How these rules apply for people with multiple citizenships and residence? That’s the case with a lot of people in Europe. How to find out to which jurisdiction my FB data is bound to?
Just because I'm a Britsh person living in the US doesn't mean I'm not subject to the death penalty or am exempt from having to buy health insurance, for example.
Okay, what does it mean “residency”? In the UK there’s no address registry where you declare your address.
EU citizen works in the UK for 2 years then goes to Turkey for a vacation but likes the place so much, decides to stay for longer when still remote working for the same London company.Also connects through VPN because the Turks love banning websites.
Where this person residence is? Are the UK, USA, EU or Turkish rules apply? How FB would know about it?
That’s not an extreme scenario BTW, it happens all the time.
For the UK, basic rules that cover residency for most are listed at <https://www.gov.uk/tax-foreign-income/residence>, with a link to the full rules for those not covered by the basic rules.
It would be more accurate to say there is no single register of addresses.
The electoral register knows I’ve left the U.K.; I had to tell HMRC separately because they don’t share info; likewise the Student Loans Company even though there is a close connection between income and repayments [0]; and when I tried to tell the DVLA, they told me they lacked the capacity to know about non-UK addresses.
[0] the repayment rules means that, for low- and mid-income people, it behaves more like a graduate tax on worldwide income than a loan — it’s a percentage of pay over a threshold, and only high earners can pay it off fully — and if you do a self-assessment tax return there is a box for student loan stuff.
To vote, you need to register to vote, I voted at London Mayor elections in 2016. You vote wherever you register to vote, I don't remember the details but I guess it was me declaring that I live there and I would like to vote.
In UK there's this concept called proof of address and it's usually bill or a document that is sent to your address, there's no central registry of residents.
The point is, you don't need a register, central or otherwise, for the place of residence to be legally relevant. The way this kind of things work is that, should there be a legal challenge, you will provide a proof of residence to the court or whatever relevant body, just like you do when registering to vote.
Some countries require at least 6 months + 1 day to be considered a resident, others might have you have a resident even if you aren't there if "the country is the center of your family or economic interests".
The rules for the UK are set out pretty clearly in the statutory residence test [1]. It covers all such cases in more detail than you ever wanted to know :)
What causes difficulties though is that the rules in different countries, even if clearly defined, can contradict each other on the question of tax residency. So you may well be liable to pay taxes in two (or more) countries at the same time.
You may even have to pay taxes in both countries on the same income or gains, unless there is a double taxation agreement that allows you to offset some of those taxes against each other [2]
Tax law favours a designated location for residency, for example.
The GDPR doesn't even operate on the level of residency (at least for data subjects). You're covered by the GDPR when you're physically in an EU member state[0] as regards your activity in that member state or if the data controller/processor is established in the EU. The UK GDPR will be the same, mutatis mutandis.
[0] Or somewhere where EU law applies by virtue of international law, like an embassy, an EU-flagged ship, an area of Antarctica claimed by an EU member state etc. etc.
> How FB would know about it?
In a matter of fact GDPR applies to people in EU, and data processed in EU.
It also states that data from people in EU has to be processed and stored in the EU.
It's not a matter of citizenship nor residency. Facebook just geo-locate you IP endpoint (so endpoint of your VPN) and manage your data by doing so. So USA rules will apply.
BUT if you are browsing websites hosted in Europe, EU rules will apply to your data.
For most law sure. But for GDPR the EU explicitly extended it's protection to all EU citizen regardless of residency, and non EU citizen with residency in the EU.
Now there's the practical question of how the EU enforces that protection against companies that have no presence in the EU, but those that do, the EU has made it quite clear they'll take enforcement action.
If the data subject is physically located in the EU (even if not a citizen or resident) and the data controller purposefully targets data subjects in the union, the GDPR applies.
As per [0]:
the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention
That's right, although Recital 23 continues on to say
"factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union."
My understanding is that GDPR primarily cares about location, not citizenship or residence. There are some subtleties around which location is the relevant one, for example when the delivery address is in a different country from the country the subject is in when they send the order.
> 3.2 This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union,...
(Plus companies in the EU have to comply with GDPR for all subjects)
I believe GDPR applies to EU residents. I believe the complication is that it also applies if they are travelling outside of the EU, but not if they become resident outside of the EU.
For example, it also applies to people which are traveling and are currently located in EU territory (provided that a service is intended to be used by EU residents).
Incorrect. With GDPR the EU extended their power to protect all EU citizens regardless of residency in, or out, of the EU.
Of course the EU will have trouble enforcing that protection against companies that don't operate in the EU. But the protection remains, even if it's practically unenforceable.
Incorrect. It protects PII in the EU. It has nothing to do with EU citizenship. It doesn't try to enforce outside the EU either. If you want to move PII out of the EU you have to agree by the rules given. That's not the EU trying to enforce anything outside of the EU but you making an agreement to move data outside the EU on certain terms. It is not the same thing as trying to force EU law on non-EU.
I don't know why people keep repeating this myth. Laws like these are old as dirt. It could as well have been about blood samples from Denmark used in research in the US: the samples are protected by Danish law and to use them in the US you have to agree to certain rules. Again an example of you saying you will follow certain rules to be allowed to transport and use the samples outside Denmark, not Denmark forcing their laws on anything in another country. You are free to not sign anything and not use or move the blood samples or PII anywhere.
I'm British and have a British passport and I permanently reside in the UK but I'm also technically an Irish citizen because my Irish father was born in Ireland.
I have never applied for an Irish passport but I am automatically an Irish citizen based on my ancestry. Does Facebook know this? Do I need to inform them to benefit from GDPR protections on an ongoing basis?
I understand that GDPR is based on where the data [edit reflecting comments below:] originates. The law doesn't make reference to citizenship or residency.
If you're physically in an EU country then EU GDPR applies to you there; if you're physically in the UK then UK GDPR applies to you there.
GDPR is generally based on where the data is located
That is not correct. Specifically, the counterexample is if you are a EU citizen living in an EU country and the actual bits are stored in a datacenter in Texas. GDPR still applies in this case, as long as the website owner accepts EU users. If the website specifically doesn't do business in the EU, things are different.
Ah, apologies, you're right to pick that up, it's not quite what I meant. Maybe "where the data originates" is better?
Since the data originates where you are, the data has crossed a border to get to Texas and is therefore subject to GDPR (extra-territorially), I agree.
If you were in Texas when that data was collected from you, and you returned to the EU, I doubt that GDPR would apply to that data.
gpdr on the other hand is tough to enforce on companies who wholly are in the US. from a sovereign perspective the EU can pound sand when telling Americans how to treat people in their own land.
The only reason the EU is able to get away with this to a degree is the american governments wish cooperation to a point and our treaties. However, I suspect america will only tolerate so much push from the EU.
> gpdr on the other hand is tough to enforce on companies who wholly are in the US.
If you do actual business in the EU they can block financial transactions, and if you don't do business in the EU, there isn't really any incentive to (ab)use the data GDPR covers?
Yup that's the idea, the EU is a big market and GDPR is the cost of doing business there.
As a startup though, it's absolutely part of your calculus. If you are worried about GDPR compliance, you can choose to just not launch in the EU (actually that might not be enough, I believe you may need to actively refuse EU users) until after you've proven the concept. Although with California's CCPA, depending on the specifics of your situation, you may as well just carve out some time to deal with compliance.
If you were in Texas when that data was collected from you, and you returned to the EU, I doubt that GDPR would apply to that data.
I believe that is still covered by GDPR, but I'll openly admit that I specifically chose the counterexample in order to stay within my factual memory of the law.
Well jurisdiction matters based on which soil you are on and not which citizen you are.
This is overall a good move by FB that puts a lot of pressure on EU/UK to come up with more sensible laws. Note that EU/UK has barely produced any major company operating in consumer web/app. It is for a good reason.
Personally, I think the GDPR cookie notifications have severely degraded the user experience of the web. I also think it's become just another "Terms and Conditions" - something that people reflexively accept because they want to get on with using a product.
Future regulations with teeth, but don't exist yet, are things like:
- Data portability: I should be able to export my entire Facebook account in full in a standardized format and easily transfer it to any other social network of my choosing.
- Algorithmic control: I should be able to choose which recommendation algorithms are being used on me, or opt out of algorithms entirely.
- Algorithmic transparency: As a consumer, I should be able to see something similar to what Facebook's growth team sees. What specific changes caused people in my cohort to increase their watch time by 2%? Was it better button placement, which I'd be okay with, or was it an increase in conspiracy content, which might not be?
All of these things might be huge overhauls and difficult for the social media companies to deliver, but if you are pushing content in front of billions of people's faces for hours a day you should have an equivalent immense level of responsibility.
I reject all interest reflexively. I think it's great. Not! It just shows me how much tracking there actually is... And since I delete my cookies every session, I have to do it every time.
I still wonder what the 'legitimate interests' of ad companies are. I also wonder if rejecting the cookies actually works, it's not like I can check right?
> Personally, I think the GDPR cookie notifications have severely degraded the user experience of the web.
The absolute vast majority of cookie banners are actually illegal under GDPR. One downside of GDPR isn't the banners, it's inaction by EU authorities which should've cracked down on these practices long ago.
1. Cookies essential for the functionality of your website (such as session cookies) don't need consent, and are explicitly allowed (you need to have an easily accessible clear-text explanation of what they do)
2. Pre-selected boxes do not constitute consent
3. You must provide a simple "opt out of all and proceed" button
4. You are not allowed to degrade functionality if user has opted out of non-essential cookies
5. You are not allowed to load any non-essential cookies before consent is given
What is meant by 4)? So users have the right to see a web site without ads? I think if users don't consent, you should be allowed to block their access to your web site?
What is or isn't PII, which is a US legal term, is irrelevant.
What matters is if it's Personal Data.
Personal Data is defined by the GDPR as:
"‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".
I would say a tracking ID falls under "an identification number [or] online identifier"...
But to the rest of your post: I don't think so. I think there an identification number is something like a government-issued ID number.
An online identifier would have to identify you (e.g. my Hacker News username is probably identifiable).
The way I think of it is if someone who isn't authorised to know who I am can look in a system at the number and then go off and correlate that info to find me without further reference to other data in said system.
A database ID doesn't count, because you'd then need to look up something actually identifiable in the system to figure out who I am; neither does an opaque tracking number.
My social security number is identifiable; my email address may be identifiable; if I gave birth in region X to octuplets, then that probably is too.
If your basis for processing private data is consent, then under GDPR one of the conditions on consent is that consent has to be freely given, it can't be traded for something.
In essence, under EU law privacy is an unalienable right, it's not something that can be freely contractually sold away (alienated) by the users. If you have a contract where users agree to allow you to do whatever with their data because you give them $100 or show some content, then that does not fit the definition for consent according to GDPR, and this contract does not - can not - give you the right to process their data as you wish; that particular clause in the contract is effectively void, the users are "selling" something they can't legally sell.
If some data is required to fulfil your contractual obligations to the user (for example, processing their address to deliver pizza), then that is a legitimate use under GDPR 6.1.b which does not require consent, but if you'd want to use the same data for some other purpose (for example, using that same address for targeting advertising or giving it to a third party) then the contractual need clause 6.1.b wouldn't apply, you'd be stuck with 6.1.a (consent) and that is valid only if it's a genuine free choice without some benefit or service being conditional on providing "consent".
So you technically are allowed to block access to your site to people who don't click a checkbox "I agree to stuff", however, if you do so then clicking that checkbox does not constitute freely given consent, so it can't give you any rights to use the data for any of the people who checked that checkbox, for the purposes of GDPR that checkbox is simply meaningless if access to your site was conditional on it. So the users have the right to (and will) file complaints about illegitimate use of their data right after clicking the "I agree to stuff" checkbox.
Additionally, as I only recently found out, it's common practice in European Law to have explanatory notes in the law itself. They are called recitals.
1) Cookie notifications are not required by GDPR. They are required by national level implementation of the ePrivacy Directive.
2) Data portability is already a requirement under GDPR Article 20. The problem is that it requires competing services to work together to create interoperable systems or formats. That's really unlikely to happen without addition regulatory action mandating that competitors cooperate.
People will always gloss over privacy policies, privacy tools, and privacy disclosures. The reality is that people are concerned about privacy, but not concerned enough to make any changes. People concerned about the environment still get on planes and fly all over the world.
I wonder if there would be a market for a company that:
A) Has offices in different locations in the world;
and
B) Sells, as a service, to other companies, the ability to "off-load" their users, user management, and user agreements -- to other countries and jurisdictions.
Yes, there are all kinds of problems with this idea(!), and yes, it would require tons and tons of Lawyers, both foreign and domestic, and that's if it could be done at all (is it moral/ethical/legal/legitimate/lawful at all levels?) -- but these issues temporarily excluded for the purposes of philosophical discussion, as someone who is interested in business and producing services for other businesses (AKA, value for business customers),
I have to wonder if there's a market there...
?
I of course, would lack the resources (much less the desire!) to attempt to capture that market, but nonetheless,
I've been wondering the same haha. Seems like Russia and other ex-USSR countries would be good places to set up (close to EU, pretty open Internet and business laws, at least compared to China)...
This is a pertinent question. I set my account up in the UK but now reside in Croatia. Facebook has not been explicitly given my nationality, so I would assume they have to err on the side of caution and keep me under EU terms?
