Maybe it's my unenlightened American perspective coming out here, but why is this a big deal?
You chose to use the Facebook service, you chose to provide this information to them, and you chose to agree to their terms of service.
Facebook isn't a government agency, it's a private organization that has persuaded people to give it armloads of data about themselves, and uses that for whatever completely legal purposes it so desires. It's not like they are taking out credit card applications or anything on behalf of these users.
What is it about this completely voluntary relationship that is so inherently evil? I really don't get the harsh kickbacks and complaints against things like "Facebook keeps records of pokes even if the user 'removes' them". So what? How is that something that is litigation or 'outcry' worthy?
How much of this data is just persistent in the system because they operate at a scale where data deletion or removal just cannot feasibly be accomplished[1]? Much like google - 'we dont delete anything'. Why should they legally or otherwise be required to verify something is actually deleted, instead of simply ensuring it's inaccessible in their system? Why is nobody complaining about NTFS or ext3/4 not actually zeroing out the file space when you delete something, and instead just 'marking it deleted' or 'removing the pointer in the inode'? How is that fundamentally any different at all?
Please, educate me, because I really don't get it.
You have to look beyond the law to what its purpose is - to prevent companies from exploiting your personal information, and to force them to tell you what data they hold. Facebook are exploiting your browser history, without telling you. And are refusing to even own up to it.
I don't believe that 99% of Facebook users would tick a box that said 'Please record every webpage I visit and store it for your own future use. I do not want access to, nor the right to remove, this data.' Voluntary or not, there's a right to at least see the data that anyone holds on you. Note that you don't have the right to remove data.
This is EXACTLY why data protection laws are there. At the time they were enacted it was largely credit reference agencies, public bodies and direct marketing businesses which were in the spotlight. Had they been written today they would be aimed firmly at Facebook, Google and Apple.
But if you, as a customer of those websites, agree to them knowing you are there, and they chose to share that with others, what right does the government have to prevent that?
Why is this not a 'just don't use the service if you don't like it' deal?
Credit bureaus are significantly different - you have literally no choice in that manner; Facebook isn't providing data to be used in that type of decision though. If some secret, 'I cant see it but they show my boss' data existed, and that was used when applying for a job or something, I could understand that perspective.
This, however, is no more than a guy standing outside a row of stores, taking notes during the day of what people go in what stores, and how big their bags are when they come out. Is that illegal in Europe as well?
Edit because I can't seem to reply to comments below:
That's fascinating. If even that sort of behavior is illegal in Europe, it makes the outcry against what Facebook is doing make more sense.
>But if you, as a customer of those websites, agree to them knowing you are there, and they chose to share that with others, what right does the government have to prevent that?
>Why is this not a 'just don't use the service if you don't like it' deal?
This philosophy goes both ways.
Facebook decided to do business in other countries and to do so they are bound to respect the laws of those countries. If they don't like those laws their are perfectly free to stop operating there and let other companies take their share of the market.
Some countries go further than these pan-European rules and for instance require you to delete the data on request.
Facebook having a Dublin subsidiary is going to hurt big time.
The reason why you can't respond to some comments is because of HNs anti flame-war measures, a cool-off period is active before a reply link appears. There are some tricks to get around that, I'm sure you'll be able to figure it out.
Yes. Usually, you cannot build a database (digital or paper) about people without their permission, and without allowing people to get access to their records, and allowing them to get their records deleted.
Then there are exceptions (e.g. you have implicit permission to build a database of the members of an association, or you have a contract with the person and what you record is "adequate"), or cases where you need to get an extra authorization from the data protection authority for example if what you record is sensitive (political affiliations, religious beliefs, sexual orientation, etc.).
> Yes. Usually, you cannot build a database (digital or paper) about people without their permission, and without allowing people to get access to their records, and allowing them to get their records deleted.
In Finland you also have to have a public "registry declaration" available that tells what data you gather and what you do with it. Though quite a lot of websites violate that law due to laziness.
Why is this not a 'just don't use the service if you don't
like it' deal?
Because people are ignorant/lazy/desperate and need to be protected against themselves. That's one of the things we want our governments to do: to protect us when we overlook something in the complex reality of our daily lives, without caring for why we overlooked it.
You can't sell yourself into slavery, you can't sell an organ and you can't sell the right to your private information without retaining the right to have that information disclosed to you. If you want to do business in the EU, be prepared to disclose any piece of data you have on a user, if he requests you to do so.
That's one of the things we want our governments to do: to protect us when we overlook something in the complex reality of our daily lives, without caring for why we overlooked it.
Maybe you want, I don't.
Facebook's complexity pales in comparison to the complexities of the government.
To respond to the last sentence : Yes, things like that can be illegal. As an example, in France it is forbidden to count the number of people who get in & out of a subway at a given station.
I guess it's really a strong difference of culture between Europe and America : laws are made in Europe to make sure that people should not have to make the effort of guessing if a company will mess with their data or not. The company has to make that effort.
> As an example, in France it is forbidden to count the
> number of people who get in & out of a subway at a given
> station.
That seems lame. That number is highly anonymous. How does a statement like "between 8am and 9am 250 people boarded the subway, and 130 people exited the subway" affect a person's privacy?
In July 2009, civil society groups opposed the implementation of intelligent advertising LCD screens in a Parisian subway station.[163] These screens not only broadcast messages but can also count the number of people passing by and measure the time spent looking at the screen thanks to a face scanning sensor. Since these actions, the French data protection Authority, the CNIL, has issued a report considering that this technology must take into consideration the data protection rights of individuals as provided under the Data Protection Law: individuals must receive proper notice and the devices must be notified to the CNIL.
European law tends to work on the assumption that it's up to the owner of a technology to show how it will safeguard against the abuse of it. Failure to do so in the past has had disastrous consequences in some parts of Europe.
And that was before large scale facerecognition software that could be employed to determine not only how many people are walking by the device but also who. Now doing this in real time with a large crowd is still not technically feasible but at some point we will probably cross that line.
Good to know there is at least one country where you'll be safe from that.
Good to know there is at least one country where you'll be safe from that.
Well, until it gets so cheap that there's no way to know whose glasses or contacts are recording and compiling information about you as part of their lifelog. This sort of thing is like the tide coming in: legislation against it can only ultimately be effective by severe restrictions on allowed technologies for the people of the country.
Well, until it gets so cheap there's no way to know whose glasses or jacket contains a gun capable of shooting you dead on the street. This sort of thing is like the tide coming in: legislation against it can only ultimately be effective by severe restriction on allowed technologies for the people of the country.
