The article is quite clear on what the issue is. Meta needs explicit consent to do this kind of targeting. With consent, there is no issue. The tracking itself is not illegal, but doing it without consent is illegal.
Yes, except that Meta is being legally compelled to provide the services regardless of whether the user consents.
They are basically being forced to separate the part of their business that actually makes money from the part that users like and then forced to lose money on those users.
I would be fine about laws requiring facebook to be up front and clear about how they are using this data, but mandating free rider status seems a step too far.
> Yes, except that Meta is being legally compelled to provide the services regardless of whether the user consents.
I mean, obviously they are compelled to do that and this is completely fine.
As users people should not be blackmailed into accepting psychological manipulation in their lives, just to be allowed to use a service. If Facebook's model for profit is so bad, that they cannot profit without manipulation, then perhaps their whole business is a shady one and they should start asking for membership fees. I could not care less, whether they need their pesky ads or the data from people viewing and interacting with them. Without consent they don't belong on the users' screens, end of story. If they cannot do business ethically, I wish they would not do business at all.
> I would be fine about laws requiring facebook to be up front and clear about how they are using this data, but mandating free rider status seems a step too far.
It has nothing to do with "free riding". They offer a service and that service should be worth its weight to the users. If it isn't, then apparently it is not a good enough service. To get back the money through the back door, by utilizing manipulation of users and spreading hate-speech for engagement metrics is not OK.
I think the logic of people not wanting their data/actions used for ad targeting being "free riders" is a step too far. Just target ads based on data I'm willing to be targeted on. Ask for it explicitly and I'll give the data (location, interests, whatever). But don't use the fact that I looked too long at a clip of a guitar on instagram to show me a targeted ad for a guitar in my facebook feed.
I didn't say that people who don't want to use their data for ad targeting are free riders, but they do become so when Meta is compelled to provide them services even if it is at a loss. It is literally definitionally free ridership.
Meta is free to charge for the services they provide. The EU isn't mandating that they provide services at no cost to the user. It's Meta's choice to finance those services with ad money.
“The prevalent regulatory approach in Europe is that currently advocated by the European Data Protection Board ('EDPB') in its Guidelines 05/2020 on Consent under Regulation 2016/679 whereby the EDPB provides in no uncertain terms that '[i]n order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information (paragraph 39 of the Guidelines)'." [0]
There was a recent decision in France suggesting otherwise, but this is not the opinion of the primary EU regulatory guidance nor has it been seriously tested. Either way, it will become fully illegal to refuse under the DMA.
What I mean is that I find the idea of giving users the impression that they are giving ip data for something else (For social network use) but using that data for ad targeting is wrong. And I agree with the GDPR (non-french interpretation) that services should not be conditioned on that use of their data. And I STILL don't think it's free ridership. They can show ads all they want. But they can't target them using data they didn't agree to. What it all comes down to is I don't think people should be ALLOWED to make the transaction of service-for-targeting, at all.
I agree with your first statement, but your second statement means that you think FB should be compelled to serve free riders. If you are being compelled to serve users that are unprofitable, a clear implication of the GDPR, then you are compelling free ridership. The difference between targeting and not is the different between net profit or not for many users.
I think the end game is that if ads are generally NOT targeted based on a huge volume of information, then the pay for ads with less targeting will go up. During a transition those who show pinpoint targeted ads while others don't will make more money. But eventually if the whole 2000-2025 era of ad targeting is confined to the historybooks, then we could have a better internet. And the amount of ad spend in total will be unchanged (perhaps some of money will return to print/tv etc. since internet ads will be relatively less effective). But the bottom line is I think it SHOULD be profitable to show ads with less targeting, not that it WILL be. And I think regulators have the power to ensure that this is the future.
> The difference between targeting and not is the different between net profit or not for many users
I don't think it's a bad idea to have regulation that makes entire regions of an industry unprofitable over night, if that's what it takes.
> And the amount of ad spend in total will be unchanged
Citation very very much needed as that is not at all what standard economic theory would predict.
As I said, there are lots of niche small businesses that literally could not survive without targeted advertising so that demand goes away as soon as these bans go into effect.
> I don't think it's a bad idea to have regulation that makes entire regions of an industry unprofitable over night, if that's what it takes.
Yes but I think if the choice were actually presented as “pay for FB or repeal this regulation” and the EU had a referenda on it, the regulation would be banned. The only way this is getting through is because the public is being convinced that they can have their cake and eat it too. They might be right, but only because they are being subsidized by users in the rest of the world.
> Citation very very much needed as that is not at all what standard economic theory would predict.
That was assuming that the total ad spend is constant as a fraction of revenue and that revenue would be unchanged. If less effective ads overall would lead to lower revenues then the ad spends would shrink. But they would shrink equally for everyone, at least.
