Slashdot Mirror
German Court Rejects Apple's Privacy Policy
redletterdave writes "A German court rejected eight out of 15 provisions in Apple's general privacy policy and terms of data use on Tuesday, claiming that the practices of the Cupertino, Calif. company deviate too much from German laws (Google translation of German original). According to German law, recognized consumer groups can sue companies over illegal terms and conditions. Apple asks for 'global consent' to use customer data on its website, but German law insists that clients know specific details about what their data will be used for and why."
It must be hard to ensure that every jurisdiction on earth will be happy with everything that you do
This sig is intentionally blank
With organisations like the StaSi and GeStaPo in more recent German history, the protection of the individual's privacy is a serious issue in Germany.
Now and then politicians try to create another surveillance state for example to fight "child pornography", but fortunately they haven't succeeded to enact their crazy laws so far.
Why should it be on the people? If the company doesn't want to follow their laws, they shouldn't sell their stuff in that country. By choosing to operate in Germany, they have to follow German laws for products sold in that country. Don't like it, decide not to sell there.
I still have more fans than freaks. WTF is wrong with you people?
Just comply with local laws.
There is this inconvenient thing called democracy. The majority chose the leaders and the leaders made the laws. ... if your privacy is compromised, then you aren't the only one affected, all your friends and relatives are affected too.
But you're forgetting one thing though
Anyway, they should have tried this move years ago when iPhone was rising, not ... now.
The injustice here isn't to Apple, it's to other potential customers. One group of people is needlessly imposing their views of privacy on another group; instead of saying "I don't like Apple's privacy terms, so I don't use them", they say "I don't like Apple's privacy terms, so I am going to prevent you from using them as well".
Wrong. German law says that what Apple is doing is illegal, so they have to stop or they are going to be fined. And please read again what this issue is about. Apple can very well collect personal data and provide services that use them, they just have to inform customers what they are collecting and for what purpose, so the customers can make an informed decision. Their current privacy policy basically says: "We collect whatever data we want, we do whatever we want with it and reserve the right to share it with anybody". That is simply not allowed and has to change, so please enlighten us where you see any injustice.
It should be "on the people" because some people may not have a problem with policies and may want to do business with Apple anyway.
Absolutely. Everyone should be free to decide which bit of the law of the land they want to follow.
I, for example, can't see why we are not allowed to burn glibertarians in the public parks.
Watch this Heartland Institute video
Laws apply to everyone, neither companies nor individuals have a right to pick and choose which laws they will follow. An individuals has a right to expect companies they are dealing with operate with the law and there should be no expectation on the individual to need to check every fact and detail about a company to see whether they are operating within the law. Not to mention if some companies can choose to ignore the law then those that are spending funds doing the right thing are at a disadvantage to their competitors.
Whether you like this particular law is irrelevant, every company is legally obligated to operate within the laws of the countries they are doing business in, you don't get to write your own laws or terms of use that remove rights written into law from said country, allowing such practises is a very slippery slope that leads to atrocious behaviour as it is all down hill once you permit companies to remove your legal writes given to you by your country. Governments EVERYWHERE should always use the full extent of their laws to prevent such practises. If Apple want to argue that the law is ridiculous, that's fine and they should get the people of that country to take it up with the government not just ignore the law.
I'm experiencing cognitive dissonance; can anyone help me out? This seems to be cheered by posters who say that national laws are a good thing and foreigners should be forced to bend their knees whenever there is a conflict. However, in previous stories I have heard precisely the opposite: local standards are for ignorant redneck bullies who are too stupid to realize that their hillbilly local ordnances should be harmonized with international standards. Please reconcile.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
And then governments get the notion to sue, which of course raises messy issues of jurisdiction, discovery, &c.
1. So Apple pays a fine to Germany.
2. Germany bails out Greece.
3. Euro crisis solved. Profit!!!
Screw you, Underpants Gnomes!
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
For example, they ensure that every jurisdiction's copyright laws are protected, by choosing the most restrictive and protective of copyright one and using that version.
Indeed in other cases they insist that USA's jurisdictions are the ones applied to their customers everywhere. Why the hell should I, a non-USian, have to accept terms that are valid under US law?
Hell, they assume that since EULA's are not ruled illegal, they are 100% a legal contract, meaning that they are their own global jurisdiction. Yet nobody complains that we, as customers of many different licensed software companies, have to ensure that every company will be happy with everything we do.