If you mean cookie banners then no, they won't stop. UK data protections laws are going to be almost entirely unchanged come 1st Jan. Having said that this doesn't mean there will be no practical effects, as our status with regards to other EEA countries is changing so data transfer between EEA and the UK is affected. It also seems likely that UK data protection laws will start to diverge from EU data protection laws over time, though what this might look like in practice is anyones guess.
I'm no expert, but the UK implemented the EU's General Data Protection Regulation by passing the Data Protection Act 2018 [1] which will still be in place come 1 January 2021. There could be revised/new legislation in future though.
For what it's worth those cookie popups are actually from the EU e-privacy directive (which is implemented as PECR in the UK), so they aren't because of GDPR.
I don’t know, seems to me that most of the sites I see them in are US sites that say they have to get consent because of GDPR. When you browse from outside the UK, the sites don’t have the consent forms.
Consent is not required for "essential" cookies, because they are essential. Things like keeping track of your logged in state or shopping cart. (Even if consent were required for that, it should be asked at the point where you login or add the first item).
For advertising and behavioural tracking cookies, consent is required if it's tracking your personal data to the level of individually identifiable people, but frankly they shouldn't be doing that.
I've personally implemented websites in the EU with logging in, carts and analytical tracking that didn't require up-front consent popups because their behaviour was already reasonable and therefore compliant.
Some of us believe that the bigger sites deliberately use obnoxious consent forms in order to encourage USA residents to remain politically in favour of "implied consent" to individual behaviour tracking. In other words, obnoxious on purpose to give the impression the EU system is more onerous to each user than it really has to be.
After the UK leaves the EU I will do my browsing via a VPN through an EU country specifically because I want to be able to deny all such consents except to sites that I trust and support. (In practice I grant consent to about 10% of sites and deny the other 90%).
If I can find a browser extension to automate denying consent that would be great, but if I can't then I'll do it manually.
The thought of my consent to being tracked down to the level of individual, personal detailed behaviour being "implied consent" the USA way is horrible. I do not consent, full stop. It seems an affront to basic legal principles that the norm is for people to not be told about or therefore have the opportunity for informed consent to the detailed databases built up about their every action online, similar to credit files but much more detailed and secretive.
> For advertising and behavioural tracking cookies, consent is required if it's tracking your personal data to the level of individually identifiable people, but frankly they shouldn't be doing that.
And one is not obliged to agree for using the service.
Of course, US FAANG companies try to create a kind of backlash, also things like when Amazon tries to force users to use credit card payments when other payment methods like bank transfer in advance work fine. But on the other hand, there is a noticeable increase in web shops in the EU which, for example, do not require any account creation at all - put something into the shopping cart, go to check-out, enter your address, enter your SEPA direct debit number, done. It is much faster and serves me as a customer better.
And no GDPR consent form needed, as all the processing is only for what is needed to do the payment and the delivery.
Having some way to auto deny consent seems like a good idea.
But anything automatic can have serious downsides, what happens if you start denying ‘good’ sites without realising it. Should all things that require consent be blocked?
This World Wide Web of permissions sounds like it’s going to be a bit of a nightmare.
The default should always be "block everything". When you try to do an action on a website that requires additional consent, you should be asked additionally.
Just like the iOS/new Android permissions Dialogs. No to all by default, only allowing specific permissions on demand.
It’s so opaque though. Most of the time I have no idea what I’m really consenting to. Every website has a different way of asking, a different way of describing what it’s asking consent for. It often feels like the list of permissions being asked for is way more than what is necessary.
Compare that to reading a magazine:
- Step 1 - open
- Step 2 - read
It’s night and day.
Eventually it will be too difficult to use the web. I’m think people who make a living from building for the web have not grasped the severity of the problem.
If you worked in the movie business and someone said that eventually it would be too difficult to watch a movie, because you would have to give permission left right and centre, you would be worried because that’s bad for business. Your viewers will eventuakly go do something else.
Of course under GDPR they may need to get permission for other forms of data processing (signing you up to a marketing mailing list, for example), but the rash of cookie permissions banners are because of PECR and similar legislation in other EU countries.
[RANT] They should never have been implemented that way IMHO -- a different API or IETF-ish agreed HTML meta tag that would inform the browser of the scope, entities etc. would have allowed the browser to offer overall policy choices to the user.
Most would be "I don't care, do whatever you want to me" but those who do care could have been picky. That would also have allowed the browser to generate reports for the user regarding which sites currently have which permissions, etc. This would have put the onus on the browser implementation to get it right, and not e.g. fail to show the messages, but one could argue that any browser could get the random CSS used for these prompts wrong and not show the message.
I'm a GDPR fan and will likely use this jurisdiction transfer as a ceremonial point to close my FB account for good.
I’ve been wondering about whether it should be something implemented in the browser too. Instinctively I feel that better browser tools would be beneficial, but it’s an odd problem that we are trying to solve. I am not even sure we understand the root issue.
Some companies want to use the web to try to change users behaviour, and many users want those companies to change their behaviour. That’s not a solvable problem, it’s a circular reference bug.
So maybe better tools might actually make it worse, in a race to the bottom sort of situation.
My main concern is that the consent forms, however well meaning they might be, are creating a horrible environment. There are lots of perverse incentives for people to ruin the web experience. Some players stand to gain a lot from a horrible web environment. For example ones that have competing information products.
I’m increasingly thinking it would be better to just not have consent forms, and with better browser tools, people would hopefully go to websites that treated them well.
> [RANT] They should never have been implemented that way IMHO -- a different API or IETF-ish agreed HTML meta tag that would inform the browser of the scope, entities etc. would have allowed the browser to offer overall policy choices to the user.
That would not have been used.
The whole reason why all the consent forms are constantly violating the GDPR is because companies want to make it as hard as possible to say no.
They'd only accept the browser API if the "No to all" button (which by law has to be default, has to be the option chosen if you click anything except yes, and has to be easier to use than "Yes to all") was hidden behind 3 layers of "are you sure", each of which having a 30 second timer before you could continue.
That's the whole reason this consent form disaster exists: because companies are trying to do everything they can go get around the laws.
Just look at the Do Not Track header: it's a legally meaningful statement that companies should follow. They don't.
Of course not, the entire concept of the cookie warning is a stupidity only the EU could have dreamed up. Browsers already allow you to control cookies, extensions can manage them and create popups if you want them, and in fact very old browsers had a "confirm all cookies" feature in them. Nobody used that old feature because cookies became so prevalent nobody wanted to be informed anymore, so those features got taken out, but it was technically very easy to do.
The EU basically looked at that situation with a competitive browser market, extensions, the existence of the same feature in the past and said, "screw all that, the Commission knows best". Which is exactly the attitude that drove people to vote leave in the first place.
Google did something similar with a targeted terms of service update – I believe it was agree or close your account.
I suspect that this transfer is going to be consent-based to avoid non-compliance in the handful of cases cases where they have inaccurate data regarding location.
I never agreed. Google just stopped asking after a while. I think I could refer Google to the data protection office, but the chances that they'll actually do anything about it are slim to zero.
Typically there's a clause along the lines of "You have 30/60/90 days to explicitly agree to the new terms. If you continue to use the service after this time you are implicitly agreeing to the new terms."
I would doubt whether such a clause would stand in court.
Also, agreement (which is only one of the principles which make data processing legal, but I think it is the only one which covers what Google does, using the data for advertising which is not related to the direct service) is voluntarily, that means one cannot be forced to agree by otherwise withholding the service.
Of course the latter point is not fully enforced for now but the EU is set to enforce it over time.
You have no _right_ to the service, so if you choose not to agree, they can't force you to agree, but are they required to continue offering you the service?
Yes. They're offering you the service under a particular set of terms. If you don't like those terms then the company is not obliged to adjust it's terms to suit you (assuming the terms themselves are legal in the first place, for example they don't break anti-discrimination law). In theory you could try negotiating the terms with the company to something that is more favourable for you, but as an individual you're not going to have a lot of leverage to get a company like google to offer a service that's specially tailored just for you! Negotiating is a lot more common in B2B services though, where you can have a lot more money on the table so it's worth it for both parties.
Interesting, thank you! I'll have to look that up further..
This seems remarkable (not right/wrong) to me, that a private non-essential enterprise can be forced to service a customer who does not agree to their terms of use.
There is plenty of precedent. For instance, a private non-essential enterprise is not allowed to refuse service to a customer because they do not agree to never buy anything from their competitor.
Where a company comes up with some terms that are illegal those particular clauses in the terms are unenforcable, but if the terms are within the law then they're the contract between you and the company, and both sides have to agree for the contract to be binding i.e. before the company will provide you the goods/service specified in the contract. If you don't agree to the terms then there's no agreement between you and the company, and the company is under no obligation to provide you with service.
> (assuming the terms themselves are legal in the first place, for example they don't break anti-discrimination law)
As you mentioned, GDPR explicitly states that you can't extort personal data from people by withholding service. However in the broader sense a company can refuse service if you don't agree to their terms.
I don't use Facebook. Planning in near future to stop using any centralised service or monopolised platform (Hey Apple how are you doing?). The move for control over Big Tech is not to serve the users, privacy is the marketing pitch. Everything has to do with future in which Governments want to share big data and control over citizens with Big Tech. It's all about power and money. The years of Internet as a vehicle for people to communicate and grow is over. Get on with it.
You are the consumer (even Obama in the past clearly has stated Consumer, not Human) there is no political agenda that will change this outcome. The only right (for now) that you have is to vote with your money. This is it. In the next 2-3 years, regulations and big business will make Internet practically unusable. I am waiting VPN to be outlawed and kicking the switch off for good..
Complexity? All these different terms eventually turn into lines of code. If they aren't that different or nobody cares (which they don't, look at how many USA-only services are used by Brits) then it doesn't really make sense to add extra complexity for no reason.
"Facebook’s UK users will remain subject to UK privacy law, which for now tracks the European Union’s General Data Protection Regulation (GDPR)" - so, what changes for users?
Nothing changes now, parity is maintained between the EU and UK versions. However, this had to be done now because Facebook needs to allow time to make the transition and ask UK users if they agree to the terms again now they are separate from the EU.
They can't wait to do this because as soon as either the UK or EU changes their laws (may happen in a month, may not for years), the terms would no longer be valid for one set of users. Facebook would end up in a situation where its terms are invalid for millions of users potentially for months.
What changes is that the regulation won't be backed by the EU, so perhaps Facebook sees the UK regulator as toothless, or at least less likely to pursue things?
What's toothless is trying to enforce EU rules on tech companies based in Ireland.
EU rules look great, until one of the nations decide to sh*t on it, see Hungary (I'm a Hungarian citizen, but not really proud of it any more) vs EU recently on budgeting, or Ireland being unwilling to actually enforce any EU regulations.
It would be odd to see the Information Commissioner (the UK's data protection regulator) as toothless, given it has so far been among the most severe in penalising large businesses under the much greater powers it acquired under the GDPR.
This could be more of a strategic move from Facebook, anticipating the UK government wanting a quick post-Brexit trade deal with the US and having limited practical room to manoeuvre in negotiating one. In particular, the UK government presumably doesn't want to commit political suicide, so it's very unlikely to compromise on issues like the NHS or food standards. That means it needs something else, and probably something big, that it can bring to the table. And that could well be favours for US tech firms that are already here, such as agreeing not to go after them for extra taxes and brushing anything resembling privacy protections under the carpet.
Whether that is a good bet for Facebook to make is a different question. If the Johnson administration doesn't manage to seal a deal very quickly -- and it does have a few other things on its plate right now, not to mention a known-hostile incoming Biden administration across the pond -- then there is a decent chance that any future US-UK trade deal will actually be concluded a few years later. By that time, our respective governments might well be led by Kamala Harris and Keir Starmer, for example, in which case Big Tech might have much bigger worries anyway.
But since no-one has a crystal ball, presumably those tech firms are going to try to insulate themselves from unnecessary risk in the fallout from Brexit, and this move by Facebook probably achieves that at a reasonable cost right now, regardless of what might happen some years later.
> It would be odd to see the Information Commissioner (the UK's data protection regulator) as toothless, given it has so far been among the most severe in penalising large businesses under the much greater powers it acquired under the GDPR.
hahahahahahahaha.
The ICO has about as many teeth as a newborn baby.
They have actual knowledge of criminality by the adtech industry and they refuse to regulate. They say as much in their most recent annual report!
No, what the ICO does is issue press releases and notices of intent and then either does nothing or backs way the fuck down.
Just look at Marriot, BA, or AIQ for examples of the reality of the enforcement issues being nothing like their initial announcements of enforcement.
Denham is completely incompetent, and her office simply can't get its act together.
It would be odd to see the Information Commissioner (the UK's data protection regulator) as toothless
Given that the maximum penalty it can levy is £20m, it is completely toothless against any major corporation. BA got off with a slapped wrist after their fiasco. The GDPR looks good on paper but where exactly are these 4% of global turnover fines it was supposed to make happen?
I think you have misunderstood how the maximum penalties work under the GDPR.
In any case, it makes sense that those maximums would be used only in the most serious cases of wilful violations. I wonder whether internally at the ICO they might be waiting for a chance to make an example of one of the tech giants whose whole business model, unlike the organisations penalised so far, is based on exploiting personal data in questionable ways.
