Norway court rules against Facebook owner Meta in privacy case
reuters.comI understand that what these companies are doing is illegal, and thus the court ruled correctly.
But I cannot help but wonder if we, the public, are really focusing on the right thing here?
Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
Why is the EU regulating privacy topics to the point were we no longer have access to certain social media products, while they are also pushing for backdoors into private messengers?
I think that we should focus on the latter - privacy of private encrypted chats from Government scanning.
And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
This is utter nonsense. We have the capability to do both, we can both work to stop private companies from tracking us, as well as work to stop our governments snooping on us. Framing it as if we had to choose one or the other is misleading.
I don't think that the public is very good at paying attention to two things at the same time.
I think that the "ad targeting privacy" discussion is a borderline red herring that is focusing the debate away from what matters. Giving the public a feeling that they achieved something, while violating privacy through the backdoor.
Or, a more hopeful view, is that "ad targeting privacy" makes "privacy" be a topic at all in society, and that could be leveraged to acquire more privacy in more areas, as people start to realize what it actually means.
Problem is that "evil marketing companies" is a lot easier for people to believe in, compared to "evil government", especially in places like in the Nordics where people generally have a much more favorably view of their governments than in other countries (for better or worse).
> don't think that the public is very good at paying attention to two things at the same time
This is a regulatory proceeding. The public isn’t involved.
It’s bad strategy to go all in at one point on the front; you’ll be flanked. Focus entirely on government collection, as the U.S. did, and you’ll find companies not only running free but then turning around and selling their data to the government you thought you were on top of.
Who's to say they're not the same? We know for a fact that the government uses the "ad targeting privacy" to ingest data on civilians. There's countless articles on resale of those data via data brokers. Conflating the two doesn't minimize the argument IMO. As a counter perspective I would surmise that it would piss people off more if and when a government uses that data against its own citizens. People seem to be grasping the concept that having all of this data in someone else's hands is a bad thing. And while I don't feel the urgency is where it should be, I do feel as though we've made some progress.
> "companies are using your reading history to target ads"
Keep in mind that this is also:
* "Companies are using your reading history to build a profile of you, including political stance, age, gender, location, religion, group affiliations, network of people you know" and a host of other things.
This data is then used to target ads and campains. This is no big deal if it's trying to push you to buy a bit more Mountain Dew, or to figure out that you can better the dental healt in Jefferson County, Idaho by showing up there in a van handing out free samples of toothpaste.
It is however a bigger deal when it's used to sway your opinions on political, legal and social matters by feeding you lies.
It's a deal when it's used by one country to target individuals in the neighbouring country to leak government secrets by pinpointing local groups and geographic areas where you have a good chance of recruiting such agents.
That's why certain countries, in this case Norway don't want this data under contrl of other governments, the U.S. in this case. (While Meta/Facebook owns this data, it's in effect under control of the U.S. government judicially)
> * "Companies are using your reading history to build a profile of you, including political stance, age, gender, location, religion, group affiliations, network of people you know"
... to then sell that profile to your government, legally.
> "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
The problem is that companies tracking your every move for the purpose of ad targeting means all that data is concentrated in a single place where the government (or another bad actor) can search through.
And, at least in the US, the government can and does freely purchase from third parties information that they aren't able to compell disclosure of, so companies accumulating tons of information about everyone is very much a part of the government surveillance apparatus. Without that (and with some better protection of data that actually does need to be collected), national intelligence agencies would probably still coerce access to information they're not meant to have, but at least local police departments wouldn't be able to just buy it from data brokers.
> Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?'
... And why do you immediately navigate to this dichotomy? What purpose does it serve? Does bifurcating the issue serve any purpose?
I can't read minds so I don't know why you in particular are doing it, but the general answer to that is that private interests have waged a decades-long propaganda campaign with the message that everything that the government does is automatically suspect and nefarious, while everything some private interest group is completely okay.
But this is a false choice: just say no to both groups violating your privacy.
But its not just used for ad targeting for things you might actually want to buy.
It's used for political campaigns, and social manipulation. Governments can also compel the private company to reveal information they have about people.
> Governments can also compel the private company to reveal information they have about people.
This is the big deal.
Private companies collect data at volumes, and at levels of detail, that governments would never be allowed to do.
It's easier and cheaper to let the private folks do it, then buy it from them.
They are already doing this.
If a government wanted to build such a spyware operation, they'd have to fund it themselves and get budgets approved. But here you have a sustainable spyware operation already running they don't need to justify any budget for.
Then regulating against them and taking them to court is surely counterproductive?
The danger of them having this data is just too great. It's too much concentration of power.
Would you trust the government with your voting preferences? Meta can know that with extremely high confidence based on the articles you read, people you follow etc. And while I'm not particularly trusting of the government, I'm even less trusting of zero-accountability, billionaire-led, Meta.