> there are lots of niche small businesses that literally could not survive without targeted advertising
There is nothing banning targeting. The problem is using info that users don't know/think is used for targeting, and using it for targeting. I'd be happy to take a 200 question survey as a condition for using facebook, where they ask me about my hobbies and whereabouts and clearly say it's for ad targeting. Obviously I could say "I'd rather not tell" instead of "I like guitars", but in such a scenario I'd happily give up my targeting info. But I don't want to be shown a guitar ad because I looked at one on an unrelated site with a facebook tracking pixel on it. It's absolutely dystopian.
> public is being convinced that they can have their cake and eat it too.
Yes I'm sure many think that. But I think the only way of changing the status quo is through heavy handed regulation and making initially impopular decisions and risking the death of a lot of business in the process.
> If you are being compelled to serve users that are unprofitable, a clear implication of the GDPR, then you are compelling free ridership.
Facebook are the ones who've structured their business like this though — they could profitable with a subscription model instead, they've just chosen to make their product free at the point of use.
Exactly. There is no one proposing anyone provide anything for nothing. It's only one particular transaction that is disallowed. You can show dumb ads, use subscriptions and also freely target based on info that people are aware is used for targeting. That's by no means "free" in any of those scenarios.
A service provider must provide its offerings regardless of the user accepting to be tracked or not. The provider is not even allowed to make it cumbersome to opt out.
If Meta doesn't like it they're free to either be fined into oblivion or, alternatively, to just fuck off from the European market.
It's been a while since I read the GDPR so I could misremember, but I don't remember anything similar to this assertion.
While I don't think it will work on the scale FAANG wants (see e.g. Youtube premium), what is the legal roadblock to let users chose between tracking or paying for the service?
It is literally illegal in the EU, I am pretty familiar with this regulation. This is both from ECJ decisions on gdpr and will also be codified in the DMA
>Although it took the view that “Pay or Okay” could be permissible in principle, it found that the approach taken by the news outlet didn’t comply with the law because it didn’t provide the option to specifically consent to certain purposes
Cheers. It is comical that so many in this thread are suggesting that the GDPR is super clear and not subject to uncertainty given this crazy patchwork of decisions and countermands.
It's only unclear if your business model is malicious and relies on finding innovative ways to breach it and pretend it's compliant.
The regulation is very clear: non-functionally-essential data processing requires explicit consent. If in doubt, err on the side of caution and use consent and opt-in rather than another legal basis such as legitimate interest. Business models based on stalking or spamming are no longer allowed.
Keep in mind that the objective of the regulation is not some punitive shake-down but to give people rights on how their data is used. A good-faith effort that accidentally falls short will be given guidance and a reasonable timeline to implement changes - there's no risk to ever get a fine as long as you err on the side of caution. You can also proactively ask your local regulator for guidance if something is unclear.
Your own link indicates that they have gone back and forth on the guidance around "opt in or pay" models three times already.
As I have said, this model attempts to enshrine free ridership, which might work while there is the rest of the world subsidizes it, but it is not a sustainable model to force tech companies to serve users at a loss.
The objective of the DMA which will serve to enshrine the illegality of these models is to target American tech companies and European legislators have explicitly stated as such.
No, it makes it a legal method of payment as long as you permit free riders or alternatively you can pull up the drawbridge and charge all users for it, preventing poorer people from using the largest public squares in the world.
Free access to global communication is not a bad thing.
But this is besides the point: the guidance is absolutely not clear and if local regulators cannot even get their story straight I am not sure how you expect foreign companies to figure it out. And collecting information about how users use your property is not stalking.
> preventing poorer people from using the largest public squares in the world.
Advertisers aren't charities and the purpose of advertising is ultimately to drive profit. Subsidizing poor people is not in their interest.
The fact that poor people can currently access things for free is a result of imprecise targeting. If there was a way for advertisers to reliably tell apart poor people from the rich ones they'll happily block the poor ones.
Without laws like the GDPR in place to curtail data collection and profiling, it's only a matter of time before more and more data is collected to enable this kind of targeting and lock out poor people too.
> Free access to global communication is not a bad thing.
Global communication being subsidized (and thus controlled) by a handful of commercial interests is very dangerous.
> And collecting information about how users use your property is not stalking.
I'm not talking about basic self-hosted (very important difference!) web analytics or server logs here, I'm talking about large-scale stalking such as what Google/Facebook or any major ad provider does. The information they collect go way beyond what the user does on their platforms.
> The fact that poor people can currently access things for free is a result of imprecise targeting. If there was a way for advertisers to reliably tell apart poor people from the rich ones they'll happily block the poor ones.
You are absolutely wrong about that and you do not understand the business model. I am not saying it has anything to do with the goodness of their heart but this is absolutely not something that would be in their interest. They benefit from the networks effects just like the users do.
> Advertisers aren't charities and the purpose of advertising is ultimately to drive profit. Subsidizing poor people is not in their interest.
It is possible for self-interested action to have knockoff positive effects. In fact, it is actually quite common: most exchanges are mutually beneficial.