Cynical me is thinking Facebook might do this now to rip the band-aid off before the UK privacy law actually gets repealed, because this shift to California terms would be much bigger news if it happened as a result of the privacy laws actually being repealed.
Now Facebook can still easily, with a somewhat straight face, say that this is purely necessitated by Brexit legalities while in reality they're just prepping for the repeal.
It sounds like what changes for users is that UK law will drift from EU law, and so Facebook wants to mediate that through its US office rather than its Irish office. It will still have to follow UK law, but not have to pass it through the EU as well.
FB and Ireland are already fighting over privacy, and the US and UK are negotiating new terms. That may result in changes to UK privacy laws, which FB will be able to take advantage of.
How can any official in the UK or EU say with a straight face they don't think every tech company hands over data to the US government when they themselves hand their own citizens data to the US government.
Lying and deceit has always been a large part of politics but politicians used to go to some lengths to cover it up. Now it's as if we are so used to it and have a accepted this reality that they no longer need to waste energy covering it up.
I'm actually in support of GDPR not being a thing outside of EU companies. We shouldn't be setting a precedent for a world in which the EU writes laws for everyone that take effect for products developed outside their borders.
To put it in context, just because EU users look at your site does not mean you need to follow EU laws any more than if China users look at your site or Iran users look at your site. You only need to follow your own jurisdiction's laws, and other countries can act to block your site if they don't like it.
That said, I'm pro-privacy and think there should be better regulation about that in the US.
Tech companies, or any company for that matter, will do what is best for themselves.
Regulations exist to protect consumers and other companies from accusative behaviors. Remove the regulation and the 'we care for your privacy' message disappears with it. Because they never cared for your privacy, they will just doing what was mandatory.
> Regulations exist to protect consumers and other companies from accusative behaviors.
I think this is possibly a bit naive. Regulations also exist to protect powerful people's businesses, to push personal agendas, and to further political aims even if those are not actually in the interests of any consumers. Also sometimes people think they're making a regulation to protect consumers, but actually it makes things worse.
It even is sometimes weaponized to help fight competition. For example, by making it expensive to conduct a certain type of business and requiring even higher entry costs (things like certification, licences, etc.) it actually favors large, established businesses.
Case in point: Uber suggesting minimum wage for their workers, some time ago. Think about this, the company refuses to recognize them as their work force but are fine to suggest a minimum wage. As it happens, the minimum wage would put their competition out of business at that time so it must have been seen as favorable for Uber. The competition was not so well funded and so this would be an attrition war at a point in time when Uber was potentially able to win it and wipe all competition out.
This shows that you don't even need corrupt bureaucrats to have regulation steered this or that way by private business.
My favorite is the NY LLC publishing requirement. To start a business you must publish that you started a business for 6 consecutive weeks which costs thousands. Wonder what back door corrupt deal was made on that one.
That one is just an archaic rule, but I registered an LLC in NY for like $200 all in. Services will publish for you in random publications for that cost. Still annoying, but not a huge deal realistically.
What does the law achieve? It seems like such a massive waste of money. Why does it need to be a physical publication when a digital publication is cheaper and can have just as much if not more reach?
Based on my reading of O'Henry stories, my guess is that law exists because people were selling stock in scam mining companies with mines in the West back in the late 1800s / early 1900s. If you had to advertise that you were starting a business, then people could look up your company and discover that it is unlikely that your company had $$$ of gold deposits in Colorado.
It doesn't cost thousands. It's at most $200 or so to publish in two newspapers. Where I'm from people always pick the Jewish Ledger because it's something like $79 for an ad publishing a LLC.
It's a dumb rule regardless, but please don't blow the costs out of proportion.
This is called "Regulatory Capture" and is a form of corruption. It is not /why/ regulation exists any more than the murder of Mr Floyd is why police exist.
Regulatory capture is utterly rampant right now and a huge threat to democracy. This is true regardless of one's personal politics or beliefs about big vs small government or political party of preference. It's a cancer and more dangerous than people think.
Be careful of abstract calls to action without specifics. Many calls to “reduce taxes” actually mean a subsidy for some industry in the form of targeted tax breaks. Reducing regulation just as often targets insiders as it does actually improve things.
Often after a dictator takes power they do a crackdown on ‘corruption’ which has popular support. What their actually doing is consolidating power, but if you call it a corruption crackdown then it sounds like a great thing.
What you want is someone that says something specific not platitudes which can mean anything, and are impossible to hold people accountable. Remove a single regulation and they can call it a win. But fail to go to the moon, build a wall, reduce spending etc, and they just failed.
Fewer can mean keeping the bad ones while getting rid of the good ones.
One tax rate sounds like junk to me. A progressive tax rate that applies to all things that get you money: income, gains, loans, etc makes more sense. Along with some way of getting taxes when money leaves local borders.
... And you need subsidies for the things you want to promote. Always doing that as explicit subsidies makes sense though. If you want people to take out loans, you can grant subsidies for their loan repayments
That goal is lost while regulatory capture is the norm.
Others say "better regulations protecting people should be the goal"
That goal is lost while regulatory capture is the norm.
Whatever our cause, without reform of the norm of regulatory capture, our cause is lost.
I'd much rather reform that corruption and the "other side" win power than "my side" win with the corruption raging on.
I'd love it if most people felt the same way about it and were willing to switch voting from Sanders style democratic socialism to Amash style libertarianism to get it done. Or the other way. I'm not sure what's more important politically right now. The corruption disease rages on with a change in ruling party.
More democracy seems like the answer there? If somebody wants regulatory capture, they should have to convince a plurality of people that it's a good thing, and do it again and again on a regular basis.
Add to that more transparency in corporation ownership, especially in trade deals, and strong controls on what regulators are allowed to do during and after their time working as regulators.
Without laws, the people/groups you mention would just use the law of the jungle - might makes right - to get what they want. At least with laws they have to somewhat accommodate this process to get what they want, frequently compromising along the way.
I'm not saying that all laws are perfect, but let's not get overwhelming cynicism get the best of us.
The point is regulations (and laws) are just tools - like a hammer they don't have inherent 'goodness'. A regulation can protect abusive business practices as easily as protect consumer rights.
Might doesn't make right but might writes. (regulations)
As you said, regulations and laws are tools. What you criticise about regulations can be said about laws. A law can protect a vile dictator as easily as protect a helpless citizen.
The problem isn't the laws or regulations, but the fact that we leave corrupt politicians to write them.
Of course, fixing that is much easier than done, because even if you have a functioning democracy, corrupt politicians are still propped up by propaganda. Corporate's wishing to write the laws contribute much to support those politicians with lobbying and propaganda (Murdoch news empire)
To solve this you need a well-educated, politically conscious population, which is easier said than done.
Multiple banks and credit card companies customer support lines now say "this call may be recorded and your voice may be used for identity verification".
I am very skeptical that Facebook has ever acted in their users best interest. The EU privacy laws and the GDPR are a clearly beneficial law to citizens, protecting them against hostile companies.
We are people foremost, not consumers, especially in the context of privacy. Please do not use their terminology, it empowers them by framing everything in the eyes of corporate interests.
When you enter a shop you become a customer, not a human being with feelings.
Same goes for those platforms. You enter it and you become a consumer.
If you're like it or not.
You enter the shop as a human being, and there's certain (human) rights that should come with that.
We're talking here about the right to get a copy of your own data, the right to be forgotten when you want to leave, the right to be informed about data breaches, and a right to agree to types of data processing.
Your analogy is "you enter a shop and cannot leave again, may be abused, and lose control."
That makes little sense when you think about that. The constitution of your country does not stop at the door of a business. All your constitutional rights as a citizen enter the store with you.
You have also human rights granted by international treaties.
Nothing stops applying because you enter a shop.
This just isn’t consistent with the empirical evidence whatsoever. An overwhelming amount of economic analysis shows that the burden of regulation disproportionately falls on small business.
That doesn’t necessarily mean that there aren’t other justifications for any given regulation. But ain’t no small business owner or entrepreneur in history ever said “Boy! All these regulations sure are making my life easy”
Yeah, we never see examples of small teams disrupting large markets with entrenched competitors. I'm afraid with taxi medallion regulations, we'll never see any competition in that space.
They wouldn't have, had they actually obeyed the same laws and regulations.
Instead, they offered a nearly identical service (arranged via app rather than hailing streetside) and skirted around all of the regulations that had kept the incumbents entrenched for so long.
Yes, and? This agrees with the statement that small companies are fluid and can find ways to work with regulations. Coming up with ways to avoid is that.
I do not believe that violating the spirit, if not the letter, of laws and regulations is a good strategy for enabling small teams to disrupt large incumbents.
If we want a healthy market where small and large players alike can thrive, enabling regulatory capture and expecting small players to ignore regulations as long as they can is just bad policy.
Parent was attempting sarcasm, which makes their writing essentially meaningless because the reader has to gursst if they meant what they wrote or the opposite.
or put more generally, rules exist to solve someone's problem. the "problem" may or may not be the one explicitly addressed by the rule, and the "someone" is usually the person who made the rule.
1. It's incredibly naive to think that the sole purpose of regulations is to protect powerful businesses. If you think that's the case, what would you describe the purpose of, say, worker safety regulations is? Food inspectors?
2. Of course they further political aims. Anything that has to do with law is political, by definition. This statement makes regulations sound scary and sinister, but actually imparts no information to the discussion.
A world without regulations won't be some libertarian paradise. It'll be an authoritarian dystopia, where the powerful can do what they please, and you will have zero proactive recourse against them, and very limited reactive recourse.
PS. Consider that a rule, or even aversion against regulation is itself a regulation. Which absolutely has side effects[1] that protect powerful businesses, and is pursued for personal and political aims.
Sure. Businesses will try to protect themselves with regulation to whatever extent possible - it's what the market does (which is why I find it silly to discuss private markets and governance as if they were two separate and independent things). But "no regulations" isn't a solution to regulatory capture. It'll only make competition more cut throat (possibly involving real throats being cut), and companies more anticonsumer.
(Not that any of this matters much these days - companies like Uber demonstrate that you can absolutely run an illegal operation in western countries, and end up with a double-digit billion dollars IPO.)
Agreed. I'd add that most regulations are designed by career politicians and corporate lobbyists. It's too bad the people aren't empowered to design these regulations amongst ourselves.
It’s never “we care for your privacy” but rather “we value your privacy”, which is easy to read as “we assign a value to your privacy”. In that light, the messaging becomes clearer.
> Regulations exist to protect consumers and other companies from accusative behaviors.
This is what people want to believe.
But I think you'll find that regulations exist for a large number of reasons, some of which seem noble and others much less so. Frequently, they exist to provide disproportionate protections and perks to the connected.
I think this outlook is very much part of the reason that Britons are worried about Facebook's move to Californian terms.
In the UK we do have very well established "Consumer Law" which is there explicitly to protect the consumer and recognises that they are often not otherwise in a powerful position.
The most relevant stuff for Facebook is the data protection stuff, but another example, relevant to other online transactions, is the Distance Selling Regulations ( https://www.gov.uk/online-and-distance-selling-for-businesse... ). This gives the customer the right to cancel, without a reason, for up to 14 days after the goods are delivered. If the business doesn't explicitly tell you this then your right to cancel is extended to 12 months.
Well, for whom regulation works out depends on how your government is. But also, a lack of regulation or oversight can have a lot of consequences. A good example is the Greenfell tower tragedy - fire protection authorities in the EU have warned for years about these claddings and materials, and in the EU there are not stricter regulations. And they save lives.
So, when regulations do not work for your advantage as a normal citizen, maybe the problem is not the existence of regulation but the lack of democratic representation and integrity in your government and the bodies it creates and controls.
While I agree with part 1, part 2 of your argument is simply not true. The regulation has very little to do with the benevolence of our political masters towards us peasants privacy. It is the users who care about privacy (which they themselves don't really understand) which both the corporations and governments have spotted, while corporations like Apple, Google, Facebook etc. have come up different strategies for competition with each other on privacy, governments have mostly come up with nonsensical legislations most funded by these very tech companies or some other rent seeking establishment like EU. None of those regulations have made web safer for us on the contrary it has put a compliance cost on everyone.
The best innovations around privacy have come from the desire to prove to users that the company respects your privacy. Regulation has mostly given us fake cookie related banners that have become a spam in themselves.
The 'we care for your privacy' is not mandatory, it is just whitewashing. In fact, I see it by now as a warning sign that unnecessary processing takes place.
I never understood this. If the freedoms outlined in the constitution are universal and inalienable, shouldn't the US also apply them, well, universally?
The Constitution is based on inalienable rights (speech, worship, privacy, etc.), but it's not a list of inalienable rights as such. There's nothing inalienable about presidential succession, bicameral legislatures, or the electoral college, for instance.
Not wrong, but the constitution is meant to be a limit on the US government. They don't have to protect them from others, but surely it shouldn't be willfully trampling those rights through its own conduct either.
So that was never true until after the 14th amendment passed and only later on when it was interpreted by the Supreme Court.
The entire US constitution only applied to the US Federal Government, until the 14th amendment expanded it to state governments and all publicly chartered entities and all entities that accept direct material support from publicly chartered entities which is only noticeable when they interact with the people.