Imagine the potential for abuse if this data is in practice usable by large interest groups that want to strongly influence your behavior. Oh, wait a min! This data is usable today by these groups for ads targeting!
That sort of unaccountability is why Brexit happened, and why Trump got elected. That level of abuse by special interest groups need to stop.
> Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
Yes. Because the line between companies and government is very thin. (government has access to those companie's data, more or less legaly).
But these companies do not collect chat data. Whatsapp is end to end encrypted. It is my government who wants to break that encryption.
Except from what I can find WhatsApp seems to have an automated content moderation system that will automatically flag and forward messages to Meta for review. So the ability to bypass that encryption is already hardwired into the app.
>will automatically flag and forward messages to Meta
Citation please. Specially on automatically..
> these companies do not collect chat data.
These companies say they don't collect chat data but they also say they follow local laws and you see from above that they obviously, deliberately don't.
Does "end to end encryption" really mean anything if you control decryption at both ends of the connection?
It's just harder to intercept over the wire that's all.
Yes there are more than one shady way to collect data. Other government, and your own, can access these companies profile of you.
> Why is the EU regulating privacy topics to the point were we no longer have access to certain social media products, while they are also pushing for backdoors into private messengers?
Backdoors are from national governments (Macron in France, Sunak in UK). Privacy stuff is usually from the EU parliament, elected by people proportionally but cannot propose laws, only vote on them.
Only the Commission can start a new law but the Parliament can amend proposed legislation. https://www.europarl.europa.eu/about-parliament/en/powers-an...
And, as the article says, this proposal is likely to be illegal under the ECHR and the CFREU.
> And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
"""
The CLOUD Act primarily amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil
"""
Governments increasingly rely on the vast amounts of data stored by private companies to target specific people or groups of people.
> Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
This is politically incompetent. A politically competent person uses The System to fight The System.
You lobby your government to heavily fine companies for spying. You lobby companies for E2E encryption to stop government spying.
Literally right now on HN: https://foundation.mozilla.org/en/privacynotincluded/article...
--- start quote ---
A surprising number (56%) also say they can share your information with the government or law enforcement in response to a “request.” Not a high bar court order, but something as easy as an “informal request.” Yikes -- that’s a very low bar!
...
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.”
--- end quote ---
More than one problem can be addressed at a time
But you dilute resources and focus.
Companies have had several decades to not do the crap they are doing (laws regarding privacy of people's data have existed in various countries for a long time).
How long, in your opinion, should we not dilute our resources and focus? I mean, there's always more stuff to focus on all the time.
So use the privacy laws against corporations as a wedge.
IMO, yes - because governments then either compel or buy this data from the private sector.
Its farcical to suggest that FB is just some middling entity, it has the capability to topple governments if Zuck wanted to. They are already implicated in facilitating multiple ethnic cleansings, what more risk do you want?
> And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
Let me reverse the question, why anyone is able to target me without me asking for it? why anyone is using my data to do anything without me getting any benefit from it?
Can we all just agree on something: Google and Meta (and a bunch of others) are just the privatization of the government surveillance state. Facebook's product is the user data. That data gets sold and resold and eventually put into the government's hands through gray area retailers.
If your issue is "I don't want to be on a government list" one part of the solution would be making sure there's no data to populate the list, and the other part is restricting anyone from assembling such a list. The former is what Norway is doing, but pretending only the latter needs to be addressed is ignoring human nature. "If you aggregate it, they will come".
This is about Norway, not the EU.
norway isn't in the eu -_-'
Or just don't use their services? I don't need government to do this for me.
I do, because I don't have neither the skills nor the time to ensure that a company is respecting the laws, so I pay taxes in order to make sure that qualified government employees make sure that companies abide to current regulations
Also they actually put tracking pixels everywhere following people even when they don't have an account on facebook, how I am supposed to protect myself from this scummy company if even when I don't have an account they profile me? Should I leave internet?
I hope this doesn’t end with another cookie banner for eu that shows after the original cookie banner. Ehh
> Meta told a two-day court hearing in August it had already committed to ask for consent from users and that Datatilsynet used an "expedited process" that was unnecessary and did not give the company enough time to answer.
So, in other words, Meta is complaining that Datatilsynet moved fast and broke things. Interesting.
They want move fast, breaking other people's things. Not tje other way round. How else could all those poor tech giantsband start-ups survive?
> Datatilsynet used an "expedited process" that was unnecessary and did not give the company enough time to answer
The GDPR became enforceable 5 years ago, and this is their core business. This does not concern some ambiguous edge case, it's essentially the fundamental reason the law exists. Either they've been willfully breaking the law for 5 years and the fact that they haven't been fined out of existence should be considered a blessing, or the company is so incompetent that its continued existence is an unacceptable risk to the world.
