Slashdot Mirror
Facebook On Collision Course With New EU Privacy Laws
An anonymous reader writes "Facebook and other U.S. internet companies are faced with a new EU data protection regime, the Christian Science Monitor reports. U.S. concepts of free expression and commerce will battle European support for privacy and state legislation. 'Companies must understand that if they want access to 500 million consumers in the EU, then they have to comply. This is not an option,' said a spokesman for the EU Justice Commissioner."
"U.S. concepts of free expression" wow!
Facebook (and other operators, such as google) need to understand that they don't have a "right" to sell any and all information they can gather. If they can't meet the rules, someone else will be happy to do so and take their users away from them. That's what competition is about.
Let's call it what it is, Anti-Social Media.
... U.S. internet companies are faced with a new EU data protection "regime" ...
newspeak ? the word "regime" should be used at EU Govts. ?
mmaaaa... EU are axis of evil "regimes", they do not let our companies do douchebaggery which is our way of life !!! they want accountability... !!! how dare they !!!
...Facebook's first priority is no longer its users' privacy (if it ever had been). Its first priority now is making money from its shareholders. From advertising space to per-click charges for using its authentication protocols and other bits of code, Facebook has other avenues of revenue than selling user data. Having close on a billion accounts live right now is a bonus for Facebook, as it shows a more or less loyal customer base for any other company that seeks a captive target.
Hence, deeply personal data you might find on FB that might find its way into some other company's database or metric for them to use to tailor their product to a target consumer, is unlikely to be uniquely identifiable - it's infinitely more likely to be statistical in nature. The single most likely candidates for individual monitoring would be those already on watch lists or those who trip warning triggers (yes, there is tech out there to monitor even "closed" or spiderproofed websites: that the police in the UK can access locked down Facebook accounts (seen it) as though the pages were Wayback mirrored is evidence enough of that).
Operation Guillotine is in effect.
The "U.S. concepts of free expression and commerce" mentioned are of the current Corporatist Government, and are not representative of "U.S." views. I would thank anyone writing about this to make that distinction.
As I have been saying for years now, if you really want to look at the demographics of the United States, you really have to consider the citizens and the Federal government separately, because the Federal government has been so completely out of touch with the wants and needs of the average citizen.
"U.S. concepts of free expression and commerce", if by that you mean the vast majority of people who live here, very much do include personal privacy. Anyone who thinks otherwise has a distorted view of what's really going on. And anyone who represents the Federal government's "views" as those of the average American citizen is likewise out of touch.
Was this summary explicitly written in trollspeak to ignite yet another US vs Europe flamewar on /. ?
I never understood the objection to targeted advertising. I don't particularly enjoy sitting through adds for tampons, dating services, or political candidates. But I quite like ads for electronics, camping gear, movies, cars and things like that. So why wouldn't I want a website to know what kinds of ads interest me? Targeted ads are greatly preferable to general ads.
I'll be in favor of a "right to be forgotten" if it applies to the government and banks. Otherwise, it's not really worth it.
"It's your data" so if you want us to delete your GPS locations
crossreferenced with your search habits you will have to give
up your gmail.
All in the new simplified agreement that covers everything.
The problem here boils down to "we make more money with this scheme than your piddly little fines can ever hope to 'punish' us",
Piddly as in what Microsoft faced in 2006? Admittedly, that situation was different but that kind of fines are not what I think of as "piddly".
and "we're not even based in your country, so your laws mean precisely as much as we allow them to"
How come Google are bending over backwards to follow chinese censoring laws? Google is based in US too and by your argument the should not have to care about those laws at all - yet they do.
Agreed - and that is indeed why I do not have a Facebook login.
My opinion? See above.
The product facebook sale (facebook user/consumer data) will NOT be sellable in europe. See even if they go around the law, and simply say they are an US company and don't need to comply, it is still a dead end for them, ebcause the company mostly interrested in the data are not US one but EU one. Do you think will a german user data will interrest, say, target/new york ? And for local german firm, buying the data from the US will not help as they would have a high risk to be to accused of having data on their own customer and get the ire of data protection law, the law can't stop people giving it away to US where it is "lost" but as soon as it comes back to EU territory game over EU law again take hold. That data would be worst than radioactive waste to handle.
