I understand that what these companies are doing is illegal, and thus the court ruled correctly.
But I cannot help but wonder if we, the public, are really focusing on the right thing here?
Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
Why is the EU regulating privacy topics to the point were we no longer have access to certain social media products, while they are also pushing for backdoors into private messengers?
I think that we should focus on the latter - privacy of private encrypted chats from Government scanning.
And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
This is utter nonsense. We have the capability to do both, we can both work to stop private companies from tracking us, as well as work to stop our governments snooping on us. Framing it as if we had to choose one or the other is misleading.
I don't think that the public is very good at paying attention to two things at the same time.
I think that the "ad targeting privacy" discussion is a borderline red herring that is focusing the debate away from what matters. Giving the public a feeling that they achieved something, while violating privacy through the backdoor.
Or, a more hopeful view, is that "ad targeting privacy" makes "privacy" be a topic at all in society, and that could be leveraged to acquire more privacy in more areas, as people start to realize what it actually means.
Problem is that "evil marketing companies" is a lot easier for people to believe in, compared to "evil government", especially in places like in the Nordics where people generally have a much more favorably view of their governments than in other countries (for better or worse).
> don't think that the public is very good at paying attention to two things at the same time
This is a regulatory proceeding. The public isn’t involved.
It’s bad strategy to go all in at one point on the front; you’ll be flanked. Focus entirely on government collection, as the U.S. did, and you’ll find companies not only running free but then turning around and selling their data to the government you thought you were on top of.
Who's to say they're not the same? We know for a fact that the government uses the "ad targeting privacy" to ingest data on civilians. There's countless articles on resale of those data via data brokers. Conflating the two doesn't minimize the argument IMO. As a counter perspective I would surmise that it would piss people off more if and when a government uses that data against its own citizens. People seem to be grasping the concept that having all of this data in someone else's hands is a bad thing. And while I don't feel the urgency is where it should be, I do feel as though we've made some progress.
> "companies are using your reading history to target ads"
Keep in mind that this is also:
* "Companies are using your reading history to build a profile of you, including political stance, age, gender, location, religion, group affiliations, network of people you know" and a host of other things.
This data is then used to target ads and campains. This is no big deal if it's trying to push you to buy a bit more Mountain Dew, or to figure out that you can better the dental healt in Jefferson County, Idaho by showing up there in a van handing out free samples of toothpaste.
It is however a bigger deal when it's used to sway your opinions on political, legal and social matters by feeding you lies.
It's a deal when it's used by one country to target individuals in the neighbouring country to leak government secrets by pinpointing local groups and geographic areas where you have a good chance of recruiting such agents.
That's why certain countries, in this case Norway don't want this data under contrl of other governments, the U.S. in this case.
(While Meta/Facebook owns this data, it's in effect under control of the U.S. government judicially)
> * "Companies are using your reading history to build a profile of you, including political stance, age, gender, location, religion, group affiliations, network of people you know"
... to then sell that profile to your government, legally.
> "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
The problem is that companies tracking your every move for the purpose of ad targeting means all that data is concentrated in a single place where the government (or another bad actor) can search through.
And, at least in the US, the government can and does freely purchase from third parties information that they aren't able to compell disclosure of, so companies accumulating tons of information about everyone is very much a part of the government surveillance apparatus. Without that (and with some better protection of data that actually does need to be collected), national intelligence agencies would probably still coerce access to information they're not meant to have, but at least local police departments wouldn't be able to just buy it from data brokers.
> Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?'
... And why do you immediately navigate to this dichotomy? What purpose does it serve? Does bifurcating the issue serve any purpose?
I can't read minds so I don't know why you in particular are doing it, but the general answer to that is that private interests have waged a decades-long propaganda campaign with the message that everything that the government does is automatically suspect and nefarious, while everything some private interest group is completely okay.
But this is a false choice: just say no to both groups violating your privacy.
But its not just used for ad targeting for things you might actually want to buy.
