Slashdot Mirror
Facebook On Collision Course With New EU Privacy Laws
An anonymous reader writes "Facebook and other U.S. internet companies are faced with a new EU data protection regime, the Christian Science Monitor reports. U.S. concepts of free expression and commerce will battle European support for privacy and state legislation. 'Companies must understand that if they want access to 500 million consumers in the EU, then they have to comply. This is not an option,' said a spokesman for the EU Justice Commissioner."
"U.S. concepts of free expression" wow!
Facebook (and other operators, such as google) need to understand that they don't have a "right" to sell any and all information they can gather. If they can't meet the rules, someone else will be happy to do so and take their users away from them. That's what competition is about.
Let's call it what it is, Anti-Social Media.
... U.S. internet companies are faced with a new EU data protection "regime" ...
newspeak ? the word "regime" should be used at EU Govts. ?
mmaaaa... EU are axis of evil "regimes", they do not let our companies do douchebaggery which is our way of life !!! they want accountability... !!! how dare they !!!
...Facebook's first priority is no longer its users' privacy (if it ever had been). Its first priority now is making money from its shareholders. From advertising space to per-click charges for using its authentication protocols and other bits of code, Facebook has other avenues of revenue than selling user data. Having close on a billion accounts live right now is a bonus for Facebook, as it shows a more or less loyal customer base for any other company that seeks a captive target.
Hence, deeply personal data you might find on FB that might find its way into some other company's database or metric for them to use to tailor their product to a target consumer, is unlikely to be uniquely identifiable - it's infinitely more likely to be statistical in nature. The single most likely candidates for individual monitoring would be those already on watch lists or those who trip warning triggers (yes, there is tech out there to monitor even "closed" or spiderproofed websites: that the police in the UK can access locked down Facebook accounts (seen it) as though the pages were Wayback mirrored is evidence enough of that).
Operation Guillotine is in effect.
The "U.S. concepts of free expression and commerce" mentioned are of the current Corporatist Government, and are not representative of "U.S." views. I would thank anyone writing about this to make that distinction.
As I have been saying for years now, if you really want to look at the demographics of the United States, you really have to consider the citizens and the Federal government separately, because the Federal government has been so completely out of touch with the wants and needs of the average citizen.
"U.S. concepts of free expression and commerce", if by that you mean the vast majority of people who live here, very much do include personal privacy. Anyone who thinks otherwise has a distorted view of what's really going on. And anyone who represents the Federal government's "views" as those of the average American citizen is likewise out of touch.
Was this summary explicitly written in trollspeak to ignite yet another US vs Europe flamewar on /. ?
I never understood the objection to targeted advertising. I don't particularly enjoy sitting through adds for tampons, dating services, or political candidates. But I quite like ads for electronics, camping gear, movies, cars and things like that. So why wouldn't I want a website to know what kinds of ads interest me? Targeted ads are greatly preferable to general ads.
I'll be in favor of a "right to be forgotten" if it applies to the government and banks. Otherwise, it's not really worth it.
"It's your data" so if you want us to delete your GPS locations
crossreferenced with your search habits you will have to give
up your gmail.
All in the new simplified agreement that covers everything.
The problem here boils down to "we make more money with this scheme than your piddly little fines can ever hope to 'punish' us",
Piddly as in what Microsoft faced in 2006? Admittedly, that situation was different but that kind of fines are not what I think of as "piddly".
and "we're not even based in your country, so your laws mean precisely as much as we allow them to"
How come Google are bending over backwards to follow chinese censoring laws? Google is based in US too and by your argument the should not have to care about those laws at all - yet they do.
Agreed - and that is indeed why I do not have a Facebook login.
My opinion? See above.
The product facebook sale (facebook user/consumer data) will NOT be sellable in europe. See even if they go around the law, and simply say they are an US company and don't need to comply, it is still a dead end for them, ebcause the company mostly interrested in the data are not US one but EU one. Do you think will a german user data will interrest, say, target/new york ? And for local german firm, buying the data from the US will not help as they would have a high risk to be to accused of having data on their own customer and get the ire of data protection law, the law can't stop people giving it away to US where it is "lost" but as soon as it comes back to EU territory game over EU law again take hold. That data would be worst than radioactive waste to handle.
Effectively, if facebook ignore those law / pretend they are an US company They will simply LOSE that EU market completely , as they will serve people but won't be able to do much with the data. This is why your "routing around the damage" won't work : that data in the very end is for local consumption. If the local (the firm buying the data) knows they can't use the data, then facebook is SOL and no matter how much routing or where they put their server.
So yes, for facebook it would be a pretty bad deal.
The new regulations recently proposed by the European Commision can result in fines of up to 2% of revenues. Not profits, revenues. That's not puddly by anyone's definition.
Additionally, the EU is perfectly willing to prevent EU companies from dealing with non-EU companies who don't comply. If FaceBook doesn't have EU advertisers on their system, all EU users suddenly become a drain on FaceBook resources for no gain. Yet if they leave the market, previously 2nd-rate competitors (such as Google+) get a huge surge in Europe, which may / will help them break into other markets.
In the end, FaceBook will comply.
"Piddly as in what Microsoft faced in 2006? ..."
Ahem... Yes, "piddly". When Bill Gates personally, much less Microsoft, is worth over $60 BILLION, a fine of $357 Million is "piddly". The purpose of such fines it to be "punitive" and "preventative", which means that they are supposed to demonstrate that it is unproductive for companies to engage in such practices. But when the results are not high enough to be "preventative" -- as they have generally not been for many years -- they do not discourage such practices at all! Instead, they simply share the wealth with Government.
