wrote:
| The EU bureaucrats have a solution: If you are in the EU then
| all your friends outside the EU see a generic icon
| representation of you. If they click the icon a window with the
| text "Displaying personal data related to this individual would
| violate the GDPR" appears. Your name is also redacted.
|
| The perfect user experience!
| jimkleiber wrote:
| > This leads to a fundamental issue - global capabilities
| (drawing a graph between all the people you know) should not be
| limited to arbitrary geographical boundaries.
|
| For me, this hits a more fundamental issue: how do we govern
| global issues without a global government?
| potatoman22 wrote:
| The UN kind of does that
| Longlius wrote:
| The UN is not a government. It is a mostly voluntary
| organization that exists purely so we never end up in a
| situation like we did in 1914 or 1939 where the countries
| of the world are just not at table talking to each other.
|
| Yes, the UN does lots of things. But it has no power to do
| those things without the voluntary buy-in of member states.
| karol wrote:
| [flagged]
| bleep_bloop wrote:
| Kind of have to agree with this sentiment. The UN is
| toothless and while the idea was good, I believe it has
| failed in practice. That isn't to say we should just
| scrap the whole thing as there really isn't an
| alternative, even though I believe it will eventually be
| abandoned.
|
| It does seem like the golden age of international co-
| operation is at an end and more and more countries are
| becoming insular, entering conflict or creating factions
| with specific neighbours.
| Tyrek wrote:
| Was the UN meant to be a 'global government' or more of a
| newer forum for the superpowers to avoid nuclear
| conflict? If the latter, it's done a pretty reasonable
| job so far.
| moffkalast wrote:
| Nah the UN does what it should, prevents world wars and
| nuclear holocaust by keeping superpowers talking in an
| open forum. That's kind of the only point of it, not to
| be some kind of world government.
|
| > The United Nations, referred to informally as the UN,
| is an intergovernmental organization whose stated
| purposes are to maintain international peace and
| security, develop friendly relations among nations,
| achieve international cooperation, and serve as a centre
| for harmonizing the actions of nations.
| bleep_bloop wrote:
| Isn't this kind of exactly what the EU is showing us, that a
| global power isn't needed if countries actually set
| requirements and regulations. There has been a lack of desire
| from law makers worldwide to protect consumer data even
| though it's very obvious that it should be a fundamental
| right to control who gets to know your personal information
| and worse, whether they can sell it.
|
| What I believe is happening here is the EU is setting a new
| standard that the US and UK and others will have to follow if
| they want to do business in the EU, unless they invest
| millions in infrastructure and staff.
|
| I believe the same happens in the US, one state such as
| California will make progressive law changes that force
| companies to just apply the same standards across other
| states as it's less legal and regulatory burden, so
| effectively one state can actually change the system for
| everyone, no global super government required.
| expensive_news wrote:
| Likewise you have governments like the UK who are
| discussing bills that will effectively ban E2E encryption
| for children's safety. If passed, companies like WhatsApp
| would just leave the market.
|
| I believe your comment is somewhat true, but in your
| examples with the EU and California it's mostly the case
| where (one of) the largest market(s) is able to set laws
| that govern the entire world. Which is great if everyone
| also happens to agree with the law, but it's not the most
| democratic situation.
| bobthepanda wrote:
| The problem is, what is a democratic global government?
| Larger states dominate smaller states in democratic
| governments all over the world simply because of numbers
| of votes. Having yet another layer of elections over it
| doesn't really make much of a difference.
| niij wrote:
| Population of a nation doesn't necessarily correspond to
| influence, though.
| CydeWeys wrote:
| In a democracy it does correspond with votes though.
| Other than one person = one vote, how would you structure
| a global government?
| sangnoir wrote:
| > Larger states dominate smaller states in democratic
| governments all over the world simply because of numbers
| of votes.
|
| At what governance level would this be acceptable for
| you? The existence of political minorities is invitable.
| The question is where do _you_ draw the line: street,
| block, postal code, city, metro, region, state, or
| nation? When is it ok to dominate others because they got
| less votes? The same issue is reflected in red states
| grabbing power from blue cities, with the implication
| that the state-level domination is A-OK.
| bobthepanda wrote:
| I didn't say anything about acceptability. But if
| grandparent's comment is this
|
| > with the EU and California it's mostly the case where
| (one of) the largest market(s) is able to set laws that
| govern the entire world
|
| this is not likely to be solved by yet another layer of
| government.
| tobylane wrote:
| It is the most democratic situation. Companies can decide
| between a leave that market, b treat the whole world by
| the strictest laws or c only follow those laws for those
| residents. If the cheapest solution is b, and capitalism
| demands the cheapest solution, then that's useful
| information for the shareholders to choose a path. Just
| because we know what they will always choose doesn't make
| it undemocratic.
| muro wrote:
| b might just not be possible as above poster wrote,
| regulations might be in conflict.
| prirun wrote:
| > I believe the same happens in the US, one state such as
| California will make progressive law changes that force
| companies to just apply the same standards across other
| states as it's less legal and regulatory burden, so
| effectively one state can actually change the system for
| everyone, no global super government required.
|
| I almost bought a car from Carvana. They had all my info:
| driver's license images, SSN, etc. At the last minute they
| required a DocuSign signature, which I told them upfront I
| wouldn't use, so I canceled the deal.
|
| Afterward, I told them I wanted all of my info deleted
| since we didn't do a transaction. They said they could only
| do that for CA residents. A CA law is not going to cause
| companies to follow that law for all US citizens if it's to
| the company's advantage not to follow it.
| akhosravian wrote:
| I think I'm missing your point here. Let's say Texas passes
| a law that all Texans data has to be processed in Texas,
| and because cowboys don't give a shit there's no
| consideration for the EUs law.
|
| What would the appropriate way for meta to handle a
| friendship between a Texan and a European be? They can't
| process the Texans data outside Texas, and they can't
| transfer the Europeans data outside of Europe. Disallow
| them to be friends?
| [deleted]
| CobrastanJorji wrote:
| As long as international companies have the option to
| exclude any local government, they can simply vote by
| participation. Texas requires something that a Swiss
| social network cannot abide? Block Texas.
|
| This doesn't work when a law doesn't allow some foreign
| company to escape, though. Suppose Texas decides that toy
| makers are liable for toys that hurt children. A Swiss
| company that makes army knives for kids decides not to
| sell to Texas, but other people buy some and then resell
| them in Texas. If the original manufacturer can't avoid
| the local government, that's more complicated.
| M2Ys4U wrote:
| This isn't a data localisation issue.
|
| The EU isn't saying that personal data has to be
| processed only in the EU. They're saying it has to be
| processed somewhere with adequate standards of data
| protection.
| callalex wrote:
| You are misrepresenting this ruling. Any data that the
| user gives informed consent to share can be moved
| wherever the user consents. This ruling is about sending
| user data without any active informed consent.
| victorbjorklund wrote:
| Not so simple. Even with consent you arent really allowed
| to store in america because america is assumed to be an
| unsafe country (because govt can at any moment force a US
| company to show the data)
| 908B64B197 wrote:
| > because america is assumed to be an unsafe country
| (because govt can at any moment force a US company to
| show the data)
|
| I assume here the EU can't do the same?