It's used for political campaigns, and social manipulation. Governments can also compel the private company to reveal information they have about people.
If a government wanted to build such a spyware operation, they'd have to fund it themselves and get budgets approved. But here you have a sustainable spyware operation already running they don't need to justify any budget for.
The danger of them having this data is just too great. It's too much concentration of power.
Would you trust the government with your voting preferences? Meta can know that with extremely high confidence based on the articles you read, people you follow etc. And while I'm not particularly trusting of the government, I'm even less trusting of zero-accountability, billionaire-led, Meta.
Imagine the potential for abuse if this data is in practice usable by large interest groups that want to strongly influence your behavior. Oh, wait a min! This data is usable today by these groups for ads targeting!
Except from what I can find WhatsApp seems to have an automated content moderation system that will automatically flag and forward messages to Meta for review. So the ability to bypass that encryption is already hardwired into the app.
These companies say they don't collect chat data but they also say they follow local laws and you see from above that they obviously, deliberately don't.
Does "end to end encryption" really mean anything if you control decryption at both ends of the connection?
It's just harder to intercept over the wire that's all.
> Why is the EU regulating privacy topics to the point were we no longer have access to certain social media products, while they are also pushing for backdoors into private messengers?
Backdoors are from national governments (Macron in France, Sunak in UK). Privacy stuff is usually from the EU parliament, elected by people proportionally but cannot propose laws, only vote on them.
> And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
"""
The CLOUD Act primarily amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil
"""
Governments increasingly rely on the vast amounts of data stored by private companies to target specific people or groups of people.
A surprising number (56%) also say they can share your information with the government or law enforcement in response to a “request.” Not a high bar court order, but something as easy as an “informal request.” Yikes -- that’s a very low bar!
...
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.”
Companies have had several decades to not do the crap they are doing (laws regarding privacy of people's data have existed in various countries for a long time).
How long, in your opinion, should we not dilute our resources and focus? I mean, there's always more stuff to focus on all the time.
Its farcical to suggest that FB is just some middling entity, it has the capability to topple governments if Zuck wanted to. They are already implicated in facilitating multiple ethnic cleansings, what more risk do you want?
> And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
Let me reverse the question, why anyone is able to target me without me asking for it? why anyone is using my data to do anything without me getting any benefit from it?
Can we all just agree on something: Google and Meta (and a bunch of others) are just the privatization of the government surveillance state. Facebook's product is the user data. That data gets sold and resold and eventually put into the government's hands through gray area retailers.
If your issue is "I don't want to be on a government list" one part of the solution would be making sure there's no data to populate the list, and the other part is restricting anyone from assembling such a list. The former is what Norway is doing, but pretending only the latter needs to be addressed is ignoring human nature. "If you aggregate it, they will come".
I do, because I don't have neither the skills nor the time to ensure that a company is respecting the laws, so I pay taxes in order to make sure that qualified government employees make sure that companies abide to current regulations
Also they actually put tracking pixels everywhere following people even when they don't have an account on facebook, how I am supposed to protect myself from this scummy company if even when I don't have an account they profile me? Should I leave internet?
> Meta told a two-day court hearing in August it had already committed to ask for consent from users and that Datatilsynet used an "expedited process" that was unnecessary and did not give the company enough time to answer.
So, in other words, Meta is complaining that Datatilsynet moved fast and broke things. Interesting.
> Datatilsynet used an "expedited process" that was unnecessary and did not give the company enough time to answer
The GDPR became enforceable 5 years ago, and this is their core business. This does not concern some ambiguous edge case, it's essentially the fundamental reason the law exists. Either they've been willfully breaking the law for 5 years and the fact that they haven't been fined out of existence should be considered a blessing, or the company is so incompetent that its continued existence is an unacceptable risk to the world.