> I'm not talking about basic self-hosted (very important difference!) web analytics or server logs here, I'm talking about large-scale stalking such as what Google/Facebook or any major ad provider does. The information they collect go way beyond what the user does on their platforms.
If you read my original comment, you would see that I am in favor of banning cross-site stalking but that is both not what Meta is being fined for here and not the only thing the GDPR/DMA prohibits.
Targeting based on only your own platform is a good middle ground.
> Targeting based on only your own platform is a good middle ground.
I think it's still a problem because it's a grey area as to what "own platform" means exactly. Malicious actors will stretch that definition beyond what's reasonable.
Publicly-available data posted by the user seems fair, but things like scroll position, or the time you read a particular item, or forms typed but not submitted (all things I'm sure Facebook is absolutely collecting via client-side JS) should not be considered fair.
Either way, I'm personally in favour of ad-based business models getting shut down/being made unprofitable as it will ultimately realign the incentives, surface the true price of platforms and mean that we can finally have communication/entertainment tools that are designed with those primary purposes in mind as opposed to spam machines with the bare minimum amount of functionality sprinkled in. I want our online public squares to be accountable to their end-users rather than advertisers, and facilitate communication rather than outrage (what they call "engagement").
It's still very up-in-the-air since the EU-wide regulation should be uniform. I hope the pendulum eventually stops in a way more privacy friendly place than those recent french ones. Yes it would be a pretty harsh stroke for the business model of some companies (social media, for example) but the alternative seems much worse.
Fair enough, these decisions are recent and are in conflict with other decisions in other countries around the GDPR as well as past guidance from European regulators (the EDPB explicitly said that this was not allowed in 2020). I also don't think you can really say with a straight face that this is a decision that a company like Meta could comfortably rely on, the regulatory uncertainty here is still extremely high.
It also requires a court to decide that your fee is a “reasonable” one and you cannot just refuse access outright - you must make your content available to the non-consenting user.
Regardless, all of this will be illegal anyways once the DMA comes into effect. And I still think, national exceptions aside, that my description of the current state of EU law was accurate:
"The prevalent regulatory approach in Europe is that currently advocated by the European Data Protection Board ('EDPB') in its Guidelines 05/2020 on Consent under Regulation 2016/679 whereby the EDPB provides in no uncertain terms that '[i]n order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information (paragraph 39 of the Guidelines)'." [0]
I have doubts on how effective these type of consent based system are. I for one always click “accept all” and move on for most websites I am on. Average layman has very little time the effort needed to understand and customize the consents are quite high. Not to say they purposely make the UI hostile in those consent popups. For me anyway GDPR has been largely a waste of bureaucracy, a better effort would be to educate populous about what cookies are and how tracking works and the extent of the trackings etc - these stuff should be in High School curriculum already by now.
Any site that uses a dark pattern like only having "Allow all" and "Show purposes" is in clear violation of the GDPR, and they could just as well have just ignored showing anything! The regulation is clear that opting out should be as easy as opting in. A conforming consient dialog has a "reject all" as well as an "allow" button.
And when they do, I always click "reject all". I think most people would - which is why I guess some sites still try to use those dark patterns. I'm still waiting for a big regulatory fine to make an example. If a known company is fined almost out of existence due to lack of a reject button, I think there would be instant self-regulation here.
> For me anyway GDPR has been largely a waste of bureaucracy, a better effort would be to educate populous about what cookies are and how tracking works and the extent of the trackings etc - these stuff should be in High School curriculum already by now.
Don't confuse the GDPR with "cookie banners" though. That's the end user visible tip of the iceberg. The biggest premise (and in my opinion the genius of the regulation) is that the end user is not required to know or understand anything. Instead, the people handling their data should. And if nothing else, it really has forced everyone (often even outside the EU) to think twice about how their data is stored and retained. And that's huge positive even if cookies were never a thing in gdpr.
Didn’t the EU recently cut a deal where the data from EU can be transferred to US without any legal ramifications [1]? So then this just goes to show it’s just about adding another layer of bureaucracy instead of caring about protecting user data.
It should be illegal to affect anyone by the smoke.
My dream system would be: If you are at a public place but there is no one else around (clearly defined by distance), that would be okay. If there's a single person they would have right to sue you and it's your responsibility to ensure you aren't affecting anyone as the smoker. If in doubt, you can smoke home.
My point is, anyone should be able to anything to their own body as long as their actions aren't affecting other people. Anything from smoking/secondhand smoke to harder drugs/driving under influence etc would be judged by the same logic.
I don't smoke and actually hate smoke, but I don't feel that I have any right to prevent anyone from smoking, as long as their smoke doesn't get in contact with me.
I get all the hesitancy in the comments here about the freedom of an adult to have a cigarette. However, smoking is a case where; if you're having a smoke at the same bus stop as me, I am inhaling that crap too.