Substitute whatever anti-social mechanism you prefer.
The drone wars are coming: pilotless aircraft, possibly autonomous, from the size of a small car to the size of a gnat, with intel or lethal payloads.
Bioweapons or nukes. We've had suitcase nukes for a few decades, fortunately they haven't been used. Suitcase-sized conventional explosives are rather frequently deployed in some parts. Weaponized chemicals or biological agents are another option.
It's trivially possible to adulter drugs or drinks. Some of the oldest laws on the books deal with food and alcohol purity.
Having the technical capability to do something doesn't mean it must needs be accepted. Legal sanctions may be swimming upstream at times, but other norms (social, cultural, religions. technological) generally help keep us from tearing one another to pieces, most of the time.
I certainly suspect that most people make a distinction between shooting someone, and videotaping someone. This leads me to believe that surreptitious surveillance would be a far more widespread problem than random shootings.
If the <i>use</i> of any of that data -- for profiling, legal process, advertising, contact, etc. -- is prohibited, and the action of performing the surveillance exposes the entity to plausible legal consequences and/or obligations (notification, deletion requests, etc.), then its practice will be limited. Undisclosed phone recording in some states, for example (not admissible in legal processes, a violation of law of itself, etc.).
Much crime is economically motivated (not all, but much). Part of criminal theory revolves around making crime more expensive (to greater or lesser success, depending). There's an economic study of criminal activity as well.
Businesses tend not to undertake activities for which there isn't a net economic benefit. Shareholder obligations and all that. So yes, with an appropriate legal framework in place, it's quite likely that incentives for engaging in certain behaviors will be limited.
Undisclosed phone recording in some states, for example (not admissible in legal processes, a violation of law of itself, etc.).
Laws like this are a legacy of a time before it was easier to just record everything that happens to a person or in an area than to make decisions about what to record. We're still in the tail end of that era, but only just.
Much crime is economically motivated (not all, but much).
It's estimated that the average American commits three felonies a day (but if you start thinking about this topic and the people around you, it will escalate sharply, since failure to report a felony you know about is itself a felony...). Given this, I think we can safely say that the vast majority of crime in the US is completely incidental and unknowingly committed. Even if laws about recording other people (like police and audio callers) remain on the books, the ubiquity and silence of continuous recording will mean that it falls into the list of things that people do all the time that the state technically bans.
Hm. This comment reads like something straight out of an SF novel and yet I can't shake the feeling that it is just around the corner. Interesting times indeed. Thank you for opening my eyes a bit further. Gargoyles seemed like a fun thing when Neal Stephenson wrote about it and Steve Mann (http://en.wikipedia.org/wiki/Steve_Mann) was experimenting in that direction.
I never expected it to possibly hit the mainstream this quickly though, and especially not with some of the possibilities that you are hinting at.
Sure, lots of easy things are illegal. But people and corporations have incentives to keep legal even when it would be very easy to commit the crime anyways. Enforcement has the job of catching people that are committing easy crimes, and discouraging them from doing so in the first place.
If it's lame, then someone who wants to count must instead throw up his hands in exasperation as they obey the law and don't count.
Until a few years ago it was illegal to sell liquor on Sunday in Colorado. That was lame, but I never saw a liquor store open on Sunday. If any did, they'd probably get fairly good public support and letters to the editor in favor, but they would still lose their liquor license.
I was criticizing the law (or at least an example of how a law is being applied) that you used as an example, because it seems to be that it goes far beyond just protecting personal privacy.
You seem to be stating in response that the law must be followed while it is in place. I'm unsure what your driving point is as I wasn't even advocating civil disobedience of said law.
"Why is this not a 'just don't use the service if you don't like it' deal?"
Because that's the law in Europe (according to the complainer). It doesn't matter that you're free to not use the service, the law says that if you do use it you have certain rights.
You're free to not use any service anywhere in the world. But if you do use a service in some jurisdiction, that service is subject to the law in that jurisdiction.
Facebook, being Big Boys (TM), must follow the law of the land. If they do business in Europe, that law (it seems) will be more favorable to consumers than they're used to here. Tough.
Personally, I think they'll get away with it. Corporations are becoming their own law. Facebook may have made that calculation too.
Get away with it? I doubt it. The EU digital agenda states, among others:
"The right to privacy and to the protection of personal data are fundamental rights in the EU which must be – also online - effectively enforced using the widest range of means: from the wide application of the principle of "Privacy by Design" in the relevant ICT technologies, to dissuasive sanctions wherever necessary."
No, such anonymous data is not restricted by the laws Max Schrem is invoking. The scope of the European Data Protection Directive is limited to personal data, and it explicitly says "the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable."
you don't get it, right? You already ARE a customer even BEFORE you agree to something which they don't abide. They use YOU even if you don't like it ..
No, if they don't abide by the laws, their purposes are not completely legal. Just like you cannot completely voluntarily sell yourself into slavery under US law, there are certain inalienable rights that cannot be given up under european law, and control over your personal data is one of them. That is the point of it.
Particularly those parts in which certain large information business organizations were subject to hostile takeovers, rendering prior understandings of data acquisition and use obsolete.
I'm thinking in particular of, say, the German Bundesrepublic and Vichy France. Though you might argue that the former was sanctioned by democratic processes, I suspect even you would be hard pressed to say the same of the latter.
If nothing else, it'll keep you off HN for a few hours, which would be a net benefit for the rest of us. With a low p-value, you might actually accumulate a few drams of wisdom.
I think taking the discussion to rights is just a bad idea in the first place. Stick with what's in the law, and argue morality without appealing to rights.
The rights are in European law. They're called 'fundamental rights' and are quite explicit. EU citizens have a lot of individual constitutional rights that Americans do not. They're fundamental because they can't be signed or bargained away, and the reason for that is to reduce the inventive of firms or governments to employ trickery to that end.
I really wonder how much of that is because the EU is made up of many countries and these countries want to protect their own. It's kind of similar to how the breach disclosure rules are significantly different from state to state.
The other thing that I wonder is how much of the US not having the strict laws is due to Corporate Personhood. I honestly don't know, I'm just throwing it out there.
On corporate personhood - not a big favtor as far as I know. It exists in a lot of European countries much as it does here. A lot of the EU rights are rooted in the social contract ideas of Rousseau and the like, tempered by experience of war, the iron curtain and so on.