So that would have been over 100 years ago so you might think the point is moot. The reality is that the point is not resolved, never will be completely resolved, and has had less time to be resolved than people may notice.
There's a difference between preventing american companies from violating these rights abroad, and actively protecting those rights everywhere in the world. i.e. one is a lot easier to enforce, since the US gov has jurisdiction over US companies.
Very late response but wanted to clarify, I'm not saying it's the duty of the US government to actively protect the rights of the entire population of the world. That's actually quite a radical perspective (I always found the 'bring them freedom' argument for invading Iraq quite an interesting position for conservatives to take).
But what I instead mean is that if the US government interacts with non-citizens outside of its own borders (as it often does), shouldn't it respect the the 'inalienable' rights 'all men' have? That would preclude them from engaging in torture, detention of non-combatants without trial, mass surveillance of foreigners, etc.
What I mean is that it shouldn't matter if a person is a US citizen or not; if the US government is interacting with people, it should respect the rights it believes all people to intrinsically have. Again, that is different than proactively 'bringing' people those freedoms.
This won't fly, for the simple reason that the ICO will have the same set of rules regarding data privacy that the EU has right now. They may change it, but that's the starting position. Facebook is not going to like the kind of fines that the ICO can throw at them.
The headline is somewhat misleading. The purpose of this move as the article explains is not to skirt the UK laws that have been "imported" from EU, but to avoid having to comply with both the UK-GDPR and EU-GDPR for UK citizens initially, and to make it easier to operate according to any bilateral treaties between the US and UK.
Which will by the way make treaties in that area between UK and EU more difficult, as they will require some equal level of regulation. And that could bite because services are an important part of the UK economy and a part of them are digital services.
Not sure I would go this far, but I do agree with this
> The ICO can fine, but almost certainly won't
But only because one the U.K. leaves the EU, the ICO will struggle to actually enforce its fines when all of the companies involved are notional operating in the EU with little direct presence in the U.K.
They've been failing to even issue fines, let alone enforce them.
Both for competence reasons (see also: the collapse of the AIQ enforcement, and the climb-downs in Mariot and BA cases) and for... I don't know why in the adtech case.
The ICO has evidence of wide-scale criminal behaviour in the adtech industry.
And yet they flat-out refuse to take enforcement action.
They're even proud of the fact they're refusing to do their job - they put it in their annual report!
And even in their non-data protection duties, they've all but given up enforcing the Freedom of Information Act. Statutory timelines are apparently now utterly meaningless. The ICO has even stopped publishing data on compliance levels.
It looks like Denham wants to spend her time as Information Commissioner issuing tough-sounding press releases and threatening (but ultimately flawed) pre-enforcement notices and then using the publicity from those to become a Thought Leader in AI ethics.
If so, we seem to have a major disagreement about the definition of a "good job". The ICO, by its own admission, found that:
> The investigation found how the three CRAs were trading, enriching and enhancing people’s personal data without their knowledge. This processing resulted in products which were used by commercial organisations, political parties or charities to find new customers, identify the people most likely to be able to afford goods and services, and build profiles about people.
> The ICO found that significant ‘invisible’ processing took place, likely affecting millions of adults in the UK. It is ‘invisible’ because the individual is not aware that the organisation is collecting and using their personal data. This is against data protection law.
The ICO was clearly aware that a large-scale GDPR breach was being committed for profit for several years by a large company who should know better (and has the resources to comply should they want to), and the best they could muster is an "enforcement notice" as opposed to a fine?
How is this legal? Since EU members have to create laws for implement EU laws. So each country has a law for GDPR, including the UK. Those laws aren't going to suddenly stop being on the books in the new year.
That's an interesting point. As far as I remember, there is quite a lot of EU laws which did become UK laws. Aparts from the question of the benefits to do so, it would take many many years to disentangle that.
So, the UK governments solution is that all these laws will be re-written by the government in one big package and the UK parliament gives more or less an advance approval to that. I am probably not the only one who sees this as a significant weakening of parliamentary democracy in the UK.
GDPR is not an EU directive. Directives are the ones that member states will need to adopt to their own laws. One example would be consumer rights directive. It gives a list of goals, but member states can decide how to archive them.
Regulations, like GDPR, come in effect automatically on the whole EU. One example of these, in addition to GDPR, would be various economic sanctions.
If someone leaves EU, they would still keep all those laws they implemented before but are free to change if they wish by following their own law making procedures. However, they would no longer need to care about any of the regulations (they may need to follow some if they wish to trade with EU). They are free to still adhere to them if they wish. They may need to adopt some laws for them if their national regulation bodies don't have necessary rights to enforce such regulation (as earlier EU regulation would have triumphed national law).
Where is the problem, Facebook leaving is a clear net plus for the EU. And the same goes for Amazon with its disregard for workers rights, health and safety standards, and failure to pay taxes.
I don’t understand this, but maybe I missed it in the article. How can FB avoid GDPR simply by moving offices? The rules apply to any business anywhere so long as they serve EU users. What am I not getting here?
British users are no longer subject to EU protection come January 1st and we can now be thrown to the wolves, courtesy the wisdom of our Brexiteer chums.
British users are no longer subject to EU protection
GDPR is fully incorporated into British law so can you clarify what you mean by this? Do you mean that the EU regulator has more teeth than its UK equivalent? Both seem to be equally useless in fact.
I mean that - whatever the legal details - Facebook clearly feels that it is now more useful to manage British data under a jurisdiction that was not an option before, an option that was held up as offering significantly less protection than under the EU.
I don't buy the equivalence in toothlessness either - the EU seems to have a willingness to take on big tech overreach in a way UK Gov has neither the capability or willpower going by past performance.
The whole Brexit enterprise is mainly an attempt to do maximum de-regulation. The discussions about food safety standards and health care service and its financiation are pretty good indicators what will follow in other areas.
I know people will be up in arms about tech companies abusing data, whatever that means, but what I don't fully understand from the article is why this is happening.
> Facebook’s UK users will remain subject to UK privacy law, which for now tracks the European Union’s General Data Protection Regulation (GDPR)
My understanding is similar to this, which is that all the privacy laws are the same, so is this a Brexit thing because the UK is outside of the EU so it's a legal liability to hold information within the EU (Facebook Ireland as it says)?
My guess is this is exactly what the "deal/no-deal" divergence talks are about. Today, the UK and EU GDPR rules are in alignment. But on the 2nd January, there's nothing to stop the UK from throwing them away.
I think the headline here is a bit clickbaity. The post-EU UK has adopted the EU's GDPR legislation wholesale, and Facebook explicitly says that data will not be treated differently than that of EU citizens.
So while this might "avoid" EU privacy rules in some stretched interpretation of "avoid", in fact it will be avoiding them by applying an identical set of rules. That is, unless the UK government changes its data protection legislation at some point, which is another kettle of fish.
I don't think it's another kettle of fish, I think it's exactly what this article is about — the only reason for them to make this change is as a pre-cursor to a divergence in the UK/EU privacy laws (EU further strengthening their laws after Brexit, or UK weakening theirs).
They've given a vague statement to defend this being necessary — "Like other companies, Facebook has had to make changes to respond to Brexit" — even though Reuters point out Twitter as an example of a company _not_ making a change like this.
Also, Facebook haven't explicitly said that they won't treat data differently to EU citizens, but that "There will be no change to the privacy controls or the services Facebook offers to people in the UK", which is subtly different.
I agree that preparation for potential divergence of the law is a major reason for this change, but even if that doesn't happen it still makes sense from a jurisdictional point of view. Having interactions between a US company and UK citizen be beholden to EU law enforcement, when neither of those countries are part of the EU just complicates things for no good reason. There are likely other complications regarding movement of data between UK, EU and US that can be simplified by applying those equivalent UK-GDRP laws on movement of data, but now just between UK and US.
The UK GDPR is not exactly the same as the EU GDPR.
To give one example, the European Data Protection Board (EDPB) has no authority to bind the ICO.
The recent fin of Twitter by the Irish DPO was subject to that mechanism (Ireland tried to fine Twitter, the EDPB said the fine was too low and it was increased).
Yeah, but have UK privacy laws been updated to reflect fact the UK is no longer part of the EU?
Something I've seen in lots of UK law derived from EU directives is that it applies limits to behaviour specifically happening in the EU. So UK privacy law might provide a whole load of protections to EU citizens, but not specifically to UK citizens, because EU citizens would be a superset including UK citizen. Except, as of 1st Jan 2021, that won't be true any more.
I understand that those laws have been updated: that EU law is initially being adopted with appropriate changes, i.e. it won't reference the EU any more and will reference the UK instead (and isn't defined around citizenship anyway)
I have a similar understanding, what will be interesting is how the UK will enforce its rules. Facebook has its HQ in Ireland, which notable not in the UK. This also applies to most other US companies.
Kinda makes me suspect that some companies will just ignore UK data protection law on the basis the UK can't do squat to enforce it.
Yes, for now, although it would surprise me if changes haven't already been negotiated with the UK government: Deputy Prime Minister Nick Clegg has been on Facebook's staff since 2018.
Even without that, it doesn't make sense for Facebook companies to store the UK data in the EU/Ireland, where it would presumably then have to comply with both EU GDPR and UK GDPR.
That’s former Deputy Prime Minister, for the record. Considering his subsequent performance at the polls, a lot of people would further add the prefix “disgraced”...
EU directives such as GDPR come into power by being localised and enacted, ie made into UK law. The data protection act 2018 will cover us up until it’s reversed, which is what some of us fear.
FYI, that's not quite correct. The EU makes laws in several ways. A directive is, as you said, a measure that individual member states then incorporate into their own national law to give it legal weight. But the GDPR is, as its name suggests, a regulation, which means it carries legal weight immediately and in its own right across the entire EU.
The UK's position is strange because of Brexit, but it seems the practical position of all recent governments has been that existing EU laws should be transposed into UK national laws where necessary and with the required changes to make sense, until such time as our national authorities might decide to deviate from them. Primary legislation has already been made to that effect. The big question is what "that effect" actually is, given the huge volume of legislation affected and the potential ambiguity in what changes are required for any given law of EU origin to continue to make sense in a post-Brexit UK.
This is the balkanization of the internet. We've lived through a brief period of free exchange among peoples, but it's soon over. I predict only one viable future for all technology companies, big and small: Pick a single national jurisdiction, keep your employees and servers inside it.
This is absolutely not what's happening here though. Facebook absolutely could keep the data within the EU, they just think it's more profitable to move UK user data to California. Now, it's a valid question as to why the UK would allow their constituents most personal data to be transferred out of their jurisdiction, but that's up to the UK government. Facebook exists in hundreds of jurisdictions, it's not rare for them to move user data out of a jurisdiction or intio a jurisdiction. It's almost unique that a govenrment encourages that by reducing regulation though.
Maybe I've misread the article, but I didn't see anything about Facebook transferring user data to the US. What has changed is that FB users in the UK will be agreeing to terms with Facebook Inc in California rather than Facebook Ireland.
I suspect this is because the UK has a data sharing agreement with the US, but when Brexit kicks in there is not a legal mechanism in place for easy transfer of data from the EU to the UK (which makes your life hard if you're a company based in Ireland and you need to send data to the UK.)
> why the UK would allow their constituents most personal data to be transferred out of their jurisdiction
Are there limitations with using products/doing business outside the UK, from within the UK? As in, is there any authority that they could use to stop people from, willingly(?), using a foreign internet service? It seems that would require some pretty draconian internet policies.
There are, quite rightly, strict rules about how companies handle personal data (and that includes not transferring it to jurisdictions where those rules don't apply). I don't think any of those rules apply to individuals handling their own personal data.
Would it be possible to store data in a cryptographically decentralized way to stop giving meaning to "where" a data is stored?
Or maybe even just XOR it with a random key, put the result in the UK and put the key in the US. That way neither US nor UK has "personal data" -- independently each country just got a pile of white noise -- but the two countries together do have it, and they wouldn't be able to say who "really" has it.
I suppose, but law has to be governed by written documents, and part of technology's job is to advance society by identifying and operating in the loopholes of those written documents. What does the written law define as "where data is stored"?
The problem is people expect all things to be free (beer).
Naturally there's a cost to all things: developers need to eat; they need a work/life balance.
Unless there's financial backing for a concept or project it will have a hard time getting off the ground.
And unless there's some corporate interest in what's being worked on it simply won't be written.
The best hope is open-source outreach not as benevolence, but as part of a large company's recruitment policy.
One thing I'd like to see is Microsoft licensing Firefox's backend, and allowing the user to chose which engine to use.
Chromium might have some major advantages, but user privacy (and ultimately experience) will never be a part of it - we need to stop relying on corporations that have intentions that are ultimately adversarial to the end user.
Will that ever happen? Fuck no - Microsoft already bundles adware into their $300 operating system.
> The problem is people expect all things to be free (beer).
That may be true, but few people ask the follow up question “why do people expect things to be free?”
The answer is usually because companies like Google had pulled a bait-and-switch of sorts where they offered a service for free long before they made a commercial business of people’s profiles. They set this expectation of free themselves.
And you can’t really blame a consumer for wanting to bag a bargain.
E.g., running a small e-mail service was a popular side business that provided a predictable amount of extra for many developers around the globe. And customers were generally fine with a small charge per month – that is, until GMail effectively put an end to this.
