It’s an unpopular viewpoint on HN, but I truly don’t believe that using personal information to deliver targeted advertisements is immoral, provided that 1) a best effort is made to make people fully aware of what information is being collected and how it is being used, and 2) a best effort is made at keeping that data safe from being leaked.
I just genuinely don’t understand how if someone gives personal consent to use their provided data in a specific way, then the company is still acting immorally.
Society has moved forward over the last few decades in favor of people using their body however they like as long as consent is given and no one is hurt, so why is it not the same with information? Why is personal consent to use my information not enough, to the point where we want to force companies into a payment/subscription/no targeted ads model that may not actually work for their business?
Consent in the digital world is fraught with difficulty:
1) Do you have to repeat consent every time the ToS or another policy changes?
2) What about repeating consent every time there is a feature change?
3) Should your consent remain after controversial events involving security (FB using 2FA phone #'s for ads; data breaches like Equifax)?
4) What about internal company changes like leadership changes at the executive level?
Unlike consent involving intimacy, there is no big red line where it clearly becomes non-consensual. You can technically delete all of the data, but no one has built something that does that and is trusted. There isn't a right-to-be-forgotten law in every country, so archiving sites can still retain this information anyway.
Plus, it could always be on some flash drive that a malicious employee passed to other companies. Large companies like Facebook have pockets where people can essentially operate with impunity or oversight for periods of time. The core issue here is that consent to one site proxies affirmative consent to share your information out to other sites.
As a hypothetical, would you give consent to Facebook knowing that they will then share all of that information with anyone who asks (every site, every 3-letter agency, every stranger from anywhere in the world who likes your bikini pictures)?
What if they say they won't share that information, but they do anyway? Tech companies move too fast for law to keep up, and once the information is duplicated to multiple parties, it's almost impossible to track down every copy with certainty.
I could agree in theory, it's just that 1 & 2 don't happen in the real world. (Outside of EU?) There are no incentives, responsibility, or consequences for folks once data has been acquired.
It's like the friend that swears they will pay you back if you would just lend them a substantial amount of money. Said enthusiasm drops 95% once the transaction has completed.
I just genuinely don’t understand how if someone gives personal consent to use their provided data in a specific way, then the company is still acting immorally.
Society has moved forward over the last few decades in favor of people using their body however they like as long as consent is given and no one is hurt, so why is it not the same with information? Why is personal consent to use my information not enough, to the point where we want to force companies into a payment/subscription/no targeted ads model that may not actually work for their business?