The crux of the issue as far as I see it is that Facebook aren't exactly being open and transparent about the data that they're holding on you, or how it's being used. If you don't know that, there's no tradeoff being made. And in a lot of cases, there's data being gathered about people who haven't opted in.
Seriously, read through the list of complaints:
Shadow Profiles Facebook is collecting data about people without their knowledge. This information is used to substitute existing profiles and to create profiles of non-users.
Messages Messages (incl. Chat-Messages) are stored by Facebook even after the user “deleted” them. This means that all direct communication on Facebook can never be deleted.
Data Security In its terms, Facebook says that it does not guarantee any level of data security.
Applications Applications of “friends” can access data of the user. There is no guarantee that these applications are following European privacy standards.
I mean, really? None of these give you any pause for thought whatsoever?
Messages: This is the implementation issue and one of rights anyway. If I send a message to a friend, what right do I have to delete it from their in-box or sent items if they save a copy of it? The deletion is a view deletion, not a physical deletion. A large number of deletes work this way (at least initially they go to an archive and then are either time removed or can be manually removed).
Data Security: Anyone who says your data secure is bluffing. Your data is never secure, and people need to stop thinking it is. It's out there. Backups, in transit, in DB, on file system. There is going to be whole. Think about it. Encrypted backups - they are never updated and eventually that encryption is going to be easy to crack. FB could be taking the answer to the extreme, but it is actually a smart answer.
Applications: FB doesn't develop them. It would be similar to MS guaranteeing apps written by third parties. It can't do it. Apple can't even do it. Linux doesn't do it.
FB has it's issues. It's constant update of privacy and not letting the user to choose to expose what data they want. But this is no different than any other system thrown out there.
FB isn't the only one creating shadow profiles (how many tracking websites are out there that companies use to determine site usage). Do you think they are really being transparent? Don't you think the shadow companies could build a shadow profile if they wanted to?
My issues with FB is that when they release new features or alter settings ability they make it the least secure possible.
If they are violating the laws, then they need to be reprimanded for it. But this just has the feel of the MS monopoly issue. Where people are only going after them because they are so big when others are out there doing it as well.
Those "completely legal purposes" are only "completely legal" in the US. In the US, the owners of the computer own the data about yourself [1]. In Europe, the data protection acts go the opposite: you own the data about yourself. Furthermore, in Europe, data collection about people has to fall under certain legally sanctioned reasons [2].
Notes:
1 - this can cause surprises when companies go bankrupt and the bankruptcy courts allow the sale of the data (about you) to proceed without your knowledge or consent. It is very rare for you to be notified (such as in the current Borders bankruptcy), or the privacy policies of the dearly departed company to be honored by the courts.
2 - Just because you are willing to give the data to me does not necessarily make it legal.
Because EU citizens have a legal right to privacy; in the EU, your personal data belongs to you, and this ownership cannot simply be waived contractually.
From the EU charter of fundamental rights, which has constitutional force: Protection of personal data
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority
I wouldn't bet on Facebook in this case. you will see more of this, since most people in the EU speak English and are avid consumers of broadband, but are not especially sympathetic to the American philosophy of contract law.
As far as I can see, there is not much risk involved in asking Facebook/Google/Dropbox/Yahoo/Microsoft/Whatever to give you "your" data, as per European law. Then look at it and see what is wrong with it. Then file a complaint.
What can they do? It's the law.
Then make the thing public, disclose all your communication with your target, post the story to Hacker News and Reddit, maybe even get picked up by some important blogger or newspaper. Would look good on your resume to fight Google, wouldn't it?
It would look good to be hired for that purpose, and win. Litigious lawyers can easily end up looking petulant, though; if the complaint is trivial or frivolous, the lawyer in question risks being regarded as a bottom feeder. It's better to bring something new to the table, like a winning argument that hasn't been employed before. Of course, I may not be so idealistic in a few years' time :-)
I'm honestly unclear about this: Does Facebook actually have any operations in the EU, or does it merely not ban Europeans from accessing its servers in America?
Users signing up in Europe will form a contract with Facebook Ireland Limited, who are registered and operate under EU law. It's not just a legal entity either, there's a pretty sizable engineering and support presence.
Ireland isn't the tax haven, although it has a very low corporate tax rate of 12.5 %. They are in Ireland to channel cash to tax havens, such as Bermuda and the Cayman Islands, using the 'double Irish' and 'Dutch sandwich' tax avoidance techniques
Ireland also has a lot of high tech companies. If you watch the video you'll see they have several floors of staff, not just a brass plate. It's possible Facebook et al. are in Ireland for more than the tax breaks.
Dublin, Hamburg, London, Madrid, Milan, Paris, Stockholm.
Even if they didn't actually have physical offices in Europe, there are any number of situations in which Facebook may end up subjecting itself to some European laws. Consider:
* Taking advertising from European companies.
* Partnering with European developers on its platform.
* Using the services of European companies (datacenters, bandwidth, marketing...).
* Employing European employees, whether as ordinary employees or contractors.
* Attempting to enforce trademarks or copyrights in Europe.
In addition, if they wish European corporations to use Facebook to communicate with their customers, they need to not do anything that would expose those corporations to potential liability under European law.
There are a half-billion people in EU territory. They are on average relatively well-educated and wealthy consumers. That'd be one hell of a market to cut yourself off from financially.
>I really don't get the harsh kickbacks and complaints against things like "Facebook keeps records of pokes even if the user 'removes' them". So what? How is that something that is litigation or 'outcry' worthy?
Under US contract law, misrepresentation is sufficient cause to rescind an otherwise binding contract. The contract users enter into with Facebook is to accept their terms of service in exchange for being provided with a certain service. If the user can make a case that the service was misadvertised, e.g. by promising a "delete poke" functionality that was not, in fact, provided as expected, then this can be construed as a breach of contract on Facebook's part.
Misrepresentation is similar to neglect in that it's typically necessary for lawyers to argue and juries to decide. In this actual case, to repeat count's analogy, why aren't filesystem users complaining that their deleted data isn't "really deleted" (ignoring that such FS software is probably a no-warranty thing)? I've had to recover rm'd data a number of times myself. I don't think "deletion" has ever meant an expectation of "completely wipe out any traces of" in the digital world. I wouldn't put it past a lawyer to be able to convince a jury otherwise though, but it'd set a dangerous precedent.