Effectively, if facebook ignore those law / pretend they are an US company They will simply LOSE that EU market completely , as they will serve people but won't be able to do much with the data. This is why your "routing around the damage" won't work : that data in the very end is for local consumption. If the local (the firm buying the data) knows they can't use the data, then facebook is SOL and no matter how much routing or where they put their server.
So yes, for facebook it would be a pretty bad deal.
The new regulations recently proposed by the European Commision can result in fines of up to 2% of revenues. Not profits, revenues. That's not puddly by anyone's definition.
Additionally, the EU is perfectly willing to prevent EU companies from dealing with non-EU companies who don't comply. If FaceBook doesn't have EU advertisers on their system, all EU users suddenly become a drain on FaceBook resources for no gain. Yet if they leave the market, previously 2nd-rate competitors (such as Google+) get a huge surge in Europe, which may / will help them break into other markets.
In the end, FaceBook will comply.
"Piddly as in what Microsoft faced in 2006? ..."
Ahem... Yes, "piddly". When Bill Gates personally, much less Microsoft, is worth over $60 BILLION, a fine of $357 Million is "piddly". The purpose of such fines it to be "punitive" and "preventative", which means that they are supposed to demonstrate that it is unproductive for companies to engage in such practices. But when the results are not high enough to be "preventative" -- as they have generally not been for many years -- they do not discourage such practices at all! Instead, they simply share the wealth with Government.
And that answers most of the rest of your argument. Except:
How come Google are bending over backwards to follow chinese censoring laws?
Because they make sh*tloads of money by being in China. I have to wonder how that escaped your attention.
"we're not even based in your country, so your laws mean precisely as much as we allow them to"
They do have a footprint in Europe, which is why they had the Irish Data Commissioner crawling around for 3 months last year. Multinational means multi-juristictional too, something to do with having your cake and eating it.
"Multinational means multi-jurisdictional too, something to do with having your cake and eating it." [spelling corrected]
Actually, that is not the case at all. In a very real sense (and completely aside from the whole "cloud computing" hype), the Internet can be considered to be an information resource that is simply "out there", for anybody who wants to to visit.
It is not "intrusive" in any way. If countries want to block it, they have both the facilities and ability to block it.
Instead, what they have done is to try to force EVERYTHING on the internet to be the "lowest common denominator", and show only content that is acceptable to everybody, in the entire world. And to say that is unrealistic is probably the understatement of the century.
And it's also complete bullshit. You are in charge of your own home, and you can decide what you want your family to watch on TV, or see on the Internet, or whatever. If you are a country, you are free to block whatever content you want into your own country, at least in the sense of what citizens are willing to put up with.
But... you DO NOT have the right to force others to use technologies for censorship, or ANYTHING of that sort. If you want to censor, you are free to do so. But stop putting the onus on others simply because YOU are some kind of religious extremist or anal-retentive of some other sort.
I think a bigger problem is that this new privacy directed is also in conflict with the Patriot Act. If I understand it correctly, the Patriot Act allows the USA government to seize any data (no matter where it is being hosted in the world) from any company that has a legal entity in the USA. The new privacy directive does not allow any government to size this data. To me it seems that any company that has a legal entity in the USA can no longer store any private (customer) data of people falling under the laws of to the EU.
the fact that a specific website is accessible from country XYZ, does NOT mean this website must comply with the local laws of country XYZ.
This certainly is not a new discussion — there's plenty written and opined about the applicability of one country's laws (and the jurisdiction of courts) to services made available from other countries, generally under the title of "private international law" or "conflict of laws."
In terms of the law in the EU, at least as between Member States, the Court of Justice of the European Union has ruled on the issue, with regard to websites operated from one country and available in another — whether, for the purposes of EU law on applicable jurisdiction (i.e. which Member State's courts should hear the case*), a hotel's website amounted to an activity "directed" to other Member States (if you are interested in the law, it's Article 15(1)(c) of Regulation 44/2001). The case is Hotel Alpenhof, and the court held that:
The classic forms of advertising expressly referred to in the previous paragraph involve the outlay of, sometimes significant, expenditure by the trader in order to make itself known in other Member States and they demonstrate, on that very basis, an intention of the trader to direct its activity towards those States.