I mean the other simpler answer is that monetization technology lagged compared to the internet, and the generation which grew up with it's growth (us) didn't have things like debit-only Mastercard's to even have the theoretical possibility of paying for things online.
Free was a requirement to have any sort of audience. It's still a burden in a lot ways. I suppose there's some version of the future where Amazon builds a microtransaction platform that allows direct end-user billing of the Lambda-time it took to serve your web request. That would be interesting.
I’m old enough to have had a debit card for the entirety of the webs life and I recall things differently:
- Email wasn’t free (particularly in the pre-web days)
- you had to pay for internet usage per phone call (and it used to be expensive before ISPs went mainstream!)
- hosting wasn’t free (Geocities changed this but there were heavy limitations that even in the 90s surfers felt: storage space, ad banners injected into your site, no friendly domain name, etc)
Most of the free stuff was pretty naff. But people didn’t mind because they used that free stuff for doing generally naff things with. There was a certain beauty to it, like walking through a car boot / yard sale you find the occasional gems but nobody had any illusions of greatness.
What happened after was professional businesses making professional services free. That was the game changer. And it put a lot of non-free services out of business.
Copyright is a different issue but if you want to discuss that then it’s worth noting that when copyright law was invented it was intended a bit like a patent law but to protect authors against the cost of printing books. Stories themselves were considered ideas and thus where considered free because before printed books stories would be passed on to one another for free by word of mouth.
More recently and it is actually perfectly legal to copy music off the radio and programs off the TV. It’s even legal for people to share their VHS recording with friends and family and keep those recordings around indefinitely. A great many of purple took advantage of that — those who could afford to buy singles or films would do so while others were happy to wait until it was aired and then copy it one a blank cassette.
Trademarks were also less aggressively pursued. That might have been because before the internet was as commoditised it was apparent when Bobby Joe used Disney’s IP for their kids birthday. But now it’s so much easier for companies to identify and clamp down on what they perceive as theft of their intellectual property.
Whether you agree with current copyright laws or not, there has still been a long history of precedence of greater consumer rights and minor transgressions being ignored...then that all changed when content went digital. However people’s attitudes didn’t change with the switch to digital content. At least not initially. Napster was born from the generation of people who grew up recording music from the radio but who no longer listened to the radio. At the time of Napster, downloading was still pretty slow (or, more precisely, peers uploading the MP3s you wanted were slow) and most MP3s were sub CD quality anyway. So if you could afford to buy CDs then you probably would have done.
The real change was when downloading became more convenient than legally buying. That’s really when piracy took off into the mainstream. But when that happened that was because consumers were desperate for a more modern business model while content owners kept dragging their heels by squeezing their antiquated business model and threatening anyone who didn’t comply.
Let’s also not forget that, for a long time, legally owned content was worse than the same content pirated. eg CD root kits, the unskipable “you wouldn’t steal a handbag” adverts that ironically only appeared on legally purchased DVDs, DVD region locking, etc. If you owned a pirated CD or DVD then your user experience was often better than those who paid for their legal copy.
So I find it really hard to be sympathetic to content holders because they’ve lobbied to extend copyright, reduce consumer rights on digital content, and have held back the entertainment industries for years with anti-consumer practices while the world evolved around them. And I find it hypocritical that they then moan about how everyone else is playing foul and they’re just the victims in all this. It smacks of playground bullies moaning when kids refuse to give them lunch money.
But this is all a very different topic to the one of online services, which was the topic originally being discussed.
Obviously the EU is a force against that, standardizing regulations across the whole EU. Facebook is changing how it relates to UK users because they have left the EU, of course.
At the moment there aren't really any significant contradictory laws/regulations I am aware of. Facebook could just choose to treat everyone as if they were protected by EU laws, but they choose not to. They didn't have to change how they relate to UK users, but they legally could and they chose to.
I don’t think this is correct. EU is pretty strong in favour of data localisation, UK is not. Moving customers to California doesn’t mean they are no longer under UK privacy rules, which of course are identical to EU privacy rules (for the foreseeable future, could change of course).
While I agree with the theory of what your saying, I'm not so sure it matches the reality.
If it did, then why is Facebook moving the data? There would be no benefit. Also it's currently not clear that it's actually legal to move EU citizen data to the US, because the EU doesn't thing the US has strong enough privacy protections.
I know that EU citizen data is in the US, and people keep coming up with clever legal structures to make it legal. But those structures keep getting ruled illegal by EU courts.
The EU has been one of the strongest pressure points towards forcing the rest of the world to acquiesce to EU specific requirements or leave. As such, the EU is at the forefront of balkanization of the internet.
We seem to be nearing peak big tech which does conflict a bit with the nation state system but looking at technology today it does seem to be a temporary phenomenon with light at the end of the tunnel. Decentralized protocols that operate at the internet layer above the interference of nation states are being built and deployed today and while they are still in their infancy they have a clear path to providing a neutral, private, and reliable platform for people from around the world to work together, build together, and coordinate more easily without any big corporations or authoritarian governments corrupting the systems.
Facebook/Twitter will be turned into a protocol within 10 years that anyone can use. Permissionless systems like the internet always win over centralized systems over time. Big tech will eventually be remembered the same way as we remember AOL.
The future is bright and I'm fairly optimistic. I will enjoy living in a post-nation state driven world where humanity works together as a whole towards our common goals.
What utter nonsense. Facebook and Twitter will not turn themselves into protocols unless explicitly forced to do so by authorities. It's in their interest to be monopolies.
I didn't say they will turn themselves into protocols. The social protocols that are developed will displace those corporations over time as they provide more functionality with fewer restrictions.
The current tech giants will adopt what they can control and will crush whatever they can't. Either technologically, fiscally, politically, legislative or socially.
Are there good cases of Facebook ignoring democratic laws? I've never really heard of Facebook doing anything that isn't in violation of laws (United States laws at least, I cant say other countries). For the U.S. the laws just aren't there yet to put the right restrictions on Facebook
This is pretty incoherent frankly. I don't agree with the categorization of the present as "peak big tech". Most tech firms have long roadmaps and global expansion plans, we are hardly at the peak.
Every social network that has gained any significant popularity (>100M users) is built on a closed system. Email is the only open protocol system that is relevant to bring up, and its flaws and shortcomings are well documented. Most enterprises use a closed system on top of email (Office 365 or G suite primarily) and communication is migrating to entirely closed systems (Slack or Teams).
Closed systems offer huge advantages for innovation, providing excellent user experience and strong privacy controls. As such, closed systems will continue to be the dominant paradigm.
It wasn't feasible to build an effective decentralized social network until a few years ago. It's still not really feasible today but thousands of people are working on it and progress is being made.
I think email is a great example as it's a highly successful protocol that unifies most applications together. When you go to a website you sign up with your email. It's universal. You can guarantee that someone can interface with you via email in a way you can't with centralized services like Facebook. There have been some businesses that primarily work on Facebook but it's uncommon and they always have email as a backup. If you want to notify someone of something or provide an official service it will be over email. Email wins because it's decentralized, warts and all.
I share your optimism, though I think there remain significant economic and technology headwinds that have been slowing down the development of decentralized web technologies.
Could you elaborate on what those protocols are, how they help, what their weaknesses are, and what work remains? I'm really curious to learn more about this area. (Even just a link summarizing this would be awesome.)
There are a lot of open hard technology and business problems to make decentralized systems act as good as centralized systems. In short, The web architecture (HTTP, HTML, URI, MIME) inherently is decentralized for consumption but encourages centralized updates. Many years ago I wrote about these technical challenges and some ideas for solutions on “the Write Side of the Web”.
Mastodon, does not operate above the ability of a nation state to block Mastodon.
At the info tech department of a large flagship university recently, (and for reasons that are a bit salacious), there was a need to block mastodon servers on campus and some coming from off campus. It was almost as easy as the flip of a switch to turn it off. If a university can do it on their network, it's a virtual certainty that a nation state can do the same.
I love talking about this stuff but it does have a lot of technical jargon and dependent knowledge that is very difficult to convey simply. I'll try my best. Also this stuff is still being designed and built so some of it is not even concrete yet. Getting really into this would be a big article too so I'll try to be brief but not too much.
The basic premise is that protocols are more powerful than centralized entities as they are permissionless (anyone can use them without asking first), uncensorable (you can build a business on top of it without worrying about the platform disappearing from under you), and decentralized (no one single entity controls it and thus it becomes a public good). The internet has all of these properties which is why we all use it. Nobody built a Google on top of AOL for the same reason nobody built a successful business on top of Twitter (look this up if curious).
Protocols were limited until the invention of shared trust (Ethereum etc) but can now be instantiated for many kinds of discrete data and operations. Protocols are currently being built for identity (BrightID, POAP, many others), commerce (NFTs for art like Rarible, God's Unchained, etc, pretty much a standard way for everyone in the world to exchange physical goods which enables things like OpenSea which is a digital Ebay), primitive social protocols (Peepeth[not a great example but does the trick], Gitcoin, etc) with many more that I'm running out of time to list.
The important thing is that all of these protocols are open for everyone to use and even modify. Everyone is running on a shared data set and even more importantly they all weave together. Many apps are using an identity protocol for all user account type interactions alongside the NFT protocols for representing the objects used in the system. The protocols themselves handle the complexity and enable the scale needed for a single fair system to be used everywhere without the negative effects that would have in today's society (Google running the comments everywhere on the web would be a dystopia, but a Usenet group for each website would actually be nice).
Years of work remain and most protocols are still in the early days. The protocol that weaves a whole bunch of smaller ones together into a cohesive social network is also years away as it relies on the smaller protocols such as identity, file storage (IPFS), systems of moderation (DAOs, Kleros, etc) et all to be further developed to the point where others can take them and create something grander than the sum of the parts.
Hundreds of groups of people are all working hard on lots of aspects of these systems together. It will take time but even the progress today is rather exciting and feels like the early days of the internet itself.
(I'm not the best writer and I have a feeling this was a bit disjointed and not super helpful so sorry in advance and I can try to follow up on things if anyone is still interested.)
I'm an engineer not an educator. Sit in a room with me and a whiteboard and it would come across pretty easily.
Also professional techies doesn't really mean much. If I throw out terms like sybil resistance, economic abstraction, or merkle tree it doesn't really make things clearer for most people here.
I wouldn't really call it balkanization. Most services still operate across borders. Thanks to the internet I have contact to peers from all over the world. Some aspects of the internet will become more localized in the future, but generally inter border communication is still growing I think.
And in fact on an EU level, rules are unified instead of balkanized. The digital single market project brought things like the GDPR or the abolishment of EU roaming charges, allowing you to travel around the EU without having to pay extra to your phone provider.
The EU as a whole is much more consistent than individual countries, in fact, standardization is one of it's biggest strengths.
I used to work for the national vehicle registry in my country. European vehicles were easily registered using standard European "Whole Vehicle Type Approvals". Each new European car came with a type approval number linked to it's info, no problem.
American cars were a nightmare. Every new vehicle type came with it's own adventure of Googling or otherwise gathering information about the vehicle (number of doors, engine size etc...). Just no standards whatsoever. Horrible.
That is not true. Each state has different regulations, that's why the article says "moved to California" and not just "moved to the USA". It's possible that UK law is incompatible with other states.
The USA has as many or more different regulations than the EU, as lobbying is very strong in America.
Everyone remembers that "balkanization" refers to chopping up a nation into pieces (Balkans), right? So it's funny to see nations and multi-nations groups, who often sign treaties to "rationalize" rules, referred to as Balkanizing.
Living in a country where a global total war and several occupations of the most evil totalitarian regimes in history is still within living memory, and having been under an isolationist totalitarian power, comments like these make me shudder.
Globalization has some problems. The benefits so far have massively outweighed them, especially if you take the long view. How about we try to fix those faults, instead of retreating and isolating?
Centralization of supply chains, economic monoculture, increased spread of disease, increased carbon emissions, massively increased pollution. That’s a lot of risks which are mostly unquantifiable; it’s dubious to claim we know which is worse, especially in the long run. We lived without globalism for many thousands of years, it’s incredibly new and unproven.
I think the idea here is that keeping most humans alive, relatively healthy and out of poverty is good end goal and globalization helped with that.
We do have unquantifiable long-term risks but I would wager you don't want to live in the days where you did from a small wound because we don't have the technology or scale to provide antibiotics.
That is a false dichotomy. There was a sweet spot we had in between the invention of the antibiotic in the 1920s and now when societies were more localized. I find it quite doubtful, for example, that disposing of tons of forever chemicals (PFAS, etc.) in the ocean is at all compatible with keeping humans alive, even most humans. These are the unfortunate incentive structures we get when there is so little accountability.
Are you imagining that globalization will somehow create peace and prosperity between Chinese, Arabs, Jews, USAmericans, billionaires, cocoa growing child slaves, and the rest?
Yep. Another scary trend is the recent move of Joe Rogan under exclusively Spotify platform, together with the fact that they've removed the Podcasting part from their app for a number of countries including my own (Ukraine). I really hope there's going to be some common-sense movement that'll put this absurd to an end.
That's like the complete opposite of what the comment you're replying to is talking about. They're arguing against globalization and you're against different rules for different countries.
If you don't want globalization and think multiculturalism is the devil, it's kinda hypocritical to decry isolationism keeping away the global culture you do want.