It could also be interpreted as legislation is not the savior a lot of tech types want it to be. There are existing laws on the books that do not get enforced, so this is just another example. Instead, the net effect of these laws just make things worse. The cookie banner is an example. I do not believe that a website is honestly going to respect the changes I set on a website, that's why I have my browser block them. So the gaudy banners and time sink that has been put in place for some regulation that is not really protecting anyone anyways just shows that even the GDPR is ripe for gaming.
These kinds of jokes are tyreing. A British person would have said “corner store” while pushing a trolley. I like jokes on HN but this is too low effort and it shows. I would have gone with something more surprising than “guy spelled funny”, possibly a Life of Brian reference.
Is it? Does Tiktok track everything you do across the entire Internet, like Facebook and Google do? They might, I don't know, but I haven't seen "tiktok.com" in my NoScript list on 90% of websites like I have FB and Google.
Just your phone. Open TikTok on iOS and it will for sure try to access your location, clipboard or whatever weird crap people will just click "OK" or "Allow" on.
That doesn't seem anywhere near equivalent to Google & Facebook's privacy issues. They stalk literally everyone over the entire Internet. I don't have Tiktok on my phone (or at all) so I'm pretty sure they're not stalking me. So I disagree with the OP, Tiktok's privacy violations are not as bad as Facebook's.
I guess the difference is, if you don't install or use TikTok they don't track you. Whereas with FB, rven if you don't have a FB account, they still track you across the Internet.
It's one thing if you actively use the service. One could even argue that this might be the payment for using the service (I don't agree with that argument, but it has some merit at least).
The problem with Facebook and Google is that they've got their spyware littered across most websites and third-party apps, so you get stalked even if you do not use FB/Google nor ever read/agreed to their ToS/privacy policy.
Still not an equivalent to what Google and Meta are doing. Google and Meta are everywhere on the internet. Google controls the most popular browser. The volume of data that those two harvest is absurd.
I think, most of the companies do that.
And they are actually clueless what they can do, what data can be taken without being litigated.
A global consensus may be a great thing for startups not having to worry about data laws focusing more on building the product.
Will be good for EU Economy too.
Global Consensus on these laws or a scanner app letting the startup owner know what you have unwillingly violated is highly wanted.
I've been working at EU startups and tech for a while now. There isn't much worry about data laws. All the data you need for the real product you can get without even getting close to breaking any privacy laws.
It only gets very complicated when you start forwarding that data to 3rd parties, intensively tracking + storing user behaviour and engineering patterns aimed at deceiving how you use the data.
No, this is not happening because they are clueless on what they can do - this is happening because they believe they can get away with this (by seeing that most companies do that). There is a clear global consensus on whether they are permitted do that (no, they can't), but there's also something resembling consensus that they'll keep waltzing over the boundary while they still can as regulators take their time with enforcement.
You don't have to worry about data laws unless you're trying to walk that line - and you should not. If you act reasonably and don't even attempt to track people unless they explicitly ask you to (which is what opt-in informed consent means) then you don't need to bother with the nuances. Megacorps are hiring privacy lawyers primarily because they want the lawyers to answer "what can we add/change to somehow keep doing this prohibited thing" instead of just stopping it.
When I hear from "unwillingly violated", most of the time it somehow comes from an organization blatantly and willingly violating the principles; indiscriminately harvesting data and basing their business model on that. Even for a startup, getting a quick 30 minute consultation on data privacy isn't a big deal, and compliance is trivial if you're willing to abandon prohibited ideas - GDPR compliance is primarily tricky for those who want to see what is the maximum amount of evil that is still legally permitted.
It’s absurd how so many popular online services make it impossible to escape ad farms. I think the consensus is that data collection for the purpose of advertising or behavioural targeting is only possible after a very informed opt-in.
But I cannot help but wonder if we, the public, are really focusing on the right thing here?
Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
Why is the EU regulating privacy topics to the point were we no longer have access to certain social media products, while they are also pushing for backdoors into private messengers?
I think that we should focus on the latter - privacy of private encrypted chats from Government scanning.
And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.