| ilyt wrote:
| Well, yes, that's ENTIRETY of the problem, US law pissing
| on privacy and user consent. Fix that and it's all well.
|
| It never was about "where it is processed" but "who can
| access it".
| scarface74 wrote:
| You didn't answer the question . How do you have a global
| graph without sending data to every country where your
| friends are?
|
| This is another example of clueless EU regulators creating
| laws with no understanding of the implications
| tlamponi wrote:
| > How do you have a global graph without sending data to
| every country where your friends are?
|
| On-Demand, i.e., if one of your friends actually visited
| your "node" (profile or whatever) and also by following
| the law for the country the data originates from, no need
| to store anything in the target country - i.e., like most
| of the internet already works (or worked), it's really
| not _that_ hard.
|
| > This is another example of clueless EU regulators
| creating laws with no understanding of the implications
|
| Meh, maybe some are clueless, but one sees also a lot
| head scratching and scapegoating from people that don't
| bother to even think on solutions or what the actual laws
| are about (i.e., are themselves clueless about the actual
| implications).
| scarface_74 wrote:
| And what happens when I send a private message from the
| EU to someone in the US via Messenger?
| bjornsing wrote:
| The message is sent to the EU bureaucrats so they can
| scan it for X, where X is initially child porno but will
| surely expand. Your friend just sees a gray box with the
| text "Displaying this message would violate the GDPR."
|
| It's the perfect user experience!
| niho wrote:
| Well, a private message sent via Messenger is not
| personal data (PII), so is not covered by GDPR. This is a
| very simple concept that critics of GDPR seems to ignore
| or get wrong over and over again.
|
| It's not about protecting _all_ data. It's about
| protecting _personal_ data.
|
| https://gdpr.eu/eu-gdpr-personal-data/
| scarface_74 wrote:
| How is a _private_ message not personal data?
| SideburnsOfDoom wrote:
| There's literally a definition of PII at the link given
| above, which could tell you that. So stop asking stupid
| questions.
| scarface_74 wrote:
| So yes you're right my personal messages attached to my
| user name doesn't relate to an identifiable person.
|
| "which is any piece of information that relates to an
| identifiable person."
| Detrytus wrote:
| If the message is really private (i.e. end-to-end
| encrypted) then Facebook can't see it , and if it can't
| see it, or process it in any way then the GDPR does not
| apply. And if Facebook does access the message and stores
| it on their servers in plaintext form then that's their
| (bad) choice, and they should be held responsible for it.
| scarface_74 wrote:
| So now we agree that asking about private messages is not
| a "stupid" question?
|
| And then if they do e2e encryption where the EU can't get
| to it, that runs afoul of another proposed EU regulation.
|
| https://www.politico.eu/article/eu-commission-violation-
| priv...
| robertlagrant wrote:
| It needs to simultaneously accessible to UK law
| enforcement and not reachable from another country. Come
| on Meta, can't you solve that really easy one?
| ilyt wrote:
| _bans UK_
| devjab wrote:
| > You didn't answer the question . How do you have a
| global graph without sending data to every country where
| your friends are?
|
| You do not, but that is not what the ruling is about.
| This ruling is about Meta using standard contracts (SCC)
| to achieve mass acceptance for personal data transfers of
| EU citizens out of the EU. Which you are not allowed to
| do with the GDPR. If Meta had obtained individual
| permissions from you on your various personal
| information, then it would not have been illegal for Meta
| to share your information globally.
|
| This isn't really about what you share on FB either, it's
| about all the data that Meta applications gather about
| you (often without your knowledge) that they then send
| outside the EU with a very generalised permission that
| you probably auto-accepted when you signed up. It's
| exactly because the EU regulators know that people auto-
| accept those general agreements without ever reading them
| that the law has been made to make such agreements non-
| GDPR-compliant. The reasoning is that you cannot sign
| away your rights without understanding what you are
| signing away, and if corporations don't want to make sure
| you know what you are agreeing to then the corporations
| are in violations of EU law.
| JohnFen wrote:
| > How do you have a global graph without sending data to
| every country where your friends are?
|
| Why is it important that this can be done? The "social
| graph" is for the benefit of the likes of Facebook. You
| already know who your friends are and how to talk with
| them. You don't need a third-party social graph for that.
| waynesonfire wrote:
| GDPR states, "The storage limitation principles state
| that you should keep personal data for as long as the
| purpose is unfulfilled"
|
| Seems like FB was storing a little bit more than just
| social graph and for a bit longer.
| runamok wrote:
| While I like the regulations on who can collect and share
| your data and preventing all these backdoors to the US Gov
| I also think these regulations make it impossible for small
| companies to compete with Meta, Google, etc. You can't hire
| enough legal and compliance experts to get it 100% right
| not to mention all the extra code you need to write. Maybe
| that's OK but my cynical side says Google and Meta lawyers
| write and practically hand these regs to the legislators
| with that in mind.
| thayne wrote:
| Not to mention if you can't move customer data out of a
| governance region that means you need a separate data
| center. Which is prohibitively expensive for a small
| business, but something a big corporation like Meta or
| Google would probably do anyway.
| tonis2 wrote:
| I agree, EU fuels the Corporations and blocks small
| companies from getting any traction, by increasing the
| compliance levels, without thinking stuff through.
|
| I dont want to say, that fighting for privacy rights is a
| bad thing, but as small time entepreneur, they seems to
| be on same side.
| JohnFen wrote:
| That sort of argument sounds a lot like "Small companies
| should be allowed to abuse their customers because if
| they aren't, then they can't compete."
| screwturner68 wrote:
| I just heard Eric Hughes give a talk about this and the
| non-regulatory solution was pretty simple, flood the field
| with so much bullshit that the data collected is worthless.
| Sadly most people happily give away their most personal
| information for "free" email, chat and search engine. I
| don't think most people are willing to actually pay for the
| services provided to them in exchange for their detailed
| personal information, maybe people's opinions will change
| but I wouldn't bet on it and meaningful regulation written
| by lobbyists and voted on by octogenarians probably won't
| happen either.
| mindslight wrote:
| Do you have any examples of software that currently
| accomplishes this for any services that are based around
| user profiles, often tied to a phone number?
|
| Especially for unilateral users of such software? (if I
| could convince fellow proprietary service-users to use
| some obfuscating software that generated/filtered a bunch
| of fake communications, I could just convince them to use
| Free software instead of the proprietary service)
| Waterluvian wrote:
| A global government isn't really possible. I think the
| fundamental issue is that a tribe of "everyone" doesn't
| really work without a counterpart. I think the solution
| begins by colonizing Mars, a few moons, maybe some asteroids.
|
| Edit: fine, more Mars land for me!
| tfourb wrote:
| Global government is only the extension of local, national
| and regional government. The E.U. already is a kind of
| "international" government in that it creates de facto
| laws, rules and regulations that supersede the laws of its
| member states. Similar constructs (though not as advanced)
| exist i.e. in West and East Africa.
|
| A global government is an entirely logical next step and
| could be a very valuable asset when dealing with truly
| global issues.