Do we.
It should be "on the people" because some people may not have a problem with policies and may want to do business with Apple anyway.
What's your point?
The basis of the complaint was, that Apple is not transparent about what it does with the data collected.
If they are transparent about it and tell the users what exactly thy are going to do with the data BEFORE any data is collected, they're basically fine.
And then the users who are fine with can use those services.
But Apple, like many other companies, wants to have the right to do anything without telling what they do.
The European data protection laws lay the groundwork for users to be able to decide freely what services to use and what not.
The basis for a free decision is INFORMATION.
Burn the glibertarians!
uClibc will rule the world!
This is actually what many companies do when considering entering the US markets . I know several that won't bacause that would open them up to ridiculous lawsuits.
You need to forgive him. He is American, and over there laws only apply to regular people. Not to companies, and especially not to the rich (and Apple is both of those).
Companies can ignore the law all they want, and if someone disagrees, he can stop buying their product.
The whole concept of the law applying equally to everybody is foreign to them. Not that it always work that way in Europe, but it works often enough that we are used to the concept, and don't start arguing against it when it does work.
But Apple, like many other companies, wants to have the right to do anything without telling what they do.
Hate to be a defender of Apple, but you just took shit out of your butt and added it to the argument.
The issue is that they arent telling what they do, not that they "want to have the right to do anything." These things are not mutual, so you don't get to argue as if they were.
Is it really so hard to stick to the substance here? Seriously.. it isn't... you could bash apple for a week without having to pull shit out of your ass, so why are you pulling shit out of your ass? Every time you reach for your ass, you look like you've got nothing.
"His name was James Damore."
What, you think this is some conspiracy? Are you nuts? The only thing i don't understand is how you can think some corporation should have more power than anything else.
However, you fuckers need to get bent if you think it's actually possible to comply with those laws at a technical level.
I am sure Apple devices sold in Germany are very identifiable as devices sold in Germany by Apple. I am sure each device has a unique id. It is not a technical problem to filter wich devices can collect which information but more of a problem of the will to comply with local laws.
All companies will try the shortcuts first before they are told to go the long way around.
It is about business efficiency. (saving a buck if you can)
This is actually what many companies do when considering entering the US markets . I know several that won't bacause that would open them up to ridiculous lawsuits.
My cousin is a mechanic, he has a friend who operates a business that modifies commercially available heavy duty SUVs and compact trucks for extreme terrain travel. European customers have to sign a 5 page document upon taking delivery of their monsters. The US version of this agreement is over 100 pages and involves over a dozen signatures.
However, you fuckers need to get bent if you think it's actually possible to comply with those laws at a technical level.
The iTunes store is very good at identifying and limiting access to country specific content, IMHO it is not a technical problem to comply to country specific terms and conditions.
It would be interesting to know whether there is anyone who holds both of the following positions.
1. The German finding is unfair to Apple because Apple, quite reasonably, shouldn't be required to follow the law of every land in which it does business..
2. Criticising Apple for caving in to the censorship requirements of the Chinese government is unfair to Apple because Apple, quite reasonably, should be required to follow the law of every land in which it does business.
Best wishes,
Bob
The proposition is that they document what they do and let the user know.
If they update their documentation AND STILL DO WHAT THEY DO, then as long as they've documented it, their actions required by this law are ONLY the documentation changes.
The law isn't to refrain from using the customer's information, it's to inform the customer what use they put that information to.
The rules in question don't apply specifically to the internet. If you give an organisation your information, and they store it (relaying the information doesn't count), they have to properly represent what that information will be used for. This is to allow the individual to make an informed decision as to whether or not to perform that exchange of information.
Encrypting the information on the way to the organisation doesn't make a blind bit of difference to that, so I'm not sure why you brought that up.
No kidding!!! What do you say at this point?
erm, no.
You, fucker, need to stop apologising for law-breakers.
Don't get you wrong? Apple should try...
erm, no.
You follow the law or accept the punishment, fucker.
Oh and lastly, fucker, you may wish to question the effect on your credibility when standing in a public place and blindly shouting out "you fuckers".
Funnily enough if I want to do business in a public space I have to properly represent what I am doing there, or I can get done for misrepresentation.
No kidding!!! What do you say at this point?