In a filesystem, the data isn't scrubbed but it's marked as space that can be overwritten. While the completely removal doesn't happen at once, it's slated for complete removal at some undetermined time in the future. In the case of Facebook, they are making a conscious decision that they do not want this data to ever disappear. I doubt very much that there are policies to remove data marked as 'deleted' after a set time period, or plans to implement something like that in the future. They keep the data around because it is still useful to them, even though it is no longer useful to the user.
And besides that, it is not the manufacturer of the filesystem that is in control, but the person that installed it, likely the same person that is deleting the files.
For web based services the rules change dramatically, because you are no longer in control of the data. Because the past has shown that companies seem to have a hard time to play nice with the data they store on behalf of their unsuspecting users there now is in some parts of the world a government entity tasked with precisely that: making sure that users right with respect to their data are respected.
If you don't like the way your filesystem deletes the data you can always cut up the platters.
Above and beyond that, any non-trivial web architecture is going to involve multiple tiers of data and caching.
A given text object will exist in the primary database, in its replicas or clusters, and in backups. If the outfit is at all legitimate, multiple backups representing frequent points in time, stored in multiple locations.
A binary object (say an image, video, or audio file) may exist in its originally uploaded format, several variants of different size, resolution, sampling rate, etc., and is often served through some sort of a content distribution network (CDN), which will have its own content management interface. Some of these are surprisingly primitive -- web-based forms in which a few score objects might be entered at a time, if you're lucky. Even script-driven purge methods are frequently limited as to the number of objects which can be included in a single request, and the number of outstanding requests which may be pending.
Given the large numbers of individual objects, scaling variations, redundancy, etc., deletion overhead can easily scale to tens to hundreds of millions of objects in a relatively short period of time (days to weeks). Dealing with all of this is fairly non-trivial. Especially if the site architecture didn't take these needs into consideration.
To Facebook's benefit, of course. I'm sure that Facebook would never think of using any user data flagged as 'deleted' in any sort of data mining...
Facebook also has no incentive to spend the time to figure how to do deletions because the data is valuable to them. Why would they spent time and effort to make it possible to lose this valuable data?
But if you delete something from the primary database, then I would assume it will eventually get deleted from others too. While it might never be intentionally deleted from backups, the backups will be overwritten with newer ones eventually.
(I'm talking about facebook here, not about the web in general)
That depends on how the databases are architected and tiered.
If they're proper slaves / replications of one another, then yes.
If, as is commonly the case especially for marketing data, periodic cuts or dumps of the data are made at various points in time, and there's no mechanism for propagating deletions throughout the chain, then no, you're not assured of deletion. This isn't likely to be the case for a site's primary database, but could very well be the case for derived datasets. I can think of instances with, say, credit bureau reports in which erroneous data must be repeatedly deleted because it keeps getting re-injected into the system.
To what extent is this just a property of Paxos that lacking delete synchronicity can cause data unavailability or differing levels of data availability? Moreover, how would affect the Paxos read/write synchronicity? Would you have to disable read caching on the geographic layer?
I'm sorry but this seems like a huge ignorance on the part of you on how DSes are designed. These issues are important.
Data creation is possible and easy, especially in append only filesystems. Data updates can be done immutably by doing creates and rewriting the pointer structure, which obviously destroys cache fetch for highwater mark objects but doesn't affect cache marks for global id'd objects.
Have you actually read the Paxos papers and the rest of the literature on this?
It's not the same thing, I believe. When an OS deletes a file, it's actually deleted as far as the OS is concerned (thus they do make a best effort). When FB "deletes" something, they only make it unavailable to you, but they retain the option of using it themselves.
That's a good point, actually. Do we know for a fact if FB keeps the data available for use in their own algorithms/processes, even if they don't allow it's display?
Bullshit, it is not "completely voluntary". When everyone is using a communication service and there is no alternative. They claim to have a billion users.
Short it is a monopoly, they have a lot of power and when you start to abuse it, like forcing users to accept your unfair terms of service, the government comes into play.
I never heard that Google doesn't remove stuff when you remove them inside your service. They advertise the huge space on Gmail by "never have to delete anything", that is completely different.
> Why is nobody complaining about NTFS or ext3/4 not actually zeroing out the file space?
It is 100% completely voluntary. Nobody is forcing you to use Facebook. It is not even remotely close to the only communication service. I don't personally use Facebook and have no problem leading an active social and business life. Sure, a large portion of my friends use Facebook, but they also make phone calls, send text messages, email (through multiple different services), LinkedIn, Flickr, etc etc etc.
So how does Facebook have no alternatives?
If you don't like the product, or you don't like the way its run, or you don't like the way it handles your data, or you don't like the color of the log in button, then its simple. Don't use it.
As the original poster said, it is a private organization, and therefore you have a choice. This isn't social security, this isn't taxes. I can (and don't) use Facebook, but much to my dismay, I still pay my outrageous taxes.
This weeks' Monopoly is last weeks' MySpace when users choose to go elsewhere.
Perhaps true in the US but not so in Europe. My 16-year old cousin in Denmark (the worlds most FB connected country in the world, 3M users out of 5M population) told me that it's basically impossible to have a social life without being on Facebook (at her age).
Facebook also caters very much to US culture. E.g. In middle school and high school you move between different classrooms so you make lots of different friends that way. In Denmark you sit with the same 20-30 kids every day for 10 years. It's a very different type of social conditioning.
So - if you're the outlier in the class who isn't connected and the party invites go out on FB, guess what? You have volunteered to get ostracized.
I see where your cousin is coming from by thinking that if she isn't on Facebook, she's ostracized, however people tell me the same thing when trying to get me to sign up.
Thankfully, since I never actively used any social networks as a kid, they never became a crutch for me, and any time there's a party worth going to, I'll know about it either through text, a call, or (what most kids seem to avoid these days) face to face social interactions with my friends.
Of course, signing up for Facebook is completely voluntary in a legal sense. No-one can strong-arm you into creating an account.
My point is that social pressure can often make people do things that they don't really want to do. And sadly, many people do not have the courage to stand up to their peers and tell them no.
It's more common in US culture to do that, and largely encouraged by US societal norms, but that isn't always the case in other cultures. This is based on my experience growing up outside of the US (and also spending time in high school and college in the US).
You are not using it?
This is maybe the reason why you don't understand this.
For most people like me it is a tool to communicate to over 150 people and they expect me to have it. With most of them i can't communicate with mail any more.
Facebook himself says it's Messaging is replacing Mail for young people, now they have to act responsible about it.
It is like a telephone number you give to all your friends and someone says "Hey when you don't like something about it, just don't use it". You are invested in these things, it is not that easy.