| braymundo wrote:
| If I'm living under a dictatorship, at least I can try to
| escape and move to a better place. If a global government
| becomes tyrannical, where do we go?
|
| Such an idea is centuries away in the best case scenario.
| tfourb wrote:
| How about you stay and work towards changing the
| government? This is literally how every democracy has
| developed. It is also the reality for several Billion
| people today. Most can't just up and leave if they
| disagree with their governments. Borders are not open for
| most people.
| JohnFen wrote:
| I'm far from convinced that a global government could
| possibly be a good thing. I think that a large part of
| the political problems in the US, for instance, is
| because its trying to govern too many people of very
| different and often incompatible cultures and values.
| tfourb wrote:
| The magic word is "subsidiarity": the principle that
| political decisions should always be made on the most
| local level that still enables their resolution. Under
| that principle, a (democratically legitimized) world
| government would only be tasked with creating laws
| pertaining to truly global issues (i.e. setting limits
| for the emissions of CO2). I agree with other comments
| here that this is unrealistic in the near future. But
| that doesn't mean that it is not a good idea.
| johanvts wrote:
| You can have plenty of tribalism and conflict between
| people under the same government.
| jt2190 wrote:
| I think a better way to frame this is "Is it possible to
| use the rule of law across national boundaries?" Clearly
| the answer is currently a qualified "yes": Laws, treaties,
| etc do exist and are commonly used. The areas that are
| addressed are clearly not uniform, nor can we rely on all
| nations to participate, and the enforcement of laws across
| national boundaries are extremely tricky and currently
| limited. However, that should not stop us as a planet from
| trying to improve global cooperation through the law,
| rather we should look at it as "more work to do".
| sandworm101 wrote:
| >> how do we govern global issues without a global
| government?
|
| By consensus. By willing participation of all. By individual
| countries actively deciding to operate in the agreed best
| interests of the whole. And when countries act egregiously
| badly, subsets of the larger group band together to employ
| military force against them. Government can exist without
| rigid structures. The enforcement of norms by the collective
| is a form of government. This is what they mean when
| diplomats speak of threats to the "international system" even
| though we lack any official world government.
| robertlagrant wrote:
| Well, governments also can declare wars, send chaps off to
| die in them, and lock people in boxes for not following
| rules written down by the governments. They can also
| collect money from people under same threat of box-locking.
|
| Not every "enforcement of norms by the collective" (what's
| _the_ collective?) can do that.
| sandworm101 wrote:
| World government doesn't mean world peace. Wars and
| locking people up are all part of legitimate government.
| robertlagrant wrote:
| I'm answering your comment! Did you forget the context my
| friend? : - )
| jahewson wrote:
| Counterpoint: how do we govern global issues _with_ a global
| government? I'm not sure it's any easier.
| cushpush wrote:
| Amazing counterpoint!
| mrtksn wrote:
| I'm not fan of barriers but this is coming down to "ban or
| regulate".
|
| Whatever TikTok is to the USA, Meta and the rest is the same
| for EU. TikTok has known links to the Chinese Communist Party
| and the American social media and tech in general has proven
| links to US intelligence and mass surveillance programs. You
| may say that CCP is adversary and US-EU are ally but then again
| the US has proven to be able to elect anti European government,
| so EU can't afford to rely on not having Trump or similar once
| again in power.
|
| The Americans are considering to ban TikTok, do you want EU to
| adopt the same approach and ban TikTok along with Meta and the
| rest?
|
| I like the EU approach better, even if it's not ideal its
| better than complete ban. Honestly, I'm terrified from banning
| becoming the norm because this will mean completely fragmented
| internet and this will mean the end of global society because
| the countries will be able to shape their society the way it
| suits them for internal politics.
| pmoriarty wrote:
| _> do you want EU to adopt the same approach and ban TikTok
| along with Meta and the rest?_
|
| if only...
| mnky9800n wrote:
| i think the worse part of all this is that it won't be a real
| ban. you will immediately see the news apparatus telling
| stories about how teenagers get long prison sentences for
| downloading tiktok illegally. Real people will be punished
| for the theatrics of global politics.
| logdap wrote:
| > _The Americans are considering to ban TikTok, do you want
| EU to adopt the same approach and ban TikTok along with Meta
| and the rest?_
|
| Yes, of course.
| blagie wrote:
| I don't know of good solutions. I'm deep in the "ban on
| regulate" camp, but I don't know what those bans or
| regulations should be. Honestly, I'm less concerned about
| Chinese and Russian agents than simple, capitalist free
| market forces.
|
| Web sites which grab eyeballs grab dollars. There is no
| connection to truth, integrity, or honesty there. Right now,
| even with humans and Facebook-grade algorithms, that's
| leading to polarizing hatred. Things will get worse once LLM-
| style algorithms start generating content to optimize
| engagement.
|
| We need individual free speech, but I'm much less sold on
| corporate free speech (or speech from algorithms optimized to
| a capitalist markets).
| kmlx wrote:
| > I'm less concerned about Chinese and Russian agents than
| simple, capitalist free market forces.
|
| it should be the other way around.
| janalsncm wrote:
| More afraid of US agents than Chinese capitalists?
| bushbaba wrote:
| Same logic was used for the Nordstream by Germany.
| dfadsadsf wrote:
| The big and critical difference between TikTok connections to
| CCP and Meta connections to three letter agencies is that US
| and EU are military allies while US and China are strategic
| adversaries with chance of real hot war in the next 5 years.
|
| Military umbrella that US provides to EU that includes
| military bases, transfer of military technology and freedom
| of navigation for middle east oil forces all parties to play
| much nicer. Fines to tech companies are fine (and often are
| supported by US regulators) but drastic steps like even
| seriously proposing banning big US tech companies are
| obviously over the line and are unacceptable.
|
| Even beyond alliance, EU can start trade war but do not be
| surprised if then BMW and Mercedes cars surprising develop
| safety issues that requires full recall and compensation to
| all car buyers for harm.
| Sharlin wrote:
| > Military umbrella that US provides to EU that includes
| [...]
|
| ...and also includes spying on EU citizens on EU (and the
| Five Eyes) leaders' behalf (aka "sharing intelligence").
| Don't forget that data transfer to the US also provides
| European leaders a way to circumvent their own privacy
| regulations, which is unacceptable.
| pyrale wrote:
| > Even beyond alliance, EU can start trade war
|
| That's how European leaders saw IRA. They didn't retaliate
| because of the current context, but I find it surprising
| that US technologists are so oblivious to this kind of
| context, while resenting so acutely when US companies are
| asked to respect EU law.
| logdap wrote:
| Facebook being banned in the EU has no justifiable bearing
| on NATO obligations. NATO is not a trade agreement.
| freetanga wrote:
| Thanks for reminding me of the book "War is a racket".
| American farm boys being brainwashed into Americana,and
| send off to die to prop up American Businesses.
|
| From the Banana Wars for the American Standard Fruit
| company, to getting PTSD in Iraq to make Dick Cheney
| wealthier, to who knows where next to defend Meta.
|
| Nothing has changed in America. The military umbrella is
| watered with blood of lower and middle class boys and
| girls, but only to project Tycoons and Billionaires.