The comment states it's anti-globalization and then states "it could be a good thing", I didn't see that as "arguing against globalization", felt more like adding points to the discussion.
I don't believe in utopia of full 100% globalization (one nation? one army?), but it definitely seems like a good default, and splitting the internet is kind of a worrysome trend.
This should also a taster for people living in the UK (including me) on what will happen to our rights under a sovereign state after an apocalyptic Brexit. Not politicising this conversation, just seing what is to come outside of the EU and with the struggle that is coming head on.
First they gave our FB data to the americans, next they went for our NHS! :)
ps1: I don't use FB
ps2: I got nothing against the americans (apart from their eating habits and love for guns)
ps3: there is a post-Brexit feast coming, and it won't be the People enjoying the main course(s).
> This is the balkanization of the internet. We've lived through a brief period of free exchange among peoples, but it's soon over. I predict only one viable future for all technology companies, big and small: Pick a single national jurisdiction, keep your employees and servers inside it.
That's better than a race to the bottom, e.g.
> Pick the jurisdiction(s) are most biased towards your selfish interest for your shareholders, tell the rest of the world to quit whining and deal with it. They either they can play ball or opt of of modern society.
Facebook can absolutely operate in each country following their laws. They just have to change their own company structure and data policies. For example, they may need to physically separate EU data from US data completely and have separate employees with access to each.
I don't see any reason they cannot do that. It will hurt their bottom line for sure, but it's completely reasonable imo.
For social networking companies like Facebook, is that bad? Shouldn't each county be able to enforce the things that are important to them (ie, outlawing Holocaust denial or allowing more nudity) rather than the entire world bowing to US mores and customs?
Nothing really changes for the rest of the web. You're allowed to stand up your own webserver if you want.
For business purposes the EU is one jurisdiction, so if a company can find a set of practices that complies both with the EU rules and the US rules, and doesn't violate anything Canada, Japan, the UK, or South Korea requires, they can serve about a billion people. They can probably live with that.
Facebook is in the business of selling advertisement. When they sell advertisement in the EU, they must follow EU legislation, including GDPR. Mercedes Benz is in the business of selling cars. When they sell cars in the US, they must follow US legislation.
Nothing new in that. Different jurisdictions have always had different legislation, both online and offline. For a while, when the internet corporations were small, and most business and life interests were still offline, internet companies flew under the radar. The last 10-15 years, though, larger jurisdictions have very much asserted their influence online.
Whereas some Brits don't care about privacy protection, many do. The British likely already have or will get their own privacy laws after Brexit, but it remains to be seen whether large corporations like facebook will respect those.
When Britain was inside the EU, facebook risked billion euro fines. Outside of the EU, the risk of ignoring the rules is smaller.
The latest move from facebook shows that they believe British users are now fair game. They can prey on them the same way they prey on Californian users.
ok, but this is about moving users' data not employees or servers? I'm not following the leap in logic that seems to be happening to connect these things here.
Free exchange among peoples is alive and well. It is easier today to make a website and share anything than it has ever been in the history of civilization.
All this is is the reining in of a few greedy corporations that offer information-sharing platforms in exchange for exploitation. New communities will pop up, and old ones resurface.
It's easier to put things online wrt technical barrier of entry and cost, but it's a lot harder for things to get seen.
Got a popular page on Facebook? pay for it to be seen. Got a great unique website? Pay to be seen via Adwords.
Website owners don't link so liberally as they once did because the link graph has been obliterated by "what people think will please Google" rather than linking to things they think other people might like to see.
When I used FB I lost count of the number of times I had to re-jig my setting for displaying content from "most popular" (according to them) versus most recent.
I still find that when I'm browsing Facebook. I see an article with XXXX number of comments and try to see what's newly been said, it's almost impossible- it's like I'm fighting against what new information is available vs their preferred method of displaying things due to the technical limitations of how they store information.
Here's something I've always wondered: I don't really get this obsession with maximizing the number of people who go to one's web page. If you're just a regular person who's not profiting from ads or something, it shouldn't matter.
If I post something to the internet, I maybe send it to a few people who might want to see it and that's it. I don't care about collecting pageviews, or likes, or follows, or upvotes, or any of these vanity metrics. It doesn't really matter to me if something I wrote was viewed by 10 people, 1000 people, or 100,000 people. Who cares? What difference does it make? My life is not richer because thousands of random people read some blog post or forum comment.
The only reason I can see to promote some creative work is if you're making a profit off of it. In that case, it's an investment. Spend $X on discovery and make $Y in revenue from ads or conversions or whatever. But just to put up some web site about your stamp collection? Who cares how many people visit?
Since I do currently earn money from my programming tutorials, let me tell you about my blog in the late aughts.
I wrote hundreds of pieces about language learning, teaching and elementary school-aged education. One benefit from that work was that it helped me grow as a teacher and later as a curriculum designer. But that wasn't the whole thing. I made friends from that blog.
I also got emails from teachers living all over the world, asking questions and thanking me for the topic. Cambridge University Press contacted me and purchased rights to some of my writing and distributed it far further than I ever could have.
Given the assumption that the content really was useful, more people seeing it meant better educational outcomes for many, many young students that I'll never meet.
The reach of media is a multiplier for its impact.
It sounds like you made something beneficial for the web in which your peers agreed.
How about in 2020, would you agree that the amount of visibility your site gets is dependent on FB and G algos? Even if the content is evergreen? Of course that disregards other sites making new things but I'd say your value is not diminished either way.
Social media was a major source of blog traffic 10-15 years ago and now it's negligible (see Rand Fishkin's talks for more on this).
Google has also been keeping more and more traffic within its ecosystem, but it's still by far the largest remaining source for most independent sites.
The landscape for independents to get even traffic, let alone comments is very, very different than it was. As fb and reddit grew, my site comments reduced by over 80% while traffic was flat. Readers who had been around for years continued but newer visitors stopped.
For a while social media shares made up the difference, but over time social media traffic dropped to less than 5% of its original level. I started seeing less and less value in what I'd once thought was evergreen content.
Then, I changed careers to software. It wasn't because of the drop in RSS readers, blog commenters, etc, but those changes did decrease my enthusiasm about blogging as a social activity.
That’s great, thanks. But do I need to slaughter and sacrifice my privacy to Facebook and the public space to trolls and fake news optimized for virality?
Reach out?
Find presence on a specialized platform rather than generic portal containers steered by proprietary algorithms.
Almost anyone who publishes something wants people to read it. The ones who don’t care how many people read their ideas don’t publish — they keep it to themselves or just discuss it with friends.
People will read it if you link to it contextually. I made a throwaway video demonstrating the 125mhz Ethernet carrier for that etherify HN post a month or so ago. I posted the link in a mid-level comment. 200 people watched the video.
Today we view that number as approximately zero. But that's past Dunbar's number. That's more people than I will have any kind of meaningful relationship with simultaneously. Most people would get a little nervous standing up in front of 200 people and saying anything.
It wasn’t about views, it was about feeling that you’re part of a community. If nobody can get to your pages then no comunity.
There used to be a time when websites were linking eachother and the information sharing formed a wonderful community. At first, search engines were indexing these webpages but those times
are unfortunately over. Now the community turned into walled gardens.
I'd disagree about your supposition of an 'maximizing the number of people who go to one's web page', which the rest of your post alludes to. Most smart online marketers are concerned with conversions rates, not volume of visitors. ROI as you mention with $X and $Y
The point is about how people discover new information. As an end user, on which platform, how that platform allows me to discover the new information, are there platform or result alternatives etc etc.
IF we're reducing my online information discovery to "how advertisers can effectively make an ROI out of me", especially from one or two portals, I suspect the outcome is I'm being duped or at the very least, shortchanged of all the other sources that should be available to me.
Why not? I put all sorts of notes, random thoughts, and guides to the web. It’s nice if someone else benefits from it, but the goal is really to keep notes for myself or that I can directly share with someone else. It’s great to have it easily accessible from any device with a web browser from anywhere.
Kind of what blogging was about (and still can be).
There is one place where you can guarantee your information and exchange of ideas is easily seen, paying little to no money.
Comments.
Comments are the final frontier. Why do you think I never bother getting a personal blog website off the ground? Because the traffic it gets pales in comparison to the audience I get from writing comments. This comment for instance might be seen by several hundred people, all within my target demographic. How many people might see my longform blog content? Maybe dozens if I'm lucky. I've never really written a meaningful blog post, but I've probably written a novel's worth of comments.
And because comments aren't really written for monetary gains, they are one of purest forms of writing left on the internet today. People still write comments liberally and openly, speaking their mind and even voicing unpopular opinions, because they don't give a shit about what Google thinks. Google doesn't read comments. Say the quiet parts loudly.
Maybe someday there will be an age where you can be certain almost every comment you read is already bought and paid for by some corporate interest or a guerrilla advertiser, but fortunately we are still not there yet.
I get what you're saying, because you might have a lot to say about topics in comment sections where it matters and in topics you know a lot about.
But there's some comment sections where you say something and it gets filtered out. What say you after this? I'm sure you're aware of shadow banning/filtering, which YouTube at least does, perhaps other large platforms.
Maybe a case in point. There was a referendum in Scotland about independence from the UK. There was a very prominent blog ranked in Google regarding the question of aye/nay, but you found that the comments were moderated towards one disposition.
If all the funnels point to that information source, the comments are almost useless, especially so if they're curated towards one conclusion. We're relying on a middle man (or many middle men) offering a variety of conclusions which we should reach ourselves, rather than one hand delivered to us by one or two algorithms and/or social engineering.
Diversity, basically, not just in results, but opinions and conclusions.
If we do nothing about it there will be a time like that with comments interspersed with ads or
not being able to read a full comment without clicking some ad to unhide the rest of the comment. Im still behind adblockers but am not sure how future proof they are
How would you have been able to get people to see your great unique website 20 years ago? I don't remember it being easy to get a large audience at any point in the internet's history.
You could join a webring, or link to related people and ask them to link back. Given that there was no financial incentive to get traffic (if anything the opposite), there weren't so many pages with duplicate content (or no actual content at all) competing for attention.
You build a site with unique content, decent layout, design. Email other website owners "Hi, I think this would be would be a decent resource for your 'other resources' page / your visitors might like this". (as opposed to ... what other means do you discover new content?)
Only, no one does link pages anymore, because they're fearful of platform algos deciding that their inbound/outbound link profile is toxic.
What I'm after is a more decentralised Internet, less black box algo, where people link to whatever they want without cutting off their oxygen, or having to pay for exposure. Might be idealistic, but FB/Google have certainly been diagnosed as part of the problem.
In my case, getting a good link from harvard.edu really helped wrt search. And obviously a great link from Harvard drived traffic by itself.
Just a hint for the downvoters, that's how it was done 20 years ago. Nowadays due to systemic link building spam, perhaps not. I'm addressing the above reply is all.
I think what you're missing here is simply how much larger the Internet is now than it was in the romanticized past. If there was ever a time where you could reliably establish a meaningful distribution platform by personally emailing individual webmasters, surely it was a time where there was an extremely small number of regular web visitors. In fact, I would be willing to bet that, right now, the world of independent webmasters using traditional hyperlinks and eschewing the current megaplatforms is vastly larger than it was in the time you're recalling. Which is to say, you can probably reach a larger audience today using those distribution techniques than you could in the time you're recalling. You just will obviously have a much much smaller portion of today's web visitors.
I'm not buying either of the points, about romanticising or the portion.
What means to do we have of discovering new content, right now. All the eyeball time on social media, all the searches done for the most part on Google.
You've basically two methods of discovering new things when considering the sum time of everyone who might recommend something they've seen.
That's not romantic at all to me!
FWIW I don't think the link hunting of 20 years ago was systematically better, but it was definitely more individually minded, problem is it's been systematically spammed/undermined as well as the SEO issues I've mentioned so people are generally going to ignore 'link suggestions'
My main point is, diversify away from one or two central platforms. The issue is their consensus of what should and shouldn't be seen and the size of the market behind this.
I have received quite a few visitors from a Reddit post on the right subreddit. Hackernews posts generate a lot of traffic. You can also advertise on a number of platforms.
The two methods are the social and search portals that command the majority of time that Western world people spend their time on.
I'm not saying that reddit or HN aren't dead ends but we're talking about the main arteries of information discovery. I'm sure we can agree the general populous don't have the nous to regularly visit HN or subscribe to relevant subreddits, the question is how do they find their information and conclusions.
I think this has stopped working not because of platform fear, but because it no longer solves a problem. Back in the day, good content was scarce and discovery was hard. These days neither is true. If my to-read list weren't already overflowing, 30 minutes poking around on Twitter would fill it right up.
+1. Twitter's timeline """solved""" [0] the content recommendation and scalability problems in forums and mailing lists. The large newsgroups in the late 90s Usenet were already unreadable (unless you have an elaborate filter), but all Twitter needs is to ask their users to follow people relevant to their interests.
[0] Of course only partially "solved" with many limitations. Just like how Twitter's predecessors Reddit and Hacker News "solved" the same problem by voting with their respective limitations.
Think there's a bit chicken and egg with that one. Back in the day Google relied on DMOZ (and perhaps relies on Wiki a little nowadays, WRT knowledge entities). Search (and social) rely on signals to indicate that something is of relevance... you're sort of implying that the monopolies and their single perspectives on how information should be ordered is satisfactory for us right now.