>You are invested in these things, it is not that easy.
By analogy with predatory lending, i'd name it predatory social network lock-in. Hook 'em while they're young, while they don't know any better and while they not able to analyze consequences, ie. while they not able to make an informed decision.
> You are not using it? This is maybe the reason why you don't understand this.
Is this not word for word what a drug addict says to somebody who's clean?
I've used social networks and found all they did was replace real life social interaction with fake, scrubbed online interactions. I was never one of those "DELETE YOUR FACEBOOK PROFILE AND RUN" fad followers, I just found that I was able to get by and communicate just fine without it.
I remember a while back when there was some commotion about Google not necessarily deleting your emails even when you delete them off Gmail. What they did was they kept your email for an amount of time for ad purposes.
Just did some research while writing this post and it seems that Google changed their ToC for Gmail from deleting emails within 60 days of being deleted by the user to "make reasonable efforts to remove deleted information from our systems as quickly as is practical".
Though the hacker who attacked his wife's account deleted all mail, Google were able to restore the messages -- first the current year's mails, and eventually the full history of the account.
This implies that, though deleted, the data persisted on Google's systems. This is actually a really good system design (most data destruction is accidental deletion by a user, not hacking, and a robust recovery system is a feature). It does raise certain troubling questions, and it would behoove Google (and any other SAAS service provider) to establish a clear policy as to what the grace period during which deleted data may be recovered is.
I've had my own experience where, shall we say, legal obligations made it expedient to remove certain content from our systems. Use of a CDN and extensive caching means that there's no longer a single point of existence for any given piece of data, and explicitly flushing large volumes of content from our systems was, if not horrendously complex at least non-trivial.
EULAs are not intended to be properly read. Every $BIGNAME has a lengthy EULA, to the point where it's just a click-through. No reasonable person can be expected to read every tech EULA, let alone understand all its provisions.
Even then, whenever EULAs get updated, rare is the company that highlights the change - most expect you to reread and figure out the difference for yourself. You also have no choice but to agree or lose your existing body of work - it's a unilateral license change, not a mutual change of contract terms.
The whole "but you voluntarily agreed to their terms!" concept is a canard which disguises how obfuscatory and misdirectional the EULA process is. It's the difference between "consent" and "informed consent", which is significant.
example: my favourite EULA to date was one in a Windows OS installer, which weighed in at 3000 words... which you could only read in a box four lines high.
Still, it doesn't beat the 'voluntary' license where you can't read the license until you unseal the box, but unsealing the box indicates you agree with the license.
As far as I know, those unwrapping-consent EULAs are not legal (at least in Europe).
And I seem to remember that some court in some county decided that EULAs in general are not legally binding (to consumers at least) any more since no one can be reasonably expected to read them.
Through Like button and widgets FB also tracks people who are not their users and never consented to that in any form. Does this sound OK too from your "unenlightened American perspective"?
Arguably this lies outside of the complain ___domain, but it does
relate directly to the "not a big deal" stance. I find it
*shocking* that people accept it as a perfect norm what would
never fly in a physical world.
How many business owners wouldn't mind a post office retaining
a copy of their every mail? And furthermore using it to better
the type of junk mail being sent to the company.
Or how many regular folks would be OK with their alumni club
installing surveillance cameras in public and private places
to track their movement? Still not a big deal, eh?
Why do then things change when the very same businesses and people go online?
a) Facebook is creating shadow profiles of people who don't use it and definitely in no was agreed to that.
b) Same thing with EULA's that go "too far" and other things. Countries make laws to decide what is reasonable. Same with the work force. Thankfully there are things like minimum wage laws that prevent people from getting work for next to no money etc. Sometimes things need regulation.
c) Especially with regards to the part about holding onto "deleted data" it means once something is on facebook you can never get rid of it. It has a chance of getting leaked or hacked/stolen or requested by the government etc. Also there are laws about what data can be used about you opt ins and opt outs for people's safety which facebook may be violating
"What is it about this completely voluntary relationship that is so inherently evil?"
I'm not going to argue it's inherently evil but,
You are right that the service is completely voluntary. However, the opportunity cost associated with not having a Facebook account has been rising by virtue of the network effect and 3rd party services requiring a Facebook account to access functionality.
The fear is: as (if) Facebook becomes more and more a part of society, the cost of not having a Facebook account becomes high enough to make it practically compulsory to have a Facebook account. And if at this point Facebook acts as it does now, well then it's time to start worrying.
Picking up a hoe and tilling a field is completely voluntary, so why did slaves choose to do so? Because not doing so was too costly.
Duress is not voluntary. If it's impossible to get by without a Facebook account, then that's just a less violent form of duress. Lots of ostensibly voluntary transactions between free agents are actually quite duressed.
>You chose to use the Facebook service, you chose to provide this information to them, and you chose to agree to their terms of service. Please, educate me, because I really don't get it.
This isn't right for two reasons:
1. Under EU law there are certain rights that you can not sign away in a contract. They are yours and you keep them no matter what any bit of paper or click-through license says. This might seem disingenuous, signing to say you'll give them something but not doing so, but the law is actually the other way around: they should not be asking you to sign that right away in the first place.
2. It would seem that facebook are not only tracking people who sign-up. See http://yro.slashdot.org/story/11/10/18/1429223/facebook-is-b... (or search for "facebook shadow profiles"). This is most definitely against the data protection act in the UK, and they haven't even asked those people to sign away the right to not have that data stored unnecessarily.
Although I agree with the basic principle that if you don't like what Facebook does, the best course of action is to not use Facebook, the argument that, in essence, a private company is free to do whatever it wants is absurd.
What Facebook is doing is illegal in the EU (or at least, its legality is in dispute).
Whether or not you agree with those regulations or think they are absurd is another matter entirely, and quite irrelevant, since you don't make the laws and can't even vote for the people who make them (because you're from a different part of the world).
Part of the complaint is that even those who don't use Facebook or opt in to its terms (like me) are still publicly tagged in photos (without my consent) and tracked across the internet (through "like" buttons).
So while I agree, simply avoiding Facebook doesn't solve the problem.
Primary example: the Like button. Even when I'm not logged into Facebook the button tracks where I go. I never checked a box to have the like button shown to me.
Also, agreeing to use a website does NOT give the website the ability to break the law. Otherwise, we could have drug-trafficking sites completely in the open with a box saying "By checking this box, you understand that we sell extremely illegal drugs, and that you will not take any action against this site."