|
| They could repel NATO, but if Europe slides with China then
| things will look very shitty for the Western Hemisphere.
| DoughnutHole wrote:
| The trade wars have already begun with the Inflation
| Reduction Act - the US is already turning protectionist and
| subsidising its own industry to the detriment of its
| allies' industry. I wouldn't put it past a future
| government to take more drastic action, whether or not the
| EU takes a hard stance on US tech.
|
| The US is still a vital ally of Europe and I'm optimistic
| that this relationship will continue. But Trump and the
| alignment of factions of the Republican Party with Russian
| interests have demonstrated that this relationship is no
| longer rock-solid. Even the Democrats are shakier than they
| used to be, and orienting for a more self-reliant US.
|
| The US is preparing itself for the end of the post-Cold War
| liberal global order. The European-American alliance may
| survive this shift or it may not. Drastic action against US
| tech is absolutely still premature, but we should be
| prepared for European interests to no longer necessarily be
| the same as American interests.
| phpisthebest wrote:
| >>But Trump and the alignment of factions of the
| Republican Party with Russian interests
|
| hmmm
|
| >>> already begun with the Inflation Reduction Act - the
| US is already turning protectionist
|
| you do know that was a Democratic supported, passed and
| celebrated law right? Not republican.
|
| I have no love loss for the republicans, but this idea
| that all the problems with US politics are because of
| Republicans (or worse the Trump bogey man) is moronic and
| ignorant.
|
| >The European-American alliance may survive this shift or
| it may not.
|
| This shift has to take place with Europe advancing more
| of it national defense itself, America simply can not
| afford to be the world police anymore. The American
| People are demanding ever increasing social programs, EU
| Style Social programs, which the EU has been able to have
| due to the protection umbrella the US as provided at
| great cost since WWII, to date almost none of the NATO
| Nations have ever honored their miniscule treaty
| requirements of 3% GDP defense spending, when they should
| be closer to 10-15%, but most are at 1-2% (or less)
|
| @32 Trillion Dollars in debt, the US Bank is collapsing,
| and closed...
| DoughnutHole wrote:
| > you do know that was a Democratic supported, passed and
| celebrated law right? Not republican.
|
| I addressed this - the Democrats are also orienting
| towards a more protectionist, isolated US. The European-
| American relationship is also deteriorating under the
| current administration. But it's not Democrats that are
| arguing for abandoning Ukraine and acquiescing to Russia,
| it's factions of the Republican Party.
|
| The reality of which party does what is frankly
| irrelevant though - the _perception_ of people and
| governments of Europe is that the US is not as reliably
| staunch of an ally as they once were, and this kicked off
| under the Trump administration. Europeans believe that a
| Republican administration is less supportive of a strong
| alliance, and this perception of flakiness is driving a
| push for European self-reliance.
|
| > to date almost none of the NATO Nations have ever
| honored their miniscule treaty requirements of 3% GDP
|
| This is already happening. Several of the biggest
| freeloading countries have promised massive increases in
| spending in response to the Russian invasion of Ukraine,
| most notably Germany. They haven't met their targets yet,
| but an era of European self-reliance in defence is
| coming, in spite of current struggles with inflation and
| supply issues. Things are moving slowly, but European
| governments largely no longer believe they are safe
| without playing an active role in their defence.
|
| > when they should be closer to 10-15%
|
| That'd be an insane spending on defence - for reference
| the US spends 3.5% and Russia spends 4.1%. Ukraine spends
| 34% and they're currently locked in a desperate struggle
| for survival.
| phpisthebest wrote:
| >>the perception of people and governments of Europe is
| that the US is not as reliably staunch of an ally as they
| once were,
|
| It is not a perception, it is reality and people need to
| understand that. The US can not afford it any more.
|
| >>But it's not Democrats that are arguing for abandoning
| Ukraine and acquiescing to Russia,
|
| I dont know about "acquiescing to Russia" but some member
| of the republican party have long understood the fiscal
| reality, where the Democrats, (and other members of the
| Republican party) live in the fantasy land where money,
| and debt do not matter and the government can just spend
| spend spend, with no limit.
|
| >>most notably Germany
|
| I will believe it when they actually do it, they have
| been promising that for almost a decade now. They still
| have not promised 3%, only 2%, and they will IMO never
| get there.
|
| I hope Poland emerges in EU leadership taking it from
| Germany
|
| >> Russia spends 4.1%. Ukraine spends 34%
|
| Now lets talk about corruption...
|
| >That'd be an insane spending on defence
|
| Maybe, but the US has been spending between 3-6% for
| decades building up the military to what is today, while
| the EU has been spending sub1% for those same decades,
| just matching US Spending is not going to cut it IMO.
|
| Current US Military spending is at a all time low since
| WWII in % of GDP numbers, largely because the growth in
| the US Economy, in real numbers we still spend an INSANE
| amount of money.
| gaganyaan wrote:
| Saying Republicans understand fiscal reality when Bush
| pissed away unimaginable amounts of wealth in the middle
| east is ludicrous. I'd like some of what you're smoking.
|
| There's currently some noise about costs because the
| president isn't Republican and it's an easy way to score
| asinine political points. None of that is coming from any
| sort of principled belief system, though.
| phpisthebest wrote:
| You might want to take a reading comp class...
|
| I clearly said
|
| >>*some* members of the republican party have long
| understood the fiscal reality, where the Democrats, (and
| other members of the Republican party) live in the
| fantasy land where money
|
| See that second part, where "other members of the
| republican party" i.e the Bush "republicans"... the ones
| many refer to as "RINO's" in common political rhetoric
| today...
| gaganyaan wrote:
| :eye_roll: I can already tell this would be a silly
| conversation, with you just repeatedly shouting "RINO!
| RINO!"
|
| Republicans objecting to helping Ukraine because of cost
| are either blithering morons, compromised by Russian
| propaganda, or both. Take your pick.
| phpisthebest wrote:
| So you believe in spending with no limits, no controls,
| and no accountability
|
| Because that is what is happening today..
| FpUser wrote:
| >"but this idea that all the problems with US politics
| are because of Republicans"
|
| Maybe the problem is for people not realizing that they
| are dealing with 2 buttocks of the same butt. And it does
| not look like said butt is by the people / for the
| people. Instead of fighting between each other people
| could be better off doing something productive about it.
| themitigating wrote:
| "2 buttocks of the same butt."
|
| How is this possibly the case when there are vastly
| different laws and rhetoric from both sides? I get you
| are implying that both are there are too benefit the
| wealthy, which is true, but they also do other things
| that affect people. Abortion, gay rights, spending,
| taxation, gun laws. How are they the same???
|
| Then you ask people to do something productive, what?
| Revolution? That will likely destroy the US economy and
| possibly the global economy for years. It will also lead
| to a large loss of life. There's also no guarantee what
| happens after will be positive. Look at France, post
| revolution they had a bunch of shitty
| governments/dictators and then the king came back.
|
| So what are you suggesting?