German privacy laws should be the very minimal to start the world over IMHO. Personal privacy trumps anything any company could ever come up with against this. I would like to see all tracking, all non-opt-in data storage declared illegal. Cookies must be 1st-party cookies only - from the company you think are visiting. No third party trackers, anything. People deserve a clean, private experience. No selling of data to third parties, ever.
The Germans have it right.
It would have been interesting if you'd chosen to contrast two opposite positions relating to the same behavior, but you didn't, you contrasted two opposite positions on two different behaviors, privacy and censorship. They're not the same, and as a result your question sounds good initially but doesn't actually create a logically sound argument.
Since your question is ultimately about consistency, it would have been better phrased as "Should a company have fixed, consistent principles on privacy and censorship, or should it be prepared to modify them for the sake of doing business abroad?" And if the latter, then "Should it be prepared to have its principles both strengthened or weakened on a case by case basis, or just one of these two?"
It's a good question because your two examples highlight the fact that Apple's domestic principles on user privacy are weaker than is required in Germany, whereas Apple's domestic principles on censorship are stronger than mandated in China. As a result, the far more interesting question stemming from your examples is whether Apple should aim for the moral high ground and apply Germany's user protections even in the US, or just aim for profit and hence both improve its offering in Germany but compromise it in China.
If Apple weren't wanting to have the right to do anything without telling what they do, why are they not telling users what they are going to be doing with the data and what data they collect?
Because doing so would limit them to what they say they do. And they don't want to limit themselves to it.
Laws do not have to be possible to comply with or even logical, you still have to obey them the same. If complying with privacy laws concerning handling and collecting of sensitive data is impossible or prohibitively expensive the answer is easy, don't collect or handle the data at all, problem solved.
You can't just keep going in the same old track and claim that complying with the law is impossible or prohibitively expensive so you won't bother complying.
Only when the government requires you to do things you normally wouldn't do can you complain that it's impossible or prohibitively expensive.
If the government demands that you climb a 50 foot vertical flat glass surface you can complain that it's impossible but if the government merely says u can't use equipment X to climb up a 50 foot vertical glass wall your option is to either stop climbing 50 foot glass walls or find other permissible equipment that will let you do the task.
It's more likely that Apple probably has very specific uses in mind for the data, but the US is an anomalously permissive environment with regards to how people's data can be handled and therefore it never occurred to them to enumerate their intended uses.
No kidding!!! What do you say at this point?
Apple is just covering their ass
Uh no. Apple did nothing to cover their ass here, and that's why it's about to get bitten. They did not even attempt to cover their ass. They have to tell you what they (not unauthorized intermediate parties, you bullshit prevaricator) are doing with the data, and they aren't doing that. If anyone they're contracting can't tell them what they are doing with the data, then it's gross incompetence and possibly malfeasance as well to share data with them.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
This is a strawman argument.
The ruling is not about connection data like IP addresses needed to establish connections.
This is about the data that Apple collects outside of that: email addresses, contacts, geolocation.
If I use, say, iCalendar, obviously I allow Apple to collect and save the data of my appointments. But before Apple can share this data with third parties, they have to tell me which third parties and what data. This isn't 'the privacy policy of the internet at large'. This is Apples (and Googles, and Facebooks, ...) policy of threating users data as their own just because it is saved on their servers.
There is no real need for these companies to share the data with third parties. They do this for their own benefit (usually ad revenue). And
But Apple, like many other companies, wants to have the right to do anything without telling what they do.
Hate to be a defender of Apple, but you just took shit out of your butt and added it to the argument.
The issue is that they arent telling what they do, not that they "want to have the right to do anything." These things are not mutual, so you don't get to argue as if they were.
You quoted the relevant sentence of me. Can you read the last five words of it? They are 'without telling what they do'
So yeah, I did stick to the substance: They want to have the right to do anything WITHOUT TELLING WHAT THEY DO.
Stop reading sentences halfway through, please.
Wait. Enlighten me. You mean I can't write the next: I'll store all personal information you send me. I may sell it, analyze it, share it, simply store it, change it, format-shift it, clean my *** with it, laugh at it, preserve it as my most dear possession, etc? You mean I can't do that?
Because it seems to me that is quite clear on the intent of the company: I may use it for anything. Or you mean companies would have to add to their TOS that they may use it for: [insert long list of things], and update it every single time they come up with a new idea? And IIRC if costumers don't like the new TOS then the company would be forced to delete anything they have on the costumer?