It could also be interpreted as legislation is not the savior a lot of tech types want it to be. There are existing laws on the books that do not get enforced, so this is just another example. Instead, the net effect of these laws just make things worse. The cookie banner is an example. I do not believe that a website is honestly going to respect the changes I set on a website, that's why I have my browser block them. So the gaudy banners and time sink that has been put in place for some regulation that is not really protecting anyone anyways just shows that even the GDPR is ripe for gaming.
The problem is enforcement, yes, and GDPR is finally, if very slowly, is getting enforced.
No regulation is a "saviour".
>No regulation is a "saviour".
only if you're british while looking for the colour green in the shoppe
These kinds of jokes are tyreing. A British person would have said “corner store” while pushing a trolley. I like jokes on HN but this is too low effort and it shows. I would have gone with something more surprising than “guy spelled funny”, possibly a Life of Brian reference.
Good. Now do TikTok since we all know that is just as bad as Meta for their privacy violations as well.
Is it? Does Tiktok track everything you do across the entire Internet, like Facebook and Google do? They might, I don't know, but I haven't seen "tiktok.com" in my NoScript list on 90% of websites like I have FB and Google.
Just your phone. Open TikTok on iOS and it will for sure try to access your location, clipboard or whatever weird crap people will just click "OK" or "Allow" on.
That doesn't seem anywhere near equivalent to Google & Facebook's privacy issues. They stalk literally everyone over the entire Internet. I don't have Tiktok on my phone (or at all) so I'm pretty sure they're not stalking me. So I disagree with the OP, Tiktok's privacy violations are not as bad as Facebook's.
I guess the difference is, if you don't install or use TikTok they don't track you. Whereas with FB, rven if you don't have a FB account, they still track you across the Internet.
It's one thing if you actively use the service. One could even argue that this might be the payment for using the service (I don't agree with that argument, but it has some merit at least).
The problem with Facebook and Google is that they've got their spyware littered across most websites and third-party apps, so you get stalked even if you do not use FB/Google nor ever read/agreed to their ToS/privacy policy.
What if I don't have TikTok installed and never have?
You’re a contact in someone else’s profile who has you in their contact list.
Still not an equivalent to what Google and Meta are doing. Google and Meta are everywhere on the internet. Google controls the most popular browser. The volume of data that those two harvest is absurd.
My comment has nothing to do with severity or extent of tracking. I am highlighting OPs surface area of risk, given their exclusion from using Tiktok.
Why do you use tiktok on a phone and expect privacy. Your phone spys on you.
When I live alone I'm planning to drop a cell phone all together and just run a desk phone. If I'm not home leave a message.
But to be clear, Tiktok does have a tracking pixel for their ads program
As opposed to?..
TikTok trackers aren't built into my phone's operating system.
No, that's not my phone's operating system. (But it also hints to why.)
I think, most of the companies do that. And they are actually clueless what they can do, what data can be taken without being litigated. A global consensus may be a great thing for startups not having to worry about data laws focusing more on building the product. Will be good for EU Economy too.
Global Consensus on these laws or a scanner app letting the startup owner know what you have unwillingly violated is highly wanted.
I've been working at EU startups and tech for a while now. There isn't much worry about data laws. All the data you need for the real product you can get without even getting close to breaking any privacy laws.
It only gets very complicated when you start forwarding that data to 3rd parties, intensively tracking + storing user behaviour and engineering patterns aimed at deceiving how you use the data.
If you're that worried about keeping up to date on these types of rules, you can subscribe to the EU data protection newsletter, which will be a fairly decent overview on what's going on: https://edps.europa.eu/press-publications/publications/newsl...
No, this is not happening because they are clueless on what they can do - this is happening because they believe they can get away with this (by seeing that most companies do that). There is a clear global consensus on whether they are permitted do that (no, they can't), but there's also something resembling consensus that they'll keep waltzing over the boundary while they still can as regulators take their time with enforcement.
You don't have to worry about data laws unless you're trying to walk that line - and you should not. If you act reasonably and don't even attempt to track people unless they explicitly ask you to (which is what opt-in informed consent means) then you don't need to bother with the nuances. Megacorps are hiring privacy lawyers primarily because they want the lawyers to answer "what can we add/change to somehow keep doing this prohibited thing" instead of just stopping it.
When I hear from "unwillingly violated", most of the time it somehow comes from an organization blatantly and willingly violating the principles; indiscriminately harvesting data and basing their business model on that. Even for a startup, getting a quick 30 minute consultation on data privacy isn't a big deal, and compliance is trivial if you're willing to abandon prohibited ideas - GDPR compliance is primarily tricky for those who want to see what is the maximum amount of evil that is still legally permitted.
It’s absurd how so many popular online services make it impossible to escape ad farms. I think the consensus is that data collection for the purpose of advertising or behavioural targeting is only possible after a very informed opt-in.