| mrguyorama wrote:
| The whole point of "both sides the same" rhetoric is to
| discourage people from doing anything political, that's
| why it never has any actionable suggestions. The only
| option to get something done in the US is to shack up
| with one of the political parties and hope you can get
| enough altruistic people elected to dismantle the broken
| two party system. "Both sides the same" wants to preempt
| you from thinking there is a "less bad" side to choose,
| so that you don't choose a side, so that nothing ever
| happens.
|
| Both sides are OBJECTIVELY not the same. You can easily
| look at voting history and see that, even if you don't
| believe anything you hear on the news.
|
| Think long and hard whenever someone tells you this
| fallacy.
| themitigating wrote:
| "The whole point of "both sides the same" rhetoric is to
| discourage people from doing anything political, that's
| why it never has any actionable suggestions. "
|
| I also believe this is the goal of many of the "both
| sides" people. Since not voting benefits Republicans[1] I
| believe those people have an ulterior motive to help them
| win
|
| https://www.nbcnews.com/politics/elections/supreme-court-
| gop...
| phpisthebest wrote:
| Your link is completely different argument to the one
| being made here about "non-voters"
|
| Non-voters are people disgruntled with the current 2
| party system, the largest voting block in that group are
| libertarian leaning people who do not break democrat.
|
| Your link it talking about various voting laws, which
| largely impact densely populated cities, things like
| ballot harvesting, out-of-precinct ballot
| disqualification, and other such rules that have an
| outside impact on voters in urban cities which are
| largely democrat.
|
| Very very different things / topics
| dragonwriter wrote:
| > Non-voters are people disgruntled with the current 2
| party system, the largest voting block in that group
|
| There are no "voting blocks" in the group of non-voters.
| FpUser wrote:
| >"productive, what? Revolution?"
|
| Since when productive means Revolution? Productive in my
| book means forming new party with the proper platform and
| winning the election. Meanwhile protests against most
| egregious actions will do.
|
| >"It will also lead to a large loss of life. There's also
| no guarantee what happens after will be positive."
|
| That had never stopped the US from instigating and
| supporting numerous revolutions and coups.
| themitigating wrote:
| As for your last comment first - that's something the US
| government has done in the past and I'm talking about
| what the population might do. Completely unrelated.
|
| I mentioned revolution as an example. Forming a third
| party will cause one of the main parties, probably the
| one whose voters are least fundamentalist, to lose.
| That's what happened in the past.
| FpUser wrote:
| >"That's something the US government has done in the
| past"
|
| Very recent past and they will do it again no doubts.
|
| >"Forming a third party will cause one of the main
| parties, probably the one whose voters are least
| fundamentalist, to lose."
|
| Well it is you country and you are free to maintain
| status quo.
| dragonwriter wrote:
| > Then you ask people to do something productive, what?
|
| Use direct democracy at the state level, where state
| constitutions provide for this, to replace single-member
| FPTP systems with multimember proportional systems,
| creating multiparty democracy, and then advance it state
| by state until it becomes a national norm.
| phpisthebest wrote:
| >>Abortion, gay rights, spending, taxation, gun laws. How
| are they the same???
|
| None of those things are constitutionally in the power of
| the federal government, nor should they be. Those are
| state level issues.
| [deleted]
| pjc50 wrote:
| The argument is that the EU cannot and _should not even
| attempt to_ prevent unaccountable spying on its citizens by
| foreign states, or it will have its legs broken?
| amadeuspagel wrote:
| I'm assuming "having its legs" broken refers to having
| german car companies treated by the US like silicon
| valley tech companies are treated by the EU?
| Macha wrote:
| So... like they already do? EU car and airplane
| manufacturers already produce their US models in the US
| due to tariffs rendering importing EU models
| uncompetitive.
| pjc50 wrote:
| Are the German car companies spying in the United States?
|
| (OK, that's snarky, but the car companies did actually
| have to pay out .. because they defrauded US consumers!
| Not all "crime" committed by companies is made up to sell
| trade restrictions!)
| makeitdouble wrote:
| Is that much different from the current foreign car
| import quotas and financial aids to categories dominated
| by US makers ?
| dandellion wrote:
| No, that's the approach in South America. In Europe it
| would be a bit more subtle.
| froh wrote:
| you _are_ aware that you can pretty easily tell sexual
| orientation, political positions and other personal, private
| and non-obvious personality traits from an individual's
| interaction in FB (likes, shares, comments)?
|
| and you are aware the NSA has far reaching access into the FB
| data pool?
|
| this possibility to filter out "the gays" or "the trans" mixes
| very poorly with say, DeSantis or Trump concepts of a clean and
| neat and ordered country.
|
| _that_ is the concern of the EU.
|
| the perfectly legal processing of personal data in the US,
| which is meeting all US regulations. "Kleinman. ls that with an
| ''ei'' or an ''ie''?"
|
| we may agree to disagree but I think this is orders of
| magnitude more concerning than microtargeting political
| campaigns (brexit & co)
|
| and _that_ already is bad.
|
| https://policyreview.info/articles/analysis/regulation-onlin...
| flashgordon wrote:
| So you almost had me there. First of all your points are all
| valid. Where something felt wierd to me was the edges. What is
| the exact value for customers in this edgeset being maintained
| and worse harvested, I mean processed? Today we have edges
| outside the context of a social network - my contacts in email,
| phone book etc. And those "edges" (not the target node) belong
| to - you guessed it - me. Nobody should harvest it without
| consent and/or maliciously. (There is the whole argument about
| internet ceasing to exist without ads and nobody would pay yada
| yada which I felt was too reductionist). If somebody needs to
| harvest it, get consent and let user decide how, where, when
| why etc.
|
| So in this context is your con really a con?
| thayne wrote:
| > And those "edges" (not the target node) belong to - you
| guessed it - me.
|
| For a contact in an email adress book, that makes sense. But
| for a "friend" relationship in Facebook, which side owns that
| edge? Or how about a message sent from someone in the EU to
| someone in the US, who owns that, the sender or the
| recipient? And if it is just one, does that mean that
| different messages for the same conversation have to be
| stored in different regions?
| roqi wrote:
| > For a contact in an email adress book, that makes sense.
| But for a "friend" relationship in Facebook, which side
| owns that edge?
|
| I don't see where there's any ambiguity on this issue. Each
| individual has the right to not be subjected to spying and
| monitoring, which includes collecting personal and private
| information. A social graph is not a data dump where you
| are a mere drop in the ocean. A social graph is an ocean of
| personal and private data collected from you. Therefore,
| it's quite obvious that individuals have the right to not
| have all this ocean of personal and private data collected
| on them, specially without their explicit and informed
| consent, and they should have the right to force anyone to
| delete this info, both all or subsets, automatically and
| reliable and verifiably.
|
| Just because I don't mind hearing what my aunt has to say
| about what she baked or who she chatted with, that does not
| grant you the right to get my credit score or where I went
| to highschool with or who I met years ago or where I lived,
| just because third parties and other edge nodes in a social
| graph posted that information and data that enabled you to
| piece it together. What is there to be discussed?
| flashgordon wrote:
| In this case the problem can be solved with 2 edges :) I am
| your friend and your are mine. Keep an edge on each side.
| Heck I could be your friend you may not chose to be my
| friend and that is fine. This gets even more fun as now
| both parties have to consent to only share "their" friend
| status with FB. Americans are forced to share their
| friendships, Europeans are not. Again total value for users
| no?