Sometimes there's 10's, 100's or 1000's of pages/sites that are relevant to what we are searching for. All I'd say is that if we diversified the way in which we search/discover new information a little bit more, there's less reliance on a platform or a single algorithm- to me that sounds healthier.
It is totally worth remembering that as much as the likes of Google and FB control a huge share of browsing time and clicks, their algos don't make them the arbiters of truth and information discovery. Sounds quite daft to say it but that is pretty much what the reality is of the modern web- if the portals don't want to rank you, you aren't seen.
Twitter lets anybody publish small things. And it lets anybody select a set of accounts and get a time-ordered list of what they've published. That's how I use it. I follow a couple thousand interesting people, ones who tend to point to other interesting people and articles. If at any point I'm bored, I can drink from a firehose of good content.
I also maintain a feed reader, which is how I follow people who have their own sites. But I don't need to use those sites for discovery, the pattern you describe in the old days. Discovery just isn't a problem I have much. These days, my problem is filtering down to what I actually have time to read.
Not sure where you're coming from wrt SEO. Get 100 SEOs in a room together and you get 100 different opinions.
But when it comes to linking, people generally link out less. I can't source anything right now, but the information is available, perhaps through Majestic that shows that over time, people are more shy about linking out to the wider web, anecdotally, from fear of being penalised for doing so.
The threat of having a bad outlink meaning your inbound organic search traffic disappears means people err on the side of caution.
I had a website back in the late 90s/early 2000s that was one of the most popular sites for its niche (at the time) topic. It was on several topical Webrings and got noticed enough to get several of those silly thinly-veiled advertising "<company's> choice on the web" award badges.
If I brought that site up today as it was then I doubt it would show up on the first 3 pages of a Google search for the topic. But hay, at least you could view it with noscript turned on.
> Got a popular page on Facebook? pay for it to be seen.
And if you stop paying Facebook will severely limit any organic traffic to your page. That should be illegal, unfortunately it is not being viewed as something serious, meanwhile Facebook gets showered with billions extracted out of small businesses.
> due to the technical limitations of how they store information.
Has nothing to do with technical limitations and everything with engagement metrics. Facebook does not want to show you what you want to see, they want to show you what will hook you and keep you in the platform. If anything, it takes more resources to show their view than just a time posted order.
Not sure I agree, because you can fiddle between "most popular" vs "most recent" and sometimes the "most recent" cannot be seen at all! It's as if they're unavailable, or, too many hops away to be available.
And if it's a case of guessing what's going to be engaged more with, I want to see everything and make my own choice.
wrt to resources, perhaps they index one or the other and they make their choice rather than mine.
> Facebook does not want to show you what you want to see, they want to show you what will hook you and keep you in the platform.
Sounds like drug dealers. I'm not hooked to their platform because they don't show me what I want to see. But what you said imply that there is some addictive content that people would normally avoid, but Facebook helps them get addicted. Truly evil. I'm not active Facebook user so I don't know how it goes there.
> ... vs preferred method of displaying things due to the technical limitations of how they store information.
I don’t believe that is what the platform is doing. It is displaying content the user will most likely interact with, resulting in the user staying on the platform longer. It seems quite dangerous to me, as it could cause users to assign some sort of weight to the content, particularly if the content is well liked by others it could lead to the belief that ‘this is the correct information’.
I was born in '81 so I'm probably not qualified to say.
I made a site in the late 90's, biology-online.org which I harried universities and whatnot to link to which they happily obliged, ad-free educational content laid out well. Nowadays that kind of solicitation is ignored. All I'm saying is it was easier then than what it is now, and large platforms deciding what gets seen and what isn't certainly doesn't grease the wheels of discovery.
"Free exchange among peoples is alive and well. It is easier today to make a website and share anything than it has ever been in the history of civilization."
This has always been my own reaction to pronouncements that the Internet as we knew it is dead, or over.
I'm usually quite optimistic about our ability to freely (and usually without monetary cost) create and share, globally.
However, the closure of Nekochan (an old fashioned web forum dedicated to SGI hardware and the IRIX OS) has changed my mind a little bit. The owner of that site became convinced that it was literally impossible to run a forum website and maintain GDPR compliance. He believed that it introduced infinite liability and would require constant purging of data based on requests that could come at any time into the infinite future.
I'm paraphrasing, of course, and I was not actively using the site when it shut down, but it was one of my favorite spots online and a source of priceless information and richness.
In this specific case, my data is being moved to California. Placing it in direct reach of the US government, which has not been historically shy about abusing that kind of reach.
I would quite like my data to stay in the UK, where national governments I don't elect or pay taxes to, can't touch it.
Yes, and as UK citizen I can hold my government to account through the democratic process if they start freely sharing data on UK citizens to others in the Five Eyes alliance. Notably the Five Eyes alliance used this exact setup to avoid local laws and democratic accountability, I don't want it to be easier for it to continue.
I sure as shit can't hold the US government to account.
Another Snowden? Change in government? Does it really matter?
Point is I help elect the UK government, that means I can change it. Does not apply to the US government, so the US government could put full page ads in the Daily Mail talking about how the abuse the data of UK citizens, and there's diddly squat I could do about it.
Laws forcing companies to keep specific data in certain jurisdictions is another one, as this article is concerned with. The Brits just shot themselves in the foot. I though EU directives had to be ratified and remain in effect, but apparently other UK laws make it possible for Facebook to abuse their position unhampered.
Wouldn’t say there’s much funny about it at all. The general populace being confirmed as largely powerless drones with the cognitive abilities of non-playable video game characters was harrowing at best.
How do you know which party will do what, once in government? You wait for another Snowden and replace them again? What if your preferred nice politician enters power and is briefed on things that make him realize there are more upsides to the project to combat national security issues, and secretly continues things?
It's very hard to have popular control over secret operations where you may only sporadically learn about things via whistleblowers once in a while. It's quite different from visible policies like banning or legalizing gay marriage, abortion, raising or lowering taxes or the minimum wage etc.
Not really sure why any of that matters. It’s pretty simple, I would rather have my data stored somewhere I have some level of recourse for privacy violations. Even if that recourse is long drawn out and difficult, than somewhere I have no recourse, and never will have any recourse.
I really don’t understand why you’re struggling to understand that. Talking about the relative merits of different governments is completely meaningless, if I can only elect and influence one of them.
Based on your arguments I should just lie down and let every world government and company trample all over my rights, because it’s all hopeless anyway.
Just don't overestimate the effect of the data location. You have other tools as well, including controlling more tightly what information you share on platforms like Facebook. Now surely, they do track us regardless, shadow profiles, like buttons etc.
Also on the other side of things, does it harm me more if a foreign government holds information on me, random Joe, or if my own government holds the same info? Which one cares more about the info and might have incentives to abuse it? What if China has a profile on me? I'll most likely never enter China anyway. I don't live and work in the US, why would them mining my data be so dangerous?
> Also on the other side of things, does it harm me more if a foreign government holds information on me, random Joe, or if my own government holds the same info?
Might be a good question for Kim Dotcom. Regardless of your views on his various business, it hard to explain how the US arresting a non-US citizen outside of the US isn’t a huge and worrying overstep by the US.
Now I probably don’t need to worry about a Kim Dotcom style raid on my home, but I see no reason why I should make it easy for the US to do that if they wanted too.
And regardless of hypothetical harms by the US government. Privacy is my right, and I’ll defend it. Why on earth should I be comfortable with my data being taken by governments around the world that don’t share my world view? (And the US government certainly doesn’t share my world views).
Once again, at least I can hold my government accountable. I notionally understand U.K. law, and the U.K. legal system, and thus what abuses I might be subject too. I see no reason why I should have to learn about US law and the US legal system, just to use the internet from my computer in the U.K.
Let me understand you better. Would you say the following?
- If FB is to operate under US law with US data centers you prefer to be geo-blocked by them based on IP and feel you need to be protected against your own will and you can't trust yourself to just not use the service
- You are concerned about shadow profiles and the like, i.e. the unavoidability of FB even if you want to avoid it. But otherwise you'd be okay with FB offering its services to those who accept it on the foreign terms.
- You are concerned for your fellow citizens who may be less informed and may accept conditions they don't understand and are harmful for them. Therefore rather geo-block foreign FB from them for their own good.
No, I’m saying if FB wish to operate their product in the U.K. they should follow U.K. law, and respect the rights that U.K. law provides to its citizens.
If FB don’t want to do that, then, yes, they should geo-block the U.K. to avoid the liability.
Being an American company doesn’t give them the right to just ignore local laws and customs of other countries, and it would be hypocritical to think otherwise. The US certainly doesn’t allow counterfeit products to enter from China, despite the fact those products would be mostly considered legal in China. So why the hell should American company’s have the right to ignore laws in other countries, just because somethings not illegal in the US?
Whether I trust myself to use a service is irrelevant. I should be able to use almost any service made readily available to me in the U.K. under the assumption they follow U.K. law. The onus should be on FB to operate legally and ethical, not on me audit every service I use for legal and ethical violations.
I see. I think it boils down to how we understand the Internet, what analogies we can reach to. What does it mean to "operate in" a country, when talking about the Internet? They don't really operate the product in the UK. You are sending information about yourself to the US and get back a response. Is getting IP packets through a wire the same as getting Chinese products through the mail even though no money changes hands? Or is it more like sending letters?
> What does it mean to "operate in" a country, when talking about the Internet? They don't really operate the product in the UK.
I have to disagree with this statement. I would agree with it, if people from the U.K. were using FB without FB explicitly catering for a U.K. audience, or collecting enough information to fairly accurately identify a U.K. audience. But both of those statements are false.
1. FB advertises on TV and in meatspace in the U.K. I don’t understand how you could not consider that operating in the U.K. Even if the physical servers our elsewhere.
2. We know that FB collect enough data to identify people from the U.K. They undoubtedly segment and sell adverts based on the location of users. So they’re more than capable to identifying U.K. users for legal reasons.
> even though no money changes hands?
I don’t think this is the standard for determining if someone is operating in a country. I would say the bar is slightly fuzzier, are you offering a simple method for a population to use your product, and targeting them in some manner.
The targeting could be anything from explicitly advertising to them, to simply offering cheap and simple shipping to their country. Of people are signing up without you targeting them, then I would happily accept you don’t really have an obligation to follow their local laws.
As I mentioned above, I think FB more than qualifies as operating in the U.K. and no doubt if you asked them, they to would agree that they operate in the U.K.
There's a huge difference between sharing between national security services, which are generally out of the reach of everyday warrants and the company moving data so that a local judge can approve a subpoena.
Data can be copied easily, so I do not see a problem here. Individual-related data such as friend information or messages should belong to the individual and needs to be provided if they ask for it.
It's not about Californian standards. Whatever standards they have, the federal government including all the alphabet agencies can still vacuum up that data. (More so since the Brits aren't American citizens.) That was the gist of the recent ECJ ruling against the so-called "privacy shields."
> California standards will meet or exceed those of the UK.
That's very unlikely. California may be the left-leaning, liberal, forward thinking state of the US. But it's got nothing on the EU/UK when it comes to things like food, safety or privacy standards (except for vehicle emissions where California is ahead, thanks VW).
Remember the "left" in US would be considered far "right" (I don't mean neo-Nazi far right, I just mean further right wing than our mainstream right wing parties) in the UK/EU when it comes to social and economic policy.
I was actually talking about this one person's situation. They're on HN so they should be aware of the risks and means of mitigation, including means against shadow profiling. If they weren't, they should be by now, and still have means to extricate themselves from it. Facebook is despicable in its practices and I cannot wait to see it die.
It's like asking why can't I get my garbage back because I threw it in the recycling bin but they incinerated it.
Sure, maybe people more familiar with the ins and outs and news cycles of Big Tech can prepare themselves (the only way I see is to just delete Facebook of course). But the average user who just wants to connect socially with others or follow pages shouldn’t have to read FCC filings to sleep at night.
I think a better analogy with the recycling bin is if the company who owned the bin (say, WM) suddenly started selling your junk mail to amass a psychological profile of you for advertising purposes. Sure, you can say maybe you shouldn’t have trusted the company (after all, companies suck) but at some point we have to stop blaming the users and go at the root.
Yeah the whole point of GDPR is that it shouldn't be up to individuals to protect themselves from crap like this
> They're on HN so they should be aware of the risks and means of mitigation, including means against shadow profiling. If they weren't, they should be by now, and still have means to extricate themselves from it. Facebook is despicable in its practices and I cannot wait to see it die.
EU society has decided it's despicable, and thanks to our functioning democracy, national and super national governments are taking direct action to protect their citizens. Which is the first mandate of any democratic government.
Venturing into the internet should not require me to do hours worth of research on how to prevent tracking and fingerprinting. Companies should respect my right to privacy, and my government should annihilate companies that refuse to follow the rules. There's a reason why Europe doesn't have an equivalent to the US 2nd amendment, that's because we trust and expect our governments to offer that protection on our behalf. I respect the fact that US culture has a different view, but that doesn't mean I think European's should adopt a similar culture.
> Venturing into the internet should [not?] require me to do hours worth of research on how to prevent tracking and fingerprinting. Companies should respect my right to privacy, and my government should annihilate companies that refuse to follow the rules.