If I'm right... I think that's very bad for the companies. And not a real win for costumers, since most don't bother to read TOS unless there is a headline...
I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
So in theory they could write: We're going to sell it/share it with [company], and be on the clear? Or am I thinking too little and the other company would also have to state what they do with such personal information?
I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
You've got it backwards. Apple wasn't function in Germany with their privacy policy and a bunch of people got angry at Apple and changed the laws to punish them. Apple is operating in Germany which has established privacy laws, and Apple doesn't want to comply. You are right, just got "the people" and "Apple" mixed up in your statement.
It matters that they document what they do.
Unless what they're doing is illegal, but in that case, it was illegal to begin with, documenting it wasn't illegal.
USA fined British pharma company GSK 3 Billion Dollars
1. GSK pays a fine to USA
2. Everybody in the USA gets a free Obama Phone, with money left for future Obama Cars, Obama TVs etc
3. US Deficit not solved. No Profit!!!
That's exactly what was wrong here. Apple didn't put enough information in the privacy policy to allow the customers to make an informed guess if they like it or not.
Actually yes. The other company has to expressively state what they will use the information for. And they are not allowed to use if for anything the customer has not agreed on. And that's Apple's problem here. They actually can't tell what their contract partners will use the information for, so they can't tell their customers, as they are required by law to do. So either they don't collect the data, or they make a better job at explaining to the customer what the data is used for before collecting it.
Apples Global Service Exchange is quite accurate with regards to country of origin for their products with serial numbers.
-- Linux user #369862
Such respect is very good if not essential for all involved.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
If they don't give you enough information, you have all the information you need in order to make an informed decision not to do business with them.
Actually, IIUC, even documenting what they do wouldn't help Apple much, as then they would be admitting to breaking the law. (That's not in the court decision, that's in Apple's mode of business.)
In particular, it is my understanding that it is illegal for Apple to collect information in Germany and transmit it to a location where the laws don't "adequately" protect the information. Like the US. And that that's one of the things they do.
So, IIUC, this court decision is a requriement that they document that their current business practices are in violation of the law. Perhaps I'm wrong about their current business practices, but I doubt it.
OTOH, I'm certainly not an expert on EU law, or even US law. So I could easily be wrong about that part of the argument.
I think we've pushed this "anyone can grow up to be president" thing too far.
You are assuming that their current business practices are otherwise in accordance with German law. I have a very strong doubt that this is the case. So to me this sounds like a requirement that they admit that they are breaking the law. But not documenting what they are doing is also breaking the law.
(In particular, I believe that it is illegal under German law for non-anonymized data to be sent from Germany to the US, due to the US lacking acequate safegards against abuse of personal information. I could be wrong about this. Or possibly Apple isn't doing this. But I believe that they are, and that it is.)
I think we've pushed this "anyone can grow up to be president" thing too far.
Everything legal is not ethical.
If you believe that there is no ethical problem at all in giving information on dissidents in an oppressive regime, where people disappear quite easily, then the two laws be considered on equal ground.
Or do you perhaps believe there is an equal ethical problem in strong privacy law and in what China does to political dissidents?
There's a similar law in the UK, and companies generally comply with the letter. (Although I've seen some interesting ways of working around the spirit; one form I saw asked for permission to use the information in a variety of ways, which were opt-ins and opt-outs more or less at random, so you had to read it carefully to determine which boxes to tick.)
(1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
I like what I read. If you are going to use some of my data, I want to know before hand what fields you are going to make use of, and if I need to give consent.
Same message to FBI, HS. etc.
They want to have the right to do anything WITHOUT TELLING WHAT THEY DO.
OK I'll take what you said in its entirety at face value, without any use of rationalization to extract truth from your statement. Now there is no truth at all, because the claim you are making is false.
Anything' includes the entire set of things within imagination.
Either you want me to treat you as a sloppy statement maker that needs to be parsed with the obvious deficiencies of your vocabulary selection segregated from the rest of the stuff that you say, or you want me to presume that you arent such a sloppy statement maker and really meant so say that you think that Apple wants the right to do anything within the imagination with the data.
I guess you win, and are wrong. Apple does not want the right to kill jews with your personal data without telling you about it.
"His name was James Damore."