|
| Now is this technically optimised (for the company) - no
| and irrelevant (IMO) in the context of how much
| control/power a user has. You could extend this to messages
| too. What messages I sent, what messages I received. I
| didnt send it - I dont own it. What about shared documents
| you say? Here users are explicitly sharing with other users
| for collaboration (the contents of said documents totally
| are of no business to the company).
|
| See providers are providing a service(?). If the services
| needs to harvest data I still question who is benefiting
| from that harvesting? If the user is not actually seeing
| value (apart from subsidizing the cost of the internet) are
| we then not just using technical/UX complexities to justify
| a low-value (to the user) solution?
| Macha wrote:
| There's two parts:
|
| 1. Hitting the big companies for the minor violations is a bit
| like arresting the mob boss for tax evasion. It's a lot more
| black and white than arguing whether they performed the right
| balancing test for legitimate interests (though actually they
| have previously been hammered for that one too).
|
| 2.
|
| > Where data is processed should not affect the care with which
| it is processed.
|
| This is true, but it does affect the conflicting requirements
| it may be subject to. After all the Snowden revelations, it's
| clear the US data privacy regime is not sufficient, as the US
| government will take what it wants, and that's why transfers
| regimes to the US are repeatedly struck down.
| whimsicalism wrote:
| The difference is that everybody agrees what the crime of the
| mob boss is, even if they can't prove it, whereas on Facebook
| people critique but there does not appear to be a consistent
| critique that makes sense to me.
|
| Data privacy? That is definitely not what most people are
| talking about when they critique facebook. The free speech &
| misinformation lines of thought are directly in conflict.
| JohnFen wrote:
| > That is definitely not what most people are talking about
| when they critique facebook.
|
| A whole lot of people are talking more about data privacy
| than free speech on Facebook, though. Is one discussed more
| than the other? I don't know -- but I suspect most are
| talking about neither, and which group appears to be the
| majority depends on which group you tend to hang around
| more.
| pySSK wrote:
| Data privacy is linked to misinformation however in that by
| tricking you to give up all your data, they know you down
| to a t. They then sell that info on to
| propaganda/misinformation outfits and ad firms who can then
| target too much more efficiently.
| whimsicalism wrote:
| Most of the misinformation concerns have to do with what
| other people are posting, but then people try to contort
| it into a critique of the platform without saying the
| quiet part out loud ("we should have a mechanism for
| deciding on 'truths' and have platforms censor things
| outside of those 'truths'") because the quiet part is
| actually unpopular.
| Macha wrote:
| Schrems I was 2013, which you'll note is 3 years before the
| US 2016 election and the covid-19 pandemic which are the
| two factors that really raised the tempo around the
| misinformation discussion. It's also 3 years before GDPR
| was passed, relying on earlier european privacy law and
| being largely driven by private citizen campaigns
| (including Europe vs Facebook).
|
| So while the contemporary US discussion is far more
| dominated by elderly consuming political content, that
| doesn't mean nobody cared about privacy. You just need to
| see the furor about Cambridge Analytica or the Snowden
| leaks to see that that is a concern.
| jtode wrote:
| > Where data is processed should not affect the care with which
| it is processed.
|
| But I think you're pretty clear on the fact that it does. We
| live in a non-abstracted world of atoms.
| pc86 wrote:
| I think that's why they said "should."
| jtode wrote:
| Is _that_ why they said "should"?
| sverhagen wrote:
| I understand that data being sent to the US is perhaps out of
| Europe's control. But how much do they really know about the
| treatment of data that stays in European data centers? I'm just
| surprised that the enforcement is about where the data is stored
| and not about whether actual (or should I say: other) privacy
| violations (against European laws) have occurred.
| lynx23 wrote:
| The point is, the world is not united, and the U.S. can not be
| trusted with personal data.
| the_mitsuhiko wrote:
| Note that originally a data transfer to the US was not a
| problem at all. You signed a piece of paper that said "European
| data privacy protections apply in the US as well" and all was
| good. There was even Safe Harbour and later Privacy Shield to
| give a sort of blanket statement that this was true.
|
| Except courts repeatedly mentioned that US law does not provide
| the necessary protections for non US citizens rendering all
| these statements invalid. The root of the issue are the FISA
| courts.
| mananaysiempre wrote:
| > The root of the issue are the FISA courts.
|
| TIL that ACLU filed[1] a motion in the FISC to have its
| pre-2015 precedent-setting decisions released (post-2015 the
| USAFREEDOM Act makes such release mandatory); FISC denied
| jurisdiction (aka "go tell Congress to fix their stuff",
| which I suppose is OK?), FISCR as well (same), the Supreme
| Court refused to review that (?!..).
|
| [1] https://www.acludc.org/en/cases/re-opinions-and-orders-
| court...
| kmeisthax wrote:
| The core of the issue is the CLOUD Act, which was passed very
| recently -specifically to force US tech companies to comply
| with subpoenas on data stored in the EU. This is basically
| the Hague Invasion Act[0] for data privacy. It commandeers
| nominally private US tech companies into arms of US law
| enforcement _for crimes committed in EU territory_.
|
| The non-US citizens thing is a related issue[1], but it's not
| what started this current row of GDPR export lawsuits.
| However, I don't see the EU courts letting this go until and
| unless the US and friends drop the whole "noncitizens don't
| have rights" shenaniganery.
|
| [0] https://en.wikipedia.org/wiki/American_Service-
| Members%27_Pr...
|
| [1] Five Eyes - effectively the Anglosphere's spymasters -
| realized that if you say "only citizens are protected by
| privacy law", then nobody is protected by privacy law,
| because you can hire your allies to infringe upon your own
| citizens' privacy.
| Spivak wrote:
| I think there's a rock and a hard place here because a US
| company being able to just move their incriminating
| documents over to a different datacenter to make them
| untouchable by US law enforcement is a loophole you could
| drive a yacht through.
| jacquesm wrote:
| Dear EU, please add one (or more) zeros to these fines. If only a
| single tech giant gets fined out of business for repeatedly
| breaking the law the others will definitely notice.
| andrewstuart wrote:
| "Fined out of business"?
| jacquesm wrote:
| Yes, why not? The EU can't revoke the corporate charter for
| entities that don't have the bulk of their presence in the EU
| but it can cause them so much grief that they will either
| abandon the EU or they will mend their ways. Apparently the
| fines imposed so far aren't nearly large enough.
| rvz wrote:
| Exactly. We should go a step further:
|
| Let's make the biggest social networks Meta, TikTok, etc
| incur fines in the tens of billions for every investigation
| of significant privacy violations (like Meta's existing
| case) of its users and pay back their users in compensation
| over that until the company either changes or exits the
| market the regulators reside in. This is far better than a
| ban and the regulators and users get free cash out of it.
|
| Given that we have the regular 'all social networks do
| this' excuses on collecting data, the standard for large
| social networks in the 1B+ daily active users collecting
| user data should have much larger fines in the billions.
