Being honest about data-collection isn't an option anymore is it ?
A LOT of American companies are resorting to sneaky tactics or they're simply blocking everyone from Europe...
Well, if people in Europe would just say "no" and not use FB or the others when they try to pull sneaky crap like this, it would it the companies' bottom lines really hard. I'd be willing to bet that things would change real fast then.
The companies for now seem to be testing the waters on what they think they can get away with. Don't let them off the hook!!!!
"A LOT of American companies are resorting to sneaky tactics"
Not THAT many, just a few high profile ones from what I see.
Yet, if they have to 'sneak', there must be something inherently wrong with what they're doing.
It reminds me of GWX.
Oh it is. But not if you are a slime.
I got an honest and compliant GDPR notice two days ago. JUST ONE - out of all notifications, popups and mails in my mailbox.
It was from Kasperski - they forced an update on the app with a name change so you had to go through the GDPR screens to reactivate it on the phone. What is remarkable is not them doing it. The remarkable part is them being the only ones which followed the law (so far). There was a separate marketing, separate data collection consent and the app agreed to function exactly as it should with no functionality cuts if these two were not ticked off.
I'd love to be a fly on the wall in all the marketing departments who've spent all last week trying to work out how they can still spam people, only to send out their GDPR email and receive a flurry of unsubscribe requests instead.
It's almost like people don't like, or want, marketing emails.
> It's almost like people don't like, or want, marketing emails.
It's the GDPR emails from companies you've never had dealings with (ie, they have your data anyway) that are especially concerning, as they are almost certainly fishing rather complying.
"It's the GDPR emails from companies you've never had dealings with (ie, they have your data anyway) that are especially concerning, as they are almost certainly fishing rather complying."
Unless it is recruitment companies, they are not phishing, they generally have scraped your CV from some location and wish to continue using it.
I have sent many delete requests to many recruitment agencies who have absolutely no reason to hold my data.
"only to send out their GDPR email and receive a flurry of unsubscribe requests instead."
That's not what's supposed to happen. Unsubscribe is supposed to be the default action if the subject doesn't actively subscribe. But most seem to either not know that's how it should happen or are actively pretending they don't understand so as to scam the users.
"only to send out their GDPR email and receive a flurry of unsubscribe requests instead."
If they don't have your explicit consent already, then you don't NEED to send an unsubscribe.
This makes law what was ASA policy anyway - and the reason it's been made law is because industry self-regulation (and the ASA as self-proclaimed "regulator") has utterly failed.
I've visited several websites in the last week who asked if I wanted to allow required cookies, personalisation cookies, tracking cookies or advertising cookies using a simple dialog. These sites made it easy to select my preferences and (assuming they actually act on my choices) complied with GDPR simply and effectively. They actually make me want to visit those sites again, unlike Dell or WD with their huge lists of companies they set cookies for whom I have never heard of that lost them business when I closed the tab in disgust.
That's remarkable considering all the websites I've seen presented their cookie (or miscellaneous consent) begging popups with a sole "agree, puny human!" option and nothing else - some of them quite literally covering the bottom third of the screen with no other way* to make them go away.
* ...unless of course you routinely use a pick-and-kill add-on like HackThis or uBlock Origin's "zap", which swats** them off the screen post haste - until you hit refresh or click on anything, when you have to start anew.
** ...unless it doesn't, because the element in question is somehow un-pickable / does not get detected at all; in which case selecting "Inspect object" from the context menu then "delete node" once you found it achieves the same thing. Yes, only until you click anything. Yes, I AM pissed, verily, thanks for asking.
As to Kaspersky, whilst they have rolled out a GDPR version I am presuming it will still be "total" rather than concurrant activations limited".
Not really a problem for most "home users" i.e. those that do not rebuild the OS regulary, as I do, to remove what the AV has missed and what the OS vendor have snuck in via backdoors. Needless to say this is Windows we are talking about as linux addresses their own security problems rather than having their customers rely upon third parties to have any protection.
When you hit Kaspersky's total activations limit then they demand that you send them a copy of the email their webstore sent, presumably so they can get your payment details even if you went via a third party seller.
If you bought retail or from another web store then they say "tough" we demand it, or you can't use your perfectly valid license.
So just having a compliant version for Europe is not enough when they still have a process that requires you to give up your privacy via coercion. For my part being asked for proof of purchase twice and only on the last time having them admit that this was the reason that the service was removed not that the license was suspect or had been used on more than one IP at a time was enough for me to now be looking elsewhere.