That intention is not, on the other hand, always present in the case of advertising by means of the internet. Since this method of communication inherently has a worldwide reach, advertising on a website by a trader is in principle accessible in all States, and, therefore, throughout the European Union, without any need to incur additional expenditure and irrespective of the intention or otherwise of the trader to target consumers outside the territory of the State in which it is established.
It does not follow, however, that the words ‘directs such activities to’ must be interpreted as relating to a website’s merely being accessible in Member States other than that in which the trader concerned is established.
It must therefore be determined, in the case of a contract between a trader and a given consumer, whether, before any contract with that consumer was concluded, there was evidence demonstrating that the trader was envisaging doing business with consumers domiciled in other Member States, including the Member State of that consumer’s domicile, in the sense that it was minded to conclude a contract with those consumers.
Such evidence does not include mention on a website of the trader’s email address or geographical address, or of its telephone number without an international code. Mention of such information does not indicate that the trader is directing its activity to one or more other Member States, since that type of information is, in any event, necessary to enable a consumer domiciled in the Member State in which the trader is established to make contact with it.
So, no, mere accessibility of a website is not enough for an EU member state to be able to seize jurisdiction — are Facebook and Google and other sites with a main entity located in another country doing more than making their sites merely accessible?
* whilst the courts of Member State A might have the power to hear the case, this is different to saying that they must apply the law of Member State A. Depending on the arguments as to applicable law, a court in one Member State may have to interpret the contract in accordance with the laws of Member State B.
Just to confirm — the case is on applicable jurisdiction, not applicable law.
Should read
The EU legislation has NOTHING to do with freedom of speech. The summary is busy trying to paint a red herring argument where there is none, just to stir up good old "Proud American" sentiment.
I do not fail; I succeed at finding out what does not work.
I don't CARE where a site is hosted. The only thing that affects is the process for issuing a copyright takedown order or legal action.
EVERY INTERNET COMPANY IS REQUIRED TO ABIDE BY THE LAWS OF IT'S CUSTOMER NATIONS.
Your option is to abide by the laws and regulations of the nations where your customers and users are, or to be blocked from those markets for non-compliance.
That applies to EVERYONE in the world, not just US companies.
I do not fail; I succeed at finding out what does not work.
Facebook is the largest and most sophisticated data mining operation that has ever existed on Earth. It's very simple actually. If you want to keep any semblance of privacy, don't surrender your personal data to them. PERIOD. You don't need Facebook. It solves no problem. It creates a lot of them, though.
The site belongs to facebook. It is hosted in the US.
Facebook International HQ is in Dublin, Ireland - which is part of the E.U. They are also currently building a massive data center in Sweden which will handle all traffic from Europe, the Middle East and Africa.
This idea of trying to regulate what people do with the devices they own is simply laughable.
Welcome to the real world, where there are regulations governing businesses, and regulations that cover many of the devices that businesses use. You may also want to educate yourself regarding some of the reasons that Europeans generally support pro-privacy and anti-data-collection laws. You may be surprised to learn that it was a trade union that rose up against the communists and fought for the first free democratic elections in eastern Europe.
Yes, but Facebook is a European company, and it does business in Europe. Either one of those would make it liable to E.U. jurisdiction.
"Multinational means multi-jurisdictional too, something to do with having your cake and eating it." [spelling corrected]
Actually, that is not the case at all.
A multinational corporation - by definition - operates in multiple nations, and hence under multiple legal jurisdictions.
"we make more money with this scheme than your piddly little fines can ever hope to 'punish' us", and "we're not even based in your country, so your laws mean precisely as much as we allow them to"
1. They have the power to fine by an unlimited amount, and the power to increase the original fine over time if the company in question does not become compliant. No corporation has carried out your proposed strategy of just paying the fines - even Microsoft - because it would be stupid.
2. Facebook International is based in Dublin, Ireland, which is part of the E.U..
Facebook is on collision course with any privacy laws.
Perfectly OK then, since Facebooks customers are the Advertisers.
Since no European advertiser would be willing to be Facebooks customer, since it would be illegal for him to use the private data Facebook stores about their European products, Facebook would pretty much no longer be interested in acquiring and keeping new European products. Problem solved.