Sure. That's why he suggested blocking the Facebook ___domain. I have a Facebook account that I use regularly, so I block the Like buttons with Ghostery.
I agree. But Facebook isn't the only offender here; 3rd parties are also tracking your movements. The problem won't go away when Facebook relents; users are always going to have to defend themselves.
Spying on people is still evil if it is a government institution or a private one.
Zuck: They "trust me"
Zuck: Dumb fucks
People don't choose to be tracked on other websites by facebook. People don't even read the terms service. Most people just want to read what their friends write, and look at pictures of cats.
It's very easy. All countries (except Somalia) regulate their markets. For example in the US if there are more than 500 investors in your company you are required to disclose certain information (I read about that regarding Facebook: http://dealbook.nytimes.com/2011/01/03/facebook-and-the-500-...)
In the EU companies are required to disclose data about individuals to those individuals.
In both cases what happened was that policymakers tried to work against a (potential) market failure they (fore)saw.
>All countries (except Somalia) regulate their markets.
if you know anybody who's worked in Somalia, you'd know about regulations there. It is just a little bit faster and less traditional when cease-and-desist is delivered using AK-47, and regulations change frequently as one "General" is replaced by another.
>Why is nobody complaining about NTFS or ext3/4 not actually zeroing out the file space when you delete something, and instead just 'marking it deleted' or 'removing the pointer in the inode'?
you have obviously never dealt with DoD or anybody close to it or even just with a serious enterprise/bank.
Actually, I have.
Shredding, NIST, the whole nine. Facebook isn't protecting classified nuclear secrets, or the keys to the financial kingdom, it's protecting pictures of cats and drunk college parties. And outside of a few special places, such as the DoD, NOBODY CARES about the file system issues.
the kind that can prevent you from getting that job you want 15 years afterwards? Facebook may be a private company, but would you want them (or anyone) disgorging all their data on you that they've ever had in response to a government subpoena - for a background check or a security clearance, for example?
What this all information is gathered for? One of main known goals is "personalized shopping experience" in marketing speak. For some people to be presented while shopping with prices 50% higher than they would be otherwise just because analysis of the information gathered about them would show that they would buy at this price would be equivalent to losing the keys to their personal financial kingdom.
For one thing you are wrong to assume they are completely legal. Big companies with big legal departments regularly make mistakes... its human nature, but I think with big businesses the problem is exaggerated by the implicit assumption that they must be legal if they are big.
Now the fact that they collect this data and people voluntarily agree to it is precisely the evil part. People agree without realising what they are agreeing to. There is a more general problem here which isn't Facebook though - its that EULAs and fine print are given legal weight when nobody reads them and this is common knowledge.
Now... to tie this altogether I never realised Facebook would store my deleted messages that might have been in the agreement I "made" with them when I ticked that check box and pressed okay years ago. Now, flagging for deletion is fine, in their case though it costs them expensive storage space - maybe its cheaper than the processor time to delete things - either way its irrelevant because they shouldn't do this because the Data Protection Act says that information should be kept for no longer than is necessary.
I don't know if they have any need to comply with UK/EU law to allow accounts for people who live here - I don't think they do, but I would hope US law has something similar...
Facebook break the law, there's no opt out. Just like they can't opt out of sending you the complete collection of personal information they hold (for a nominal fee). Poor Facebook '-(
Essentially, the problem is that these voluntary relationships become not-so-voluntary as the privacy-compromising tools become more necessary to participate in society.
Yes, I pretty much agree with this. I am sure many IT companies could technically be in trouble with the Data Protection Act in the UK alone for very similar breaches as Facebook and I am sure many companies would not even be able to provide a CD containing a nice break down of all data about a user (even though they are legally obliged to do so).
However, I find it interesting why people get paranoid about the mindless jibber-jabber on facebook compared to the immense and more presice data google stores about individuals... and I imagine getting a CD out of google would be far harder than from facebook (by the looks of things).
Google are clever by being 'open' and allowing people to download 'some' of the data they hold about peoeple, but I am sure they would be as reluctant as facebook to make everything accesible.
Where do you draw the line? ISP's aren't government agencies, either; should we stop going on the internet altogether? Neither are telephone companies. Should we abandon the telephone?
And were they government agencies, would the privacy concerns just have dissipated?
I think what it boils down to is: what is a right and what is a privilege? Is it that Facebook is a privilege, but my privacy remains my right?
Is there anything to 'right' and 'privilege' beyond legal context?
Your first problem is "completely legal" -- you seem to assume that American law is controlling. Unfortunately, legal is place sensitive.
In order to do business in the EU you generally have to comply with their laws. One of the privileges the EU generally grants their citizens is that companies must, on demand, produce all data they store about that person. Why should this be true? Because EU citizens living in democracies want it to be so.
If fb doesn't like it they are free to not do business there. Otherwise, they have to comply.
There are a few comments here questioning why it's really important to actually delete data. This is a serious issue for a few different reasons. If I believe that I've deleted something, then there should be no way for anyone to retrieve the information -- I no longer have to worry about security breaches at Facebook (internally or externally), Government warrants, or Facebook accidentally reinstating the information.
As for the idea that Facebook is to big to effectively delete information, that's unacceptable. If you're that big and you can't figure out a way of routinely deleting data then you need to find a way of collecting more data or making your data easier to delete, or not giving the user the 'delete' option. There are a number of alternate verbs which describe the process they are going through, none of which are as clear or commonly understood as 'delete', but which are more accurate. 'Hide' and 'make data invisible' come to mind.
I don't have as much of a problem with the saving of messages which others will also read, but on deleting a Facebook account, this could be handled more gracefully if the user wishes. This is a more difficult problem to solve, which would require Facebook itself to store messages with under the covers public key cryptography which sounds like the type of thing they wouldn't do.
Facebook could make data removable by users if they engineered their site to allow that. The problem is that they haven't, and it appears they've in fact done the opposite. We need data protection laws like this to put the onus on the service providers to make giving users control of their data a priority.
Deleting data in a complicated system is not at all a trivial task as data integrity can easily be impacted. So Facebook's excuse that they can't delete data at their scale is probably not just PR speak. For them there is no downside to keeping data besides a minority of their userbase complaining. Meanwhile the downside to deleting data is potentially huge and a mistake would be nonrecoverable. I wouldn't expect them to start deleting data anytime soon unless legally required to do so. I do agree that the verbage used on their site should more accurately reflect the actions occuring on their backend.