I am looking at the retail box now and if it has any notice of "total activations limitation" then I cannot see it.
Admittedly once I complained then they did reset the activation limit and apologised but ignored that my time had been wasted and that 4 of the 5 licenses were unusable whilst they dicked me around.
So whilst I agree that the US attack on the company was completely unreasonable so is Kaspersky's stealth policy on total activations as a way to collect personal information.
"So whilst I agree that the US attack on the company was completely unreasonable so is Kaspersky's stealth policy on total activations as a way to collect personal information."
If they don't have a EU office (and therefore EU regulators to whap them for this), then surely at that point you can invoke "unfit for the purpose that it was sold for" and go for a refund from the retailer?
Enough of those and Kaspersky will wish it was only the regulator spanking them.
"or they're simply blocking everyone from Europe..."
... a bit like the way a number of banks in Europe have started refusing to allow US citizens to hoild accounts with them (Similar reasons - US have banking reporting laws for accounts held by US citizens with huge potential fines so some banks have decided its not worht the risk having American customers - maybe websites outside teh EU will think the same about having EU custoemrs)
Unlike EU banks holding USA bank accounts being susceptable to large fines, USA entities holding any data about EU individuals _or preventing them from checking up on what data is held_ are susceptable for fines.
Unless the ChiTrib and friends have wholesale dumped all their EU data then blocking access at this point is an admission they've been breaching the law and they're now preventing EU citizens exercising their rights to verify data and demand deletion. (Hint: they haven't)
For 2 decades 2 companies with no ethics have been criminally invading privacy, merely apologizing after getting caught, and paying paltry fines (just the cost-of-doing business).... Now superstar lawyer Max Schrems is firing billion dollar sueballs on day one of GDPR... Sounds great! - But....
Schrems' fight is reminiscent of the fight against Big Tobacco in the 90's ('The Insider' 1999 movie)... Or Banksters post 2008. Look at the Volcker rule now, its getting watered down. So this is going to be an uphill battle for sure. Big-Tech lobby for the laws they want and own politicians. GDPR is a mere experiment, no one knows how the law will shake out...
The problem here is, Big Tech has a much greater end-game here. They can delay fines for years and keep appealing. We know that, so that wont change! Facebook / Google rely on the ignorance / laziness of people and lack of real choice in the market... Will that ever change... Who here even knows where this phrase comes from: 'We are the native people's now'....
GDPR is a mere experiment, no one knows how the law will shake out...
Hardly an experiment. It's EU law with the ECJ as ultimate arbiter. It's been drafted based on cases with non-EU companies, which is why fines can be turnover based. Previous ECJ judgments against non-EU companies have been upheld.
Seeing as how easy it is to persuade people that "they've nothing to hide" I don't see why companies aren't being smarter about this.
FB has been hassling me for at least a year or two couple of times a week about unread status peek, pokes or photo tags, I have a page because relatives, but I don't go near FB.
It is interesting to see who is still posting their life to it regularly. There's one relative I'm expecting to be caught up to no good in a public lavvy any day now, I'd expect that to be posted as worse have gone on there.
if Google and Facebook just decided to shut down stuff in Europe entirely for say 30 days.. that would be really interesting to see. Just leave a message on their websites that say something like "whoops give us some more time to make things GDPR compliant, in the meantime we can't let you use our services".
Are there european social networks that would explode over night? European web search engines? European Youtube? And what would happen when/if google/facebook turned stuff back on would the traffic come flooding back to them?
(I have never used facebook and my usage of google is quite minimal, I switched to bing as my search engine when I changed to Palemoon browser(Nov 24 2017), seems to do the job fine, though I still use google on firefox/android(minimal google usage there) -- I do use google maps though as bing maps really doesn't show much useful info, or maybe it's a browser compatibility issue with bing). My usage of youtube is quite minimal as well(I don't use any streaming services).
My switching to bing was really just an experiment, would I notice much by not using google, and I just haven't been bothered to change it away from bing since, I know there are other alternatives as well. I haven't had any cases where I felt I needed to go to google search to find something(that I could not find on bing search).
I doubt if there are replacement services that would pop up overnight. What there is, however, is plenty of people smart enough to create one, if Google/Facebook were rash enough to leave the market open for them.
