Time and time we are proven again and again that Facebook has become the emblem of how far technology can go to support pure malicious intention with widespread support.
Congrats on finding a way to circumvent the letter of the law.<p>Think they're about to have an harsh encounter with spirit of the law & European thinking about privacy & consent though.
Hasn’t there already been rulings against those kind of clauses being shoehorned in terms and conditions?<p>I can’t make you sell your soul for subscribing to a service.
Under article 7 GDPR [1], consent has to be given <i>freely</i>. Unless Facebook offered an option to opt-out of this contract, use of the Facebook service was tied to the agreement, which means it probably won't hold up.<p>It's great that this is happening in front of an Austrian court, because the Austrian Data Protection Agency already has ruled on consent issues, and in those rulings was (IMO) extremely strict on when consent was given freely. In one ToS challenge, the mere <i>potential</i> for confusion was enough to render it invalid.<p>Edit: Here's one such ruling [2]. Co-mingling checkboxes for processing of data for marketing purposes with actual contractual clauses was ruled as a violation of the GDPR, even though by default, the checkboxes were <i>unchecked</i>. The Agency ruled that the confusing nature of the form could lead subjects to believe that they had to check a checkbox to receive the service.<p>Also, another relevant local case would be with a popular national newspaper, DerStandard.at. That newspaper offers access in two ways: either (a) you pay for a subscription and receive the service ad-free, or (b) you access the service for free, but consent to receiving ads. This was deemed in compliance with the GDPR, but it was stated that only offering (b) -- ie, exactly what Facebook does -- would not hold up.<p>[1] <a href="https://gdpr-info.eu/art-7-gdpr/" rel="nofollow">https://gdpr-info.eu/art-7-gdpr/</a><p>[2] <a href="https://www.ris.bka.gv.at/Dokumente/Dsk/DSBT_20180731_DSB_D213_642_0002_DSB_2018_00/DSBT_20180731_DSB_D213_642_0002_DSB_2018_00.html" rel="nofollow">https://www.ris.bka.gv.at/Dokumente/Dsk/DSBT_20180731_DSB_D2...</a>
while they may have a point their arguments are not well articulated<p>> Europe’s strict privacy laws<p>actually it's EU's privacy regulation<p>> Facebook openly admitted that it has been collecting and processing data without users’ consent<p>They said that they ve been collecting WITH consent, at least with their definition of consent<p>> To prove that no one ordered advertising from Facebook, we conducted a neutral study by the Austrian Gallup Institute. The result is devastating for Facebook: Only 4% of users want advertising,<p>... And i bet only 4% want to pay taxes too. polls are not legal documents. Also, "wanted advertising" is very different from "accepted advertising as part of the terms"<p>> Facebook does not give users a full copy of all their data<p>I believe facebook does give all their personal data,but maybe they are looking for derived data that facebook has stored for them? that's not personal data and it can be particularly tricky if it has been combined with other people's data , for example to train a neural net<p>In any case, i don't think facebook cares too much anymore and will just pay another yearly fine for operating in the EU. Even if FB asks for consent in every second page, people will click yes.
I don't think anyone of us has seen consent request by facebook or google in this form (freely given != 'give consent or you can't use or services, specific/informed/unambiguous != barried in miles of legal giberish,...):<p>Recital 32
EU GDPR
(32) Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.<p>This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data.<p>Silence, pre-ticked boxes or inactivity should not therefore constitute consent.<p>Consent should cover all processing activities carried out for the same purpose or purposes.<p>When the processing has multiple purposes, consent should be given for all of them.<p>If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
But this is really strange, news like this with 186 pts atm is on 3rd page. Before it are news with 2pts. This doesnt make any sense. Is it a coverup by HN administration?
As an user I feel that GDPR changed nothing. Google, Facebook and whatever else tracks you to the bones did not change one bit (for me).<p>As a sys-admin, GDPR invented all sorts of jobs. Jobs well intended. But these jobs are filled by people that are neither lawyers nor IT people. Whenever I interact with them I feel like they just want to check some boxes that makes the org compliant and go home. They don't enforce or apply GDPR, they enforce those checkboxes.<p>* all of the above in my limited experience.
Honestly, if this "loophole" is allowed to exist then the GDPR is not worth the paper it is written on.<p>The idea that consent should be freely given is ludicrous if it can be overridden by simply including it in a term in the terms and conditions. Facebook could probably write that they can kill or castrate the user at any time and most of their users wouldn't notice it (until the media picked it up).
I don’t understand what’s so hard to understand about the fact that ads is what pays for Facebook to exist?<p>It’s a key part of the offering! You get free access and get to see ads in exchange. Others have tried other business models and failed...that’s how the world works, the better offering wins!<p>If the problem people have is ads then just make all ads illegal and we can move on. But trying to use GDPR as a lever is silly...it’s not what its intended to do, as much as some people would like it to
The GDPR is a failure anyway. US tech giants are still globbling up masses of data even if the individual hasn't consented.<p>For example, the "contacts" permission should be disabled on OS's in the EU as it's impossible to prove the user has constend to sharing that information, yet Google launches an API in chrome to access the users contacts which totally won't be abused.<p>Alternatively you can gobble up data and "accidentally leak" it through an open MongoDB or AWS instance, will anyone go to jail? Unlikely, nobody really cares.<p>I doubt Facebook is going to change its ways any time soon, they're simply too big to fail at this point