I agree that deleting data is probably difficult from a data integrity standpoint. However, unless being able to delete data is made a priority the situation is not going to improve. It's a more general problem and certainly not specific to Facebook but unless there is some motivator I don't think a whole lot of engineering effort is going to be put in to it by anyone.
From a technology standpoint it seems it's more desirable to just keep throwing storage at the problem and spend time working on ways to store and manage even more data. Data is valuable after all, so the incentive is there to accumulate and process as much of it as possible. That's exactly why we need some form of external stimulus (eg: laws) to force people to work on the problem of how can we be getting rid of data when we need to without breaking everything.
Also for every user who complained that Facebook doesn't delete data, there will be thousands of users who complain that Facebook will not be able to restore accidentally deleted data.
I really hope that nobody here is actually surprised that that is the true purpose of the 'like' button.
After all, the users get just about nothing out of it, if you like something that much an email will do just as well (to the select number of people that you think your liking a particular subject will appeal to).
The main winners are the publishers (they hope for some more traffic) and facebook (by extending your profile, not just by being able to count the 'likes' but also by the lesser value of those sites that you simply visit).
Like buttons and other third party javascript are a huge vector for privacy violations, basically any website that places any kind of third party javascript on their pages is giving full control over the privacy of their users to the party that hosts the javascript component.
If that party also happens to host a service that a large number of people have signed up for at some point in the past, and that they are possibly signed in to right this minute the potential for abuse is staggering.
"So many people applied for their own CDs that Facebook had to send out an email indicating it was unable to comply with the requirement that it provide the information within a 40 day period."
Has Facebook considered using benefits of modern technology and delivering the requested info electronically by, for example, setting up a web site where users could access/browse/download the requested info and may be even let some other users, like their friends, to access the info as well?
This is a standard customer service trick - externalize the cost (time) and minimize business losses (disclosure of data). Make an action difficult enough to discourage more casual users but stay within the legal limit.
This is why checks take up to 14 business days to clear (to make a quick buck in those days), why you have to wait 30 minutes on hold "for the next available representative" (to discourage you calling in), and why most rebates are mail-in (in hopes that you will forget).
I seem to recall (although perhaps folklore) that the GPL condition "[...] by the Corresponding Source fixed on a durable physical medium customarily used for software interchange." was a response to someone trying to get away with offering the source as hundreds or thousands of printed pages to discourage people
Hack, look how difficult Facebook makes it to delete your account. When I deleted mine a while ago, I only found the link to do it after finally searching their online help (it wasn't in the account management section), and even then there was a waiting period before it actually deleted.
Of course, in light of reading about this, I sometimes wonder if Facebook really deleted the information contained in my old account.
There is a cool German word for companies like Facebook or Google, which collect mounds of information about their users:
Datenkrake : http://de.wikipedia.org/wiki/Datenkrake
The German word for octopus is indeed "Kraken", and looking at the pictures in the article linked by the GP, I'd bet on the former, rather than the latter.
There's a cultural connotation to the octopus: its tentacles reach everywhere. So, a likely translation for "Datenkrake" would be something like "data umbrella". We could also try "Big Data", in reference to "Big Pharma".
I think there’s a few points here and although some replies have very valid points others completely stray from the issues that "Europe vs facebook" is making.
1. Facebook has bases, and operates, in Europe. Thus they MUST abide by our data laws. This means that, under our European laws they MUST supply ALL information they have on people. Currently this is not being done and as such they are breaking the law by not providing ALL information they hold on people. If they want to have HQ's in Europe and want Europeans to use their service they must abide by our laws, this is regardless if we as a user decide to sign up or not. These laws cannot at anytime be waived REGARDLESS if it is indeed us as Europeans deciding to use their service.
2. Quite simply, if they offer the option of "deleting" posts/likes/mails, then they should do just that, delete it. Anything other than this and they are quite blatantly misleading users.
3. They SHOULD NOT be gathering information on ANYONE who does not use their service. This is not legal and should not be allowed to happen. The old saying "knowledge is power" comes to mind, but these "big corporations" should not be able to gather data on people who have no connection what-so-ever to their company/services. Britain recently has been rocked by such scandals as phone hack etc aswell as the big argument about Google cars collecting data from wireless networks that they were not authorised to do so from. Is facebook gather information on people who have no connection to them any different from hacking someone’s phone and listening to their messages? Or any different from a Google car passing your home and gathering information for your wireless network? My opinion is that it isnt any different. New of the world have had to pay out massive amount of compensation to the people who could prove that their phones were hacked. It is a breach of privacy and more importantly, THE LAW. Google also had to agree to delete all information gathered by its Google cars as this was deemed to be illegally collected.
Facebook should be made to adhere to our laws if they wish to be present in our countries. Thus they should be made to supply ALL information held on people who make subject access requests, they should delete all e mails/post/likes that have been deleted by the original (or any recipicants) and should also delete ALL information they have gained about people who no longer/have never used their service.
I joined facebook when it first came out as would say i was pretty young and naive, I didnt read all the agreements etc and certainly didn’t know what I was signing myself up for (alot of which has not came out until recently). If facebook want to use the argument that everyone who signs up agree to their t&c then they should respect the fact that only peoples over the age of 18 should be allowed to join in Europe. (this is currently not the case with children as young as 8 and their pet dogs having profiles)....
Facebook cant have it all their own way and must respect the laws of the land, PERIOD.
While I agree with most of your post, I feel I MUST point out some problems with some of the analogies you are using.
1) The analogy between hacking your phone and reading messages is really NOT the same as Facebook storing data that you supplied to their system.
2) Google did nothing that should be considered illegal regardless of what European courts decided. The data they collected was on OPEN WIFI routers. This is the same as being accused of breaking the law because you listen while having a conversation in a crowded room. Open wifi comes with the implicit idea, that the owner of the router is actively allowing others to use the router.
Point taken. They are still collected data they had no right collecting.....also the people who they collected data on were not informed until the german government investigated the matter (which is a breach of the law)
"Is facebook gather information on people who have no connection to them any different from hacking someone’s phone and listening to their messages?"
Usually any communication has two parties. So, you can collect information with neither party consenting (phone hacking, wiretapping, etc.), one party consenting, or both parties consenting.
I would think that most of the information they collect would count as one party consenting, so it's a step up from phone hacking. But it's still worrying, of course, because the single consenting party often doesn't know they are consenting (whether they should know or not is a different matter).
> Facebook has bases, and operates, in Europe. Thus they MUST abide by our data laws.