Facebook could either decide to keep buying infrastructure to keep their European products in storage with no chance of ever selling it, or to stop investing in European merchandise.
Hey Zuckerberg, you sure talk a good fight.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
[...]
Agreed - and that is indeed why I do not have a Facebook login.
And still, if you have enough friends with a FB login, lots of your private information is already in FB. They're very good at this.
This evil anti American regime must be stopped at all cost!
I was promised a flying car. Where is my flying car?
'Companies must understand that if they want access to 500 million consumers in the EU, then they have to comply. This is not an option,' said a spokesman for the EU Justice Commissioner."
The EU is essentially claiming that accessibility of a site to EU users subjects the site to EU laws. That's the same argument that the US uses to go after overseas sites that violate US law. While privacy is certainly a valid concern, the overall concept is a dangerous one. If a company doesn't have a physical prince in a location should it be subject to local laws? Should the government where it is located enforce foreign judgements?
I'm a consultant - I convert gibberish into cash-flow.
EVERY INTERNET COMPANY IS REQUIRED TO ABIDE BY THE LAWS OF IT'S CUSTOMER NATIONS.
Your option is to abide by the laws and regulations of the nations where your customers and users are, or to be blocked from those markets for non-compliance.
That applies to EVERYONE in the world, not just US companies.
That's easy to say but it has serious implications - should a site be subject to penalties because it hosts material that violates one country's laws even if the material is legal in the location the material is hosted? For example, lets suppose a company is in country A and has users in country B. What if a site publishes material, in servers located in country A, that country B viewed as damaging and was gotten through illegal means (based on country B's laws). Should the site be liable to prosecution in country B? Even if what they did was legal in country A? Your position seems to be yes - they violated B's laws and have users there so they should have followed those laws.
I'm a consultant - I convert gibberish into cash-flow.
"A multinational corporation - by definition - operates in multiple nations, and hence under multiple legal jurisdictions."
Yes, but my point was that there is nothing FORCING anybody to be multi-national or multi-jurisdictional. One of my own websites, for example, resides on a server in a particular country, and it's nobody else's f**ing business. It is available for anyone in any country to view, and if they don't want to look, they don't have to. They do not have any right to tell me what to say or do, or the companies that host my site, or my ISP, etc.
Censorship, if it exists at all, is PURELY jurisdictional, whereas the internet, inherently, is not. Let them block it if they want, but leave me and the rest of my internet out of it.
privacy almost always loses.
FB has European offices in Amsterdam, Brussels, Dublin, Hamburg, London, Madrid, Milan, Paris and Stockholm. According to FB, 80% of it's active users are outside USA and Canada so it's likely that there are more EU users than American users. FB also creates contracts with numerous EU based companies (and probably relies on EU nations to enforce those contracts if necessary) that want to advertise to EU consumers.
Thus, I think you're painting a bit misleading picture when you say "EU is essentially claiming that accessibility of a site to EU users subjects the site to EU laws". Given that the situation is what it is, I don't see how its operations could not fall under EU jurisdiction.
And if they don't comply? Then what? You'll create the Great Firewall of EU to keep Facebook out of your countries?
the other option is that, the EU standing pat, the rest of the civilized world passes them by. and the EU becomes like Iran, isolated by their own paranoias.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Forcing Sports Illustrated to abide by the laws of Saudi Arabia just because someone there downloaded the swimsuit edition could be a problem. The biggest issue (for the internet) is WHERE your online transactions take place. You need to know that to know what laws apply.
I would have thought Slashdot would be supportive of attempts to allow people to control over their private personal data? In my opinion, people who give personal data to any organisation in order for them to provide a service should have the right to ensure that the data is not kept or sold when the person no longer requires the service. Also a person should be protected against organisations collecting data without them being aware for commercial gain. I can finally cancel my Facebook account and actually be sure that my information has been deleted. This is a Good Thing!
From TFA:
Mr. Rosen says the regulations will create a dramatic clash between the right to freedom of expression and the right to privacy, arguing that under the proposal, websites like Facebook will be obliged to not only to delete on request material that users upload, such as photos, but any shared copies of photos – and potentially even material uploaded by third parties that another user objects to.