| robertlagrant wrote:
| Regulators destroying markets isn't the slam dunk you
| might believe it is. Why not fine GSK out of existence
| any time someone dies from a mislabelled allergen? Even
| though that is far worse than data being processed in the
| wrong country (not even being mishandled, just the
| increasing chance of mishandling) it wouldn't be
| proportionate.
| mbesto wrote:
| > Why not fine GSK out of existence any time someone dies
| from a mislabelled allergen?
|
| Funny, this is essentially what happens with tobacco
| taxes. Cigarettes are prohibitively expensive and thus
| have caused that industry to falter in the US.
| robertlagrant wrote:
| That's definitely not the same. Taxes aren't fines. Taxes
| may be market-destroying, if there's enough political
| will to make it happen, as with cigarettes, but they
| aren't capricious.
| Spivak wrote:
| And also because that action has consequences on the
| world stage. Deliberately harming one of your ally's
| largest businesses isn't something I expect will be
| tolerated indefinitely since it's a diet sanction.
| jacquesm wrote:
| You have the victim/perp relationship mixed up I think.
| Facebook does harm. They are the perp. The EU data
| subjects are the victims and the 'world stage' is exactly
| why this sort of transnational company should adapt to
| local legislation.
|
| The idea that it 'wouldn't be tolerated' suggests -
| correct me if I read this wrong - that the country where
| the company originated would then do some kind of tit-
| for-tat with companies from the other country. But: where
| were those comments when VAG and other car manufacturers
| broke the law in the US? (and probably elsewhere too?).
| My position hasn't changed, they deserved their
| comeuppance as much as FB does right now.
| Spivak wrote:
| It's all about framing. If the US agrees that this is bad
| actors getting rightfully punished for violating local
| laws then it's all good. If the US looks at the
| regulation and decides that it's a very complicated
| ceremony to extract money from US tech companies then it
| becomes more complicated. And since FB isn't violating US
| law and the US passed the cloud act I think that this is
| relatively likely. This court case is effectively a proxy
| war over the cloud act because meta didn't actually do
| anything wrong, their actions became wrong in response to
| us law.
| postsantum wrote:
| Or "business expenses rose so the business stopped being
| viable in this contract jurisdiction"
| nvarsj wrote:
| Yes, because obviously the government should play king maker
| with companies. What could possibly go wrong? Governments are
| definitely infallible and make the best decisions based on
| non biased information. I suggest they take an annual popular
| vote on which company to fine out of existence each year,
| that will surely get good results.
| cypress66 wrote:
| Notice what? To block EU users because it's too risky? Lol
| padjo wrote:
| Facebook employs lots of people in Ireland, they don't want
| them out of business.
| jacquesm wrote:
| Ok, so if a company employs enough people they get to break
| the law at their discretion?
| meinheld111 wrote:
| Imo discretion remains with the public, but yes,
| corporations can arguably get away with more illegal things
| if they have more weight
| padjo wrote:
| Not saying it's right
| Havoc wrote:
| <10k people is not a lot in a half a billion people block
| padjo wrote:
| Can't speak for the rest of Europe but if the Irish DPC put
| Facebook out of business it would be seen as a massive
| financial own goal by most of the Irish electorate.
| steve_taylor wrote:
| These data transfer laws are stupid and anti-internet. If you
| don't want to give your data to facebook, then don't give your
| data to facebook.
| ktosobcy wrote:
| of ffs... sometimes is virtually impossible to do so because
| (at least even recently) some companies virtually allowed
| communication only over social media (one example KLM pushed
| very hard to contact with them over facebook/whatsapp) :/ The
| tight regulation and privacy rules enforcements of those
| leviathans are _essential_
| zelphirkalt wrote:
| Maybe there should be some kind of quality seal for online
| services. As long as a service has not managed to comply with
| the law for an extended period of time companies are not
| allowed to harass their users into using those services. If
| they still do it, they also get their quality seal removed,
| with all the implications that come with that.
| Attrecomet wrote:
| US laws and executive orders are the actual anti-internet
| culprits here. Until the US recognizes that non-citizens also
| have rights, and they can't just do whatever with them, the EU
| MUST fight for their own citizens' rights. Anything else would
| be a rank betrayal.
| JohnMakin wrote:
| I don't have a facebook account. Yet, my personal health
| information was shared to FB via an API that my health
| application was using. Not only this, meta will face zero
| consequences for this and freely use/sell this data.
| hanspeter wrote:
| Honest question:
|
| If a Facebook user in the US are friends with a user in the EU,
| how are they able to communicate and share profiles without
| transferring data from the EU to the US?
| tgv wrote:
| A US user can see EU information. It's the storage and
| processing that's restricted. So, I would guess that the US
| user's facebook app would have to get its data from an EU
| server and show it to the US user, without storing it
| elsewhere.
| jtbayly wrote:
| That just tells me that the EU is requiring all storage and
| processing to be in the EU, for every profile that is friends
| with somebody in the EU. Otherwise they can't store the fact
| that we are friends.
| tchaffee wrote:
| To be more accurate, the EU is requiring all storage and
| processing to be in a country which doesn't violate EU
| privacy laws. That's reasonable and flexible.
| scarface_74 wrote:
| So people in the EU just can't have friends in the US or
| communicate with people in the US? How do I process a
| communication between a group of friends - some in the US
| and some in the EU - without the data being in the US?
| tchaffee wrote:
| As a start you'd need to read the details of GDPR laws.
| And probably hire a lawyer.
| scarface_74 wrote:
| So now to create any web page compliant with the EU, I
| need to hire a lawyer to help me understand the 11
| chapter 99 section GDPR?
| SideburnsOfDoom wrote:
| In order to collect, store and process data about people
| in the EU, you have to do so in a manner compliant with
| the EU law on that.
|
| Collecting that data on a web page is a choice.
|
| A semi-hidden security benefit of GDPR is that it makes
| people think twice before collecting and keeping data -
| you can't leak data that isn't in your database in the
| first place.
| scarface_74 wrote:
| If I am talking to a group of friends some in the US over
| Facebook messenger. Should that be stored on EU servers?
| tchaffee wrote:
| Sure. Or any country that complies with EU data
| protection and privacy laws.
| SideburnsOfDoom wrote:
| You first asked "if I create any web page".
|
| Now "Talking over Facebook messenger" is a complete
| change of subject.
|
| It is on Facebook, not you, to operate Facebook messenger
| in a legal way.
| scarface_74 wrote:
| How can Facebook both allow a user in the EU to send
| messages to a group of people in the US and not store
| data in the US?
| tchaffee wrote:
| Do you collect and store personal information for this
| website?
|
| I bet you could find a dozen or more websites summarizing
| your legal obligations if you wanted to create one web
| page.
|
| Since the context was Facebook, I was speaking about what
| businesses should do. And especially large businesses. As
| far as I've heard, the EU isn't chasing folks who run a
| small website.
| drusepth wrote:
| >As far as I've heard, the EU isn't chasing folks who run
| a small website.
|
| But they _could_ , which has already had a chilling
| effect on small businesses. Even though the intent (and
| _current_ enforcement) is to punish large companies, GDPR
| is written in a way that puts a large compliance burden
| on many small companies and startups.