And that answers most of the rest of your argument. Except:
How come Google are bending over backwards to follow chinese censoring laws?
Because they make sh*tloads of money by being in China. I have to wonder how that escaped your attention.
"we're not even based in your country, so your laws mean precisely as much as we allow them to"
They do have a footprint in Europe, which is why they had the Irish Data Commissioner crawling around for 3 months last year. Multinational means multi-juristictional too, something to do with having your cake and eating it.
I think a bigger problem is that this new privacy directed is also in conflict with the Patriot Act. If I understand it correctly, the Patriot Act allows the USA government to seize any data (no matter where it is being hosted in the world) from any company that has a legal entity in the USA. The new privacy directive does not allow any government to size this data. To me it seems that any company that has a legal entity in the USA can no longer store any private (customer) data of people falling under the laws of to the EU.
the fact that a specific website is accessible from country XYZ, does NOT mean this website must comply with the local laws of country XYZ.
This certainly is not a new discussion — there's plenty written and opined about the applicability of one country's laws (and the jurisdiction of courts) to services made available from other countries, generally under the title of "private international law" or "conflict of laws."
In terms of the law in the EU, at least as between Member States, the Court of Justice of the European Union has ruled on the issue, with regard to websites operated from one country and available in another — whether, for the purposes of EU law on applicable jurisdiction (i.e. which Member State's courts should hear the case*), a hotel's website amounted to an activity "directed" to other Member States (if you are interested in the law, it's Article 15(1)(c) of Regulation 44/2001). The case is Hotel Alpenhof, and the court held that:
The classic forms of advertising expressly referred to in the previous paragraph involve the outlay of, sometimes significant, expenditure by the trader in order to make itself known in other Member States and they demonstrate, on that very basis, an intention of the trader to direct its activity towards those States.
That intention is not, on the other hand, always present in the case of advertising by means of the internet. Since this method of communication inherently has a worldwide reach, advertising on a website by a trader is in principle accessible in all States, and, therefore, throughout the European Union, without any need to incur additional expenditure and irrespective of the intention or otherwise of the trader to target consumers outside the territory of the State in which it is established.
It does not follow, however, that the words ‘directs such activities to’ must be interpreted as relating to a website’s merely being accessible in Member States other than that in which the trader concerned is established.
It must therefore be determined, in the case of a contract between a trader and a given consumer, whether, before any contract with that consumer was concluded, there was evidence demonstrating that the trader was envisaging doing business with consumers domiciled in other Member States, including the Member State of that consumer’s domicile, in the sense that it was minded to conclude a contract with those consumers.
Such evidence does not include mention on a website of the trader’s email address or geographical address, or of its telephone number without an international code. Mention of such information does not indicate that the trader is directing its activity to one or more other Member States, since that type of information is, in any event, necessary to enable a consumer domiciled in the Member State in which the trader is established to make contact with it.
So, no, mere accessibility of a website is not enough for an EU member state to be able to seize jurisdiction — are Facebook and Google and other sites with a main entity located in another country doing more than making their sites merely accessible?
* whilst the courts of Member State A might have the power to hear the case, this is different to saying that they must apply the law of Member State A. Depending on the arguments as to applicable law, a court in one Member State may have to interpret the contract in accordance with the laws of Member State B.
Should read
The EU legislation has NOTHING to do with freedom of speech. The summary is busy trying to paint a red herring argument where there is none, just to stir up good old "Proud American" sentiment.
I do not fail; I succeed at finding out what does not work.
The site belongs to facebook. It is hosted in the US.
Facebook International HQ is in Dublin, Ireland - which is part of the E.U. They are also currently building a massive data center in Sweden which will handle all traffic from Europe, the Middle East and Africa.
This idea of trying to regulate what people do with the devices they own is simply laughable.
Welcome to the real world, where there are regulations governing businesses, and regulations that cover many of the devices that businesses use. You may also want to educate yourself regarding some of the reasons that Europeans generally support pro-privacy and anti-data-collection laws. You may be surprised to learn that it was a trade union that rose up against the communists and fought for the first free democratic elections in eastern Europe.
Yes, but Facebook is a European company, and it does business in Europe. Either one of those would make it liable to E.U. jurisdiction.
Perfectly OK then, since Facebooks customers are the Advertisers.
Since no European advertiser would be willing to be Facebooks customer, since it would be illegal for him to use the private data Facebook stores about their European products, Facebook would pretty much no longer be interested in acquiring and keeping new European products. Problem solved.
Facebook could either decide to keep buying infrastructure to keep their European products in storage with no chance of ever selling it, or to stop investing in European merchandise.
'Companies must understand that if they want access to 500 million consumers in the EU, then they have to comply. This is not an option,' said a spokesman for the EU Justice Commissioner."
The EU is essentially claiming that accessibility of a site to EU users subjects the site to EU laws. That's the same argument that the US uses to go after overseas sites that violate US law. While privacy is certainly a valid concern, the overall concept is a dangerous one. If a company doesn't have a physical prince in a location should it be subject to local laws? Should the government where it is located enforce foreign judgements?
I'm a consultant - I convert gibberish into cash-flow.
privacy almost always loses.
the other option is that, the EU standing pat, the rest of the civilized world passes them by. and the EU becomes like Iran, isolated by their own paranoias.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Okay - in that case, let Canadian pharmacies sell drugs over the Internet to Americans. And weed.
Let Mexican drug lords sell crack. After all, it's not like either their laws or yours can prevent it.
Facebook has 2 choices - either operate within the law of each place it does business, or be kicked out. Their call - and personally, I hope they get kicked out. Productivity would increase.
Let's call it what it is, Anti-Social Media.