Funny, when private persons want to prevent others from sharing their media, they call it "preventing free expression". I never heard the mainstream media call it that when corporations want to prevent others from sharing their media.
Is the right to keep your own media to yourself less important if you do it for privacy, than if you you do it for profit?
Universal ID.
Let's wait a while and see how this turns out...
"we're not even based in your country, so your laws mean precisely as much as we allow them to"
Ask Kim Dotcom and Megaupload how well that argument works.
> the fact that a specific website is accessible from country XYZ, does
> NOT mean this website must comply with the local laws of country XYZ.
That's what Richard O'Dwyer thought http://www.talkleft.com/story/2012/1/29/12531/3634
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
This is not about controlling the world. Guessing you are american, you can sell you entire life to an american company if that's what you want. It's just that company will not be allowed to sell its products within the EU unless it obeys the EU regulations. As for how does that company behaves in the rest of the world, it's not our problem. Actually, it is YOUR problem.
To paraphrase your comment, unilateralism is dead and the USA no longer controls the EU.
You forgot to explain a little better how exactly Google "is in China".
First, they are receiving money from Chinese advertisers, in return for placing ads on search pages seen by Chinese people.
Second, China has big, big firewalls.
Third, Google is running data centers inside China.
Google is bending backwards to protect the income mentioned in the first point, This income would be treated if the local data center is closed down, if the firewalls suppress all traffic to Google data centers abroad, and if China outlaws payments to Google.
I do not know if Google earns enough in China to make a huge difference for its owners, but I believe that they have not just bent backwards. They have on some occasion(s) threatened the Chinese with closing down the local data centers, and the Chinese have given in to demands. (Sorry I do not remember enough specifics to look it up for check and references. I think I remember that for some time they were servicing all searches at centers outside China.) That is, Google is, if I recall correctly, weighting the power balance and going as far as they deem wise, to protect, not just the short term money flow, but also their integrity and reputation as a good source of information, also inside China. This is not to say that Google is not censoring search results, just that they are doing at least some fighting too. Also, this is not to say that they are making sacrifices for the good or for freedom of information, but that they appear to have a longer perspective, whereby it becomes harder to distinguish "defending Internet freedom" from "defending future reputation and profitability".
There is no substitute for common sense. Especially, no body of rules will do.
I suppose the EU has the right to block Facebook. If they dare, some people will use proxies and some will not. Oh well.
If a European travels to some other country, do they expect EU laws to apply? This is virtual travel. Europeans who dislike US law should stay home or maybe visit China.
I don't expect to carry a bible in Saudi Arabia or pro-Nazi stuff in Germany. Local laws apply, even if they are fucked up. Facebook is in the USA, so EU law does not apply.
local is USA
When you foreigners visit the USA (physically or virtually) you seem to want your own law. No. This is the USA. Facebook is in the USA. Why in Hell is this so hard to accept? Make your own facebook if you don't like the law over here.
"This is not to say that Google is not censoring search results, just that they are doing at least some fighting too."
I am aware of this. But they have been doing far too much censoring, and way too little fighting, in the name of profits.
The fact is, they don't have to be there at all. The only reason they are is for profits. They didn't go there for their health or the health of the Internet or the Chinese people. In fact, when they announced that they were going to start operating in China, their excuse was "if we don't, somebody else will." And make all the profits, of course.
That is NOT exactly a reflection of the world's finest ethical principles. Ultimately it all boils down to money. At least for Google. They have said as much.
The fact is, they don't have to be there at all. The only reason they are is for profits.
Do you really think it would be better if Google just remained out of China?
There is no substitute for common sense. Especially, no body of rules will do.
"Do you really think it would be better if Google just remained out of China?"
I think that depends very much on your point of view. What is meant by "better", and for whom?
I find it pecularlly puzzling.that TFA speak of "new EU privacy laws". No such thing is involved. No new law. Nothing new about it. Privacy laws have been around, EU wise, for about twenty years. US companies are allowed to make business online in the EU/ provided they comply to the Safe Harbor Principles. The real point is that the enforcement( of the Safe Harbor Principles has been inexistant for too long. The only change, the only newsworthy thing, is that some people managed to formulate a case for the public ministry to have a look at it. Oh, and that there's such a thing as an EU public ministry.
There's nothing like $HOME