Very true. We don’t expect consumers to read medical and pharmaceutical journals to know that their medications are safe. We have agencies for that. The same for cars, building codes, etc. and I believe the same for the Internet.
That was a response to that one person about their own personal situation. By context I can assume that they know what they're doing.
You can be in full support of the law while still cautioning to avoid the criminals. The law does exist, especially in the EU where they're from (at least until the end of the year) but there are wolves about. You should still protect yourself if you can.
Your insurance company could raise your rates because you've been "liking" posts about extreme sports, for example, among many. And the more hands your data passes through, the more likely it ends up leaking when someone is inevitably hacked, because security is expensive and your data is cheap.
It’s you vs a team of 200 PhDs who’s entire job is to make you spend more time on the platform and make more clicks. It’s invasive marketing on a level that has never occurred in human history, and also happens to have the effect of amplifying the craziest voices. It’s hijacking people’s psychology, creating fights when peace would be better, because fights are less boring. And you pay for it, just with the dissolution of society where you might’ve talked to your neighbors. How many families have been split because of Facebook radicalization of conservatives? Mine for one.
I believe strongly that the social media and internet ad business models are at best amoral but responsible for the second order effects, much as coal plants are responsible for pollution. At worst they are making money off of making people crazy by giving every crazy person a megaphone and making sure you have to hear from them.
Well said, really sums up the problem. People I know and even work with have fallen in this trap and I have no idea how to get them back out. It’s like they are a completely different person. It’s not just politics either - it’s this overwhelming amount of information that they are being fed about everything.
Yeah... I considered being a little more "both sides" about it but anyone with an objective view of reality can see how far off the deep end of conspiracies the average conservative has gone. My parents believe Obama was a muslim. They believe in a Deep State. They're open to conspiracies about every democrat in power being a pedophile. To those who might say "Blame them, not facebook" - I absolutely blame my parents, but I also blame facebook for putting links to those ideas next to photos of friend's babies and vacations. This isn't what people signed up for facebook for. They signed up so they could keep in touch with their family and friends, and post updates about their lives. They didn't sign up for it to become their #1 source of news carefully crafted to get them to click and confirm either their worst fears or highest desires, the objective truth be damned.
My niece at age 17 suffers from depression and anxiety. Looking at how those kids socially depend on their phones and myself being old enough to understand that the big companies actively (not coincidentally as in the very early days) making people addictive makes me very angry.
Human beings can't develop essential emotional skill hanging around at FB, Netflix, TikTok, Insta ... what ever. Kids are becoming emotionally crippled for their whole lives. The big companies know what they're doing with us, but they don't care.
It's billions of dollars of science and research of how to get customers and make them addictive vs. individual fate.
I know that this needs to stop but unfortunately don't know how.
What's the solution? You squeeze FB/Google and you'll get several another ones that will start with lofty slogans ("Don't be evil. Really this time!") and by the time end up being same silos. I think these platforms are inevitable.
Inevitable unless its not. Providing the infrastructure for say, facebook's primary needs is relatively cheap, but nobody can compete due to the network effect + them buying up any large competitor.
Its because everyone is already there that this stuff is allowed to fester. Nobody who's not crazy right wing is going on Parler - that is the way it should be. It should be totally self-selected which grouping you use, and there shouldn't be one thing that has "everyone" that prevents all others from starting. White supremacist websites existed well before this stuff, but in a decade they didn't get the traffic that one popular FB post gets.
Where's "Apolotical" Facebook? Where's "only share photos of your kids and vacation" Facebook? They can sell ads for baby clothes and cheap flights. There's more of a market need for that sort of thing than what it is that Facebook provides.
Here's a solution - a bunch of competing "profile" companies that you can choose to manage your online profiles that would work on any social network. They get kickbacks from those social networks running ads. Some of those profile companies might be incredibly private, some might give out a ton of info about you for targeted advertising. Regulate it so companies must have X and Y user access controls on your user profile, and also so sites must use those sites.
I don't even think the above is actually a workable solution. But the idea that things are inevitable is a lack of imagination.
Or how a section of liberals want to defund/disband the police, tear down any link with the past(if the past involves a white male), cancel everybody to the right of Biden and so on. Again, it works both ways.
What part of justice for murderers, tearing down idols of people who fought for slavery, and social shaming of people who espouse racist ideologies do you find to be wrong?
I like to say "hate porn" because I think people understand it better. Clicks are clicks. You're more likely to click a sexist article about doctors and it's more likely to go viral than a post about the complexities and nuances of wealth distribution and tax mechanics.
They get shown ads that might be more relevant to them than just an ad picked at random, which might make them more likely to buy the product displayed in the ad. I guess that could lead to some extra harm to their wallets, but otherwise I am with you on this one.
The information necessary to do that is stored, could be used for other things in the future by that company, could be stolen, could be subpoena'd. It's also taken without explicit consent or explanation of what is recorded.
Bullets are just pieces of metal and gunpowder, why are you afraid of them?
Note that they also don't just sell "ads", they sell psychological manipulation. Yes, product ad targeting is one type of manipulation but where the real danger lies is when they target us with ideology. It's an expressely evil system.
Where does ideology stop? In some sense all the ads blend into one meta-ad, an implicit one, that teaches us what to value in life. I mean something of the same nature which used to be the "picket fence suburb house, 2 kids and a dog", but is something else today.
Slavoj Zizek (controversial I know) has good observations about this, that ideology is precisely the whole framing, which is invisible from the inside. You don't notice it as something "sold to you", it's deeper than that, it's something that informs what you should strive for.
Ideas like "if only you could afford XYZ, things would become so much more $positive_adjective". But not explicitly. Through implication, stories, association. That you need to work more, build a career, buy better things, or become free, express your inner authentic self through self-expression using this and that brand, this and that political slogan etc.
I anticipate that this is already too much of a cliche for some people, while for others it's just a strange way to look at things...
Why do people think ads only have to deal with buying stuff like your next take out meal or a book on Amazon? We have ads for politics, charities, public service, pubic image of famous people, etc. We have ads for basically everything. We've been doing this for over 100 years too! I'm pretty sure if ads only helped sell more hamburgers then politicians would spend their campaign money elsewhere. Surely someone in the last hundred years would have figured out a better way to optimize that cash flow. But just simplifying the argument to selling more hamburgers is pretty disingenuous.
The previous poster made a typical response. The argument goes: "Ads are just how people learn about new products! If you have a local business, you can make a nice sign above your office/store, or the modern equivalent which is advertising on Facebook! Everyone benefits, we learn about new products, the market can function, people learn about alternatives and new competitors can efficiently enter the market and be noticed by consumers!"
Then in practice there are way more ads that sell you a worldview, adjust your desires in some small way that's small in one iteration but can transform your values over the years.
Also the problem isn't just the ads, but also the tools they use to keep you engaged with the ads and spend longer time on the platform. Their tactics follow the sparse rewards patterns that gambling also follows. They use lots of counter-intuitive patterns like intentionally throwing in irrelevant stuff, because it's how our brains are wired: we get hooked more if the interesting stuff only comes every once in a while, and otherwise it's boring. This gives the activity an overall unpredictable nature that makes our brains want to explore and understand and build a better model of this environment, to reduce this unpredictability. But if it's carefully designed and always in motion, shapeshifting in response to how the masses interact with it, it stays mysterious for our brain and we get hooked.
It's worrying how many otherwise smart people dismiss this saying "whatever, I don't buy luxury cars anyway, who cares if I saw some ads for them?" (and we could go into how the car companies can benefit from you seeing the ad even if you never buy the car yourself)
Marketing psychology and addiction psychology have developed a lot over the years and there is basically zero amount of this taught in normal schools. People just don't think in terms of these tactics. We are like some naive old trusting grandma in the eyes of the manipulators (who, by the way, aren't evil, they just want accomplishments, want to achieve metric targets, get good evaluations, get promoted, build their CV etc.).
some hn guidelines, in case you might find them helpful:
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
That’s the political pitch. It’s really just the EU trying to challenge the economic dominance of US tech companies. Tariffs and trade barriers are unpopular, and people who implement them are supposedly very bad. But privacy regulation and huge fines for big tech are very popular, and the people who implement them are supposedly very good. When people see the fines given out I think they presume the regulations are achieving their publicly stated purpose, but really all they are is tariffs in disguise.
Requirements that data must be handled in a certain way is akin to requirements that electronics have no lead in them and that cars emit only a certain amount of toxic fumes and that cattle aren't addled with too much HGH. If you see no value in the regulations then you might see it as you have. But in reality the regulations are valuable and that is why you see the different reactions.
This comment is based on an assumption that the regulation actually achieved beneficial privacy outcomes. It’s arguable been most successful in Access to Data area, and to some extend Data Erasure. But the Consent and Documentation provisions are a complete joke. Most EU data subjects have no idea who’s holding their data, or how/why they have access to it.
The only area it’s been truly successful in has been levying fines against foreign companies and restricting access to the EU market. It’s a very successful piece of tariff legislation. Because the compliance strategy from most organizations was either stop trading in the EU, or accept the fines as a cost of business. (edit: there's also a 3rd common compliance strategy, which is just to pretend that since you're not specifically targeting EU data subjects, that you don't have to comply. I believe this is part of the reason that HN ignores the GDPR for instance)
I won’t comment on Russian corruption laws, since I don’t know anything about them. However I do know that the only factor that the stated purpose of any piece of legislation/regulation will influence is public perception of it. The stated purpose of a law has no influence at all over its practical impact. The impact of the GDPR has largely been to establish trade barriers, and it has had a very minimal impact on privacy.
Given they have largely failed to achieve their stated goal, it doesn’t make a lot of sense to see the EU imposing further regulation on online services/information distribution. However it makes perfect sense when you look at what they actually accomplish. Which is implementing (rather controversial) economic protectionist policies, under the guise of something unrelated and far less controversial.
To answer your reductio ad absurdum more directly, if you’re doing something that doesn’t work, it doesn’t make sense to keep doing it.
If history's shown us anything it's that the solution to ineffectual regulation is more ineffectual regulation, right? Eventually all of the things that don't work will somehow add up to something that does? The place that your weak analogy falls over is that I can show you empirical evidence that if I want to drive to work in the morning, that I have to get into my car first. You do not have any sort of evidence that the GDPR will eventually work for some unstated reason.
As a side note, why has the weak analogy become such a popular logical fallacy? Do you honestly see similarities between regulating data access and driving to work?
The Consent and Documentation provisions are the only part of the GDPR that protect your privacy. Without that the Access to Data provisions is largely moot. Why would it occur to anybody to send access requests to some large market analytics company they've never heard of? Its beneficial in the narrow scope of cases where a data subject knowingly consents to a party that they are directly familiar with having their data (like Facebook), and they want to find out specifically what it is. But your average data subject is being tracked without consent by a myriad of companies they've never heard of, and all that data is aggregated and sold on by a myriad of other companies they've never heard of. Without informed consent, the GDPR falls incredibly far from even coming close to achieving it's stated objectives, and that's basically where it is today.
And as I said, for the companies that actually do have to worry about enforcement, it's largely just incorporated into the cost of business.
Not only the EU. Asian giants as well. You're even seeing African nations latch on to "balkanization" as a method of both keeping control of their citizens' exposure to information, and addressing their problem with youth unemployment.
I think in the future there will definitely be regional internets so to speak. You will still be able to talk to people via the boring protocols, like email for instance. But a lot of people are seeing the enormous value in controlling higher level access. News, social media, etc etc.
The parallels to Asia are very accurate. Which does seem to be where a lot of counties are heading. Perhaps soon, most of the world will be as good at controlling misinformation as China is.
The EU is either just pretending to do so or doing a very bad job. They've accomplished nothing, except force everyone (not just Big Tech) to put annoying (and increasingly so) cookie banners on their websites and users have to endure them.
Why not just "United States"? England would be the most populous state and Northern Ireland and Wales could duke it out with Mississippi and Alabama :-p
I'm assuming that Scotland would not want any part of this, that's why I'm not including it.
* The UK is the "United Kingdom of Great Britain and Northern Ireland". Great Britain is the largest island in its archipelago (the British Isles); Northern Ireland is a region situated on the island of Ireland (another island in that archipelago).
* Another region of the island of Ireland is (the bulk of) the sovereign state the Republic of Ireland, a country which is part of the EU. The Republic of Ireland is the country where many companies headquarter in the EU for tax efficiency.
* Alongside Northern Ireland, the other three countries which make up the UK are England, Wales, and Scotland. Those three countries are all primarily located on Great Britain. Some other islands in the archipelago are not part of the UK at all (e.g. the Isle of Man); some other islands in the archipelago are part of one of England, Wales, Scotland, or Northern Ireland.
To confuse the island of Ireland with the United Kingdom, or to identify the Republic of Ireland as part of the UK, is deeply offensive to some (many?) Irish people. It is also a sore point to certain people across the island of Ireland that Northern Ireland is part of the UK, and that the island of Ireland is not a unified state.
Confusingly enough, citizens of the UK are almost always referred to as "British citizens" whatever their relation to the island of Great Britain; this is a strange piece of terminology because if "British" here means "Great British" then it appears to exclude Northern Ireland, while if it means "of the British archipelago" then it appears to include (for example) the Republic of Ireland.