| tchaffee wrote:
| I have zero problem saying your startup or small business
| doesn't deserve to collect my personal info if you can't
| protect it.
|
| Doing your accounting, paying taxes, and following labor
| laws are also burdens on small businesses. Not every
| small business is profitable enough to manage those
| things and that's ok.
| tgv wrote:
| A US server could store the id of the European friend,
| and then let the app collect the data. It's not unheard
| of.
| scarface74 wrote:
| And if they go to the website?
| tgv wrote:
| Then their browser can get that data from another server.
| It may be more complex, no, it is more complex than
| storing everything in one large database, but it can be
| done.
| scarface74 wrote:
| And that also gets rid of caching closer to the user and
| now you have multiple servers and no source of truth.
|
| You really don't see the added complexity of this and how
| this makes a worse user experience?
| tchaffee wrote:
| Worse user experience depends on your priorities. Some
| people and companies think privacy is an essential UX
| factor. Apple, the most successful company in the world
| from time to time, agrees.
| scarface74 wrote:
| What do you think the Venn Diagram overlap of people who
| "care about their privacy" and use Facebook is?
|
| Do you think the overwhelming amount of people say that
| they really glad that cookie banners infest the internet
| is a good thing?
|
| If you haven't heard, Apple is not exactly great at
| social media or anything that your data needs to be
| synced between devices.
| tchaffee wrote:
| Facebook operates in the EU and the majority of EU
| citizens prefer their privacy. Facebook must obey the
| laws of the land if they want to operate there.
|
| Just as Facebook must obey Apple's rules if they want to
| be in the app store.
|
| Similar privacy laws applied to some EU phone companies
| long before Facebook existed.
|
| These laws are good and should stay. If better privacy
| has side effects, that's fine. Do business elsewhere if
| you don't like the legal preferences of the locals.
| scarface_74 wrote:
| If the majority of people preferred their privacy, would
| they really be using Facebook?
|
| And you never answered the question, how do you have a
| social graph with people in the US or send messages to
| people in the US without storing data in the US?
| kingnothing wrote:
| Process all of it in Europe.
| tantalor wrote:
| Missing the /s
| piaste wrote:
| I do not understand if or how the physical location of the
| servers matters.
|
| As I remember, the EU-US data sharing agreement was killed
| (Schrems II) because of the US CLOUD Act, which infamously
| doesn't care where the data is stored - as long as the
| company is under US jurisdiction, it has to let the
| government snoop at will.
|
| So, it seems to me that Facebook putting data on EU servers
| wouldn't matter? A three-letter agency could still go to
| their SV office and legally demand "give me an API key to
| query through your Irish datacentre and don't tell anyone".
| To protect EU citizens from that, the Facebook servers in the
| EU should treat non-EU FB servers exactly like third parties,
| using OAuth or similar restricted access protocols.
| whiplash451 wrote:
| Not sure to understand why the US Cloud Act is << infamous
| >> in that respect. It would make little sense to let
| companies operating under US jurisdiction store their data
| in unsearchable data havens outside of US territory. The
| act has to be fully actionable.
| detaro wrote:
| I don't think Schrems II mentioned the CLOUD ACT.
| di4na wrote:
| No as it was pursued before it. There are not yet any
| enforcement or complaint i know targeting the CLOUD Act
| because everyone agree it would be unenforceable right
| now.
|
| Try to have an EU tech scene without Microsoft, Azure,
| Google, Google Cloud or AWS. Or Salesforce. Datadog. Etc
|
| It will take time until this one get enforced.
| iruoy wrote:
| Microsoft made it work for governments/universities. But
| not the rest of us.
|
| https://www.privacycompany.eu/blogpost-en/new-dpia-for-
| the-d...
| detaro wrote:
| AFAIU It's not a blanket ban on all data transfers, so if a
| user clearly wants and authorizes it Facebook can still show
| their profile and posts to people in the US and transfer data
| as needed for that.
|
| But the legal situation is such that a controller needs to be
| very precise about what they transfer and how they justify
| doing that. Which is difficult, which is why there has been so
| much noise about trying to find something that again lets
| companies just say "processing in the US is possible under the
| same standards as in the EU, so we can do all our processing
| wherever we think is convenient", which saves them a ton of
| work. But I'd expect until the US is actually willing to make
| legal changes any such thing will be rightfully rejected by the
| courts again.
| berkes wrote:
| I guess if you shift that question around and stretch it, the
| answer is quite obvious:
|
| If a Facebook user in the US is friends with a user in North
| Korea, how much data are the North Korean authorities allowed
| to get on that US user?
|
| Aside from the fact that Facebook has no presence in NK (hence
| the stretch), the answer quite likely is "none".
| nitwit005 wrote:
| Privacy laws generally ignore the problematic case where a
| piece of data relates to both someone inside of the
| jurisdiction, and someone outside of it.
|
| You can hypothetically have a case were two jurisdictions both
| demand that data be stored locally.
| andrewstuart wrote:
| In Australia, corporate fines are usually so trivial that the CEO
| wouldn't have the slightest interest in the amount of money.
| iameli wrote:
| Pretty funny the WSJ is paywalling this, here's the present
| content in its entirety:
|
| > Facebook owner Meta Platforms was fined $1.3 billion by
| European Union privacy regulators for sending user information to
| the U.S., according to people familiar with the matter, a record
| for the bloc.
|
| > The ruling, expected to be announced later Monday, raises
| pressure on the U.S government to finalize a deal that would
| allow Meta and thousands of multinational companies to keep
| sending such information stateside.
|
| > Updates to follow as news develops.
| denton-scratch wrote:
| > Pretty funny the WSJ is paywalling this
|
| FSVO "funny". You have indeed quoted the entire article.
| coretx wrote:
| How much did Meta make out of this ?
| noslenwerdna wrote:
| Doesn't this mean any US company with data on EU users is
| technically in violation?
| tephra wrote:
| They could be (and probably are), but remember, this case is
| about a EU company (Meta Platforms Ireland Limited) breaking EU
| law and subsequently being punished for that, with fines
| proportional to the revenue of the parent company (a US
| company).
| noslenwerdna wrote:
| Are you arguing that selective enforcement of the law is a
| good thing? Why just this one company? Google and many other
| large companies are also apparently in violation.
| infamouscow wrote:
| And?
|
| Without a footprint in the EU, there is no legal action the EU
| can take against a foreign organization. Sure, the EU might ban
| your organization from operating legally in their markets, but
| again, there is no legal recourse for the EU. You might as well
| circumvent the ban too.
| noslenwerdna wrote:
| I'd wager there are many tech companies with offices in the
| EU that have data on EU citizens.
| thallium205 wrote:
| Fined ~1% of their yearly revenue. Got it.
| nonethewiser wrote:
| Shouldn't we compare to net income? Its 5.6% of their 2022 net
| income.
| rmm wrote:
| But the fine isn't for 2022 it's for the last few years.
| berkes wrote:
| Not only that, it should be the net income of only the EU
| subsidiaries. It's completely irrelevant if the privacy of a
| Thai or a New Zealand citizen was violated to the EU. AFAIK
| that makes it about 11%.
___________________________________________________________________
(page generated 2023-05-22 23:00 UTC)