"Cutting Europe off for a month" would also provide those potential rivals with all the boost they need. They could market themselves as both the patriotic choice and the prudent one, the one that wouldn't be cut off arbitrarily on the whim of some unaccountable American. They wouldn't need to get up and running in 30 days - after a PR gift like that, they could take a year or so and still claim huge slices of the market.
I'm pretty sure that creating an opportunity like that is not on Google's or Facebook's roadmap.
I really don't think that any other social network would be able to take over from Facebook without having the same issues as Facebook. Their business model is to provide your personal data to the highest bidder. How will any other network make money without charging the end user?
How will any other network make money without charging the end user?
They could still make plenty of money by being a lot less devious and prolific in the extent to which they pimp users' data. Most people will accept a "free, but we need to make money somehow" offer. Problem is that these corporations want limitless permissions and no transparency or accountability to users.
Take Facebookerburg. Pretax profit was more than half of total income. They've got no meaningful liabilities to service, so it isn't like they're recovering some vast capital investment. Which means they're just a leech sucking money from advertisers (by virtue of abusing users' data) and then hosing that to the crooks of Wall Street. No worthwhile risk, no talent or innovation, no effort, no ethics.
Are there european social networks that would explode over night?
I'm not sure there needs to be. Growth over the last couple of years has been in messengers, particularly WhatsApp, and fashion-darling Instagram. WhatsApp is currently limited by use of the Signal protocol as to what Facebook can mine it for, though that is changing, but there are numerous drop-in replacements. For YouTube there is Vimeo.
Basically, it would be bad business to let users find out that they can live quite well without the snooping.
If you'd like facebook to remove your shadow profile, yes.
There's a Catch-22 in this. You have to open a Facebook account to kill off the data slurpage or at least the data have on you up to that point. But, that might be changing.... doubtful though. Numbers of "users" (active or not) are their stock in trade.
Similarly if a friend, your spouse or family members use FB messenger - then 'they' have all your text messages, they know who you are, which FB profiles you interact with (via text message) etc etc.
You're not unaffected, they just have a slightly lower amount of your info than they do a regular FB user.
"Facebook derives most of its income from gathering as much personal information about people as possible, and then packaging those records to be useful for advertisers."
Incorrect. That's their marketing to advertisers.
The income comes from selling advertising space, not the illegal & abusive gathering of personal information. Same with Google.
Google last night on search: Agree our T&C or stop using ALL our services. Can be solved by deletion and blocking cookies.
It is true that their income comes from selling advertising space, but the value of that advertising space is created because it targets individuals based on their gathered personal information. If I am an advertiser, I am going to pay considerably more for an advert on a page of someone who fits my target demographic and has had conversations about my products with their friends, than for an advert on a page of a random individual.
> "Under the European law, companies are required to gain consent before they are allowed to use
> individuals' personal data"
> For crying out loud, has Kieren not read anything about GDPR?
In the context of this article which is referring to targeting advertising, which has to utilise data relating to EU data subjects in order to work, this is correct. Consent must have been gained before using that data for targeted advertising. A user should be "opted out" by default and just experience un-targeted ads. AFAIK Facebook doesn't do ads which aren't targeted, as that's it's USP.
I would dispute that the article relates specifically to target advertising, primarily on the grounds that it only mentions advertising once and processing data a lot. But that's by the by because...
I don't see anywhere in GDPR that requires consent for targeted marketing. See GDPR recital 47 “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.
People have a right to object - but that's an opt-out, not an opt-in. Or, as the ICO puts it:
"The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing You must tell individuals about their right to object. An individual can make an objection verbally or in writing. You have one calendar month to respond to an objection."
> Maybe a GDPR maven can answer this.
> Where would the law stand on FB (or whoever) charging
> money for non-slurped access? (This might or might not
> include also not getting served ads, or that could be an additional pricing tier.)
> Asking for a FriendFace...
GDPR is quite clear in that "consent" for data collection cannot be a condition of service. So they could charge for their service if they wish (assuming you're prepared to pay for it) but the issue of data collection remains the same. You could pay for a service but still legally allowed to opt-out of data collection.
Paying for a service which does not sling ads at you is something else entirely. GDPR does not cover ads and does not regulate on them. Some websites already offer users an ad free version of their service for a token annual subscription.
Biting the hand that feeds IT © 1998–2019