Why? One might argue that European laws MUST be changed. Pointing to laws is hardly a moral argument, there are tons of terrible laws and facebook might as well be a victim of one of them.
It's not about morals, it's about the law as it is right now. And the truth is that Facebook is breaking our laws and need to be prosecuted for such.
As for your argument, why is that a terrible law? Why is it bad that users have a right to know what companies have on them? To be honest, I think it's a pretty bloody great law.
Facebook is a victim of itself. If it didn't track users in the first place, it wouldn't be in hot water.
> It's not about morals, it's about the law as it is right now.
Depends on the discussion. I doubt anybody claims that the laws don't obligate facebook to make the data available, because they do. What people argue is that said laws are bad.
> And the truth is that Facebook is breaking our laws and need to be prosecuted for such.
That's what we are having an argument about. I agree that they are breaking our laws, but I don't think that they should be prosecuted. I think the laws should be changed instead, because they are bad.
> Why is it bad that users have a right to know what companies have on them?
Because it isn't the state's business what customers and companies agree with each other. If facebook states in its contracts with their customers that they will make this data available then they should be prosecuted for breach of contract if they don't.
I'm against the state (or the EU or whoever) making laws that deal with private matters because lawmakers are notoriously bad at thinking things through. This leads to a bunch of unintended consequences and ultimately is bad for both customers and companies and anybody else. E.g.: copyright laws, patent laws, immigration laws, drug laws etc...
> Facebook is a victim of itself. If it didn't track users in the first place, it wouldn't be in hot water.
I don't want to defend facebook. Maybe what they do is bad, I'm sure that's an interesting discussion, I really don't know. What I'm saying is: Even if what they are doing IS bad, then the state still shouldn't intervene if they don't breach the contracts with their customers. Facebook doesn't force you to use their services, and if you do so voluntarily then it's on facebook's terms, though luck.
> Facebook doesn't force you to use their services, and if you do so voluntarily then it's on facebook's terms, though luck.
WRONG! Think about all the sites that have Like buttons. Facebook never showed me a form or a checkbox to use that, did they? Yet they're gathering information on the sites I go to and setting up "shadow profiles" (as europe-v-facebook put them).
You're right, Facebook doesn't make me use Facebook -- they're trying to force me to.
And sure, I can just use hosts to block the Facebook site, but I shouldn't have to do that just to stop them from tracking me.
Why would a country change their laws to suit a company? (not even from Europe)? When Europeans go to america do they not have to follow the laws of that land?
As a European I feel that I should have access to any information a company holds on me.....both MORALLY and legally...
As a European I don't feel this way. Unless you have a contract with a company that states you such rights, that is...
If you give up information voluntarily (even if you aren't aware of it) why should it obligate anybody who collects it to spend resources on informing you what they know about you? Morally, why does gathering information imply obligation to provide certain information? This is a total non-sequitur.
The reason this should be done as it is the law, pure and simple. I, by law, have the right to know what information/data a company holds on me. If they wish to collect data in the first place, and are a reputable company, they should be well aware of the "obligations" they have before then even start collecting it.......Why do they want my information? What do they plan on doing with it? Could it then end up in the hands of anyone who could do with it as they please?
Much the same way i wouldnt want to be contacted/emailed/telephoned/written to by companies i have in no way solicited to contact me....
The "excessive processing of data" claim, if valid, would seem to make any social networking service a non-starter:
"Facebook is hosting enormous amounts of personal data and it is processing all data for its own purposes.
It seems Facebook is a prime example of illegal 'excessive processing'."
Some data-processing is an intrinsic part of running a social networking site. That's not being complained about. What is being complained about is the secret data collection and processing that's happening without the user's permission or knowledge - visiting a page with a like button gives data about the user to Fb even if the user doesn't click the button. Fb then use that information to do stuff.
Since the user has no way of knowing if a page he's about to visit will have a Fb like button or not; and the user probably doesn't realise that Fb will gather the data with no user interaction on the button; that seems like excessive collection and processing.
It's a start. It does not include pokes, events threads, posting on other peoples profiles, etc: lots of the stuff that it sounds like these Europeans get.
I've never used either, but remember that this legal disclosure has to be everything that they have on you. For the "Download your facebook", facebook get to decide what to include.
Hmmm, I'm an Irish citizen, although I live in the US. I have often wondered at the weakness of US data protection laws, and this might make for an interesting study.
I've seen friends try that are currently studying in the US, but are originally from The Netherlands, and Facebook responded saying that they are in contract with the US company, and thus are not eligible to receive said data. I personally plan on getting a VPN in the UK/The Netherlands and asking for my data, to have it sent to my grandparents address. Hopefully at that point they will send me the data as requested.
I am technically a Dutch citizen since I still have my Dutch passport, but I live in the United States with a green card.
Accessible to advertisers, not users. They don't particularly care if you can find the set of friends who visit sports blogs on odd numbered Tuesdays and like chili fries.
I remember learning about the law that organizations have to provide all information stored about individuals upon request when I was a kid in school.
We even sent out letters requesting information as an assignment. I sent to a bank, I think. Not very interesting back then, but it would certainly be a lot more interesting now!
Honest question: Why is Facebook governed, at least in part, by European law? The reason I ask is that the United States has a lot of trouble enforcing its copyright laws abroad (which is good in my opinion), but Facebook and Google seem to bend to European laws regarding privacy and transparency.
The linked video (in german) explains this. Apparently Facebook has a registered HQ in Ireland (presumably - as someone mentioned in another thread - for tax purposes). Since it is a registered business in Ireland, it is subject to all Irish and many applicable European laws (one of which is data privacy). The 24-year-old Individual feels it's against his data privacy rights that Facebook retains deleted messages.
Personally I find his arguments a bit flawed - e.g. in one instance apparently he objects to the fact that Facebook knows when he was ill because he can do a quick CTRL-F on the text "ill" (german: krank) in the text he received from Facebook. My question is - isn't he the one who posted that content in the first place?
Secondly, he complains that deleted messages are still retained by Facebook. Could that just be a referential integrity constraint - since most messages require 2 or more parties. Therefore, although he deletes the messages, the other party still has the message in their inbox. Therefore, Facebook cannot simply delete the message. Furthermore, since the message has him linked, even if he deletes it from his side, Facebook needs to retain that information on their side.
You know the best solution to protect yourself from Facebook's data privacy policies - get off Facebook or at least be cautious when you post! I personally love the service and think one should be smart about what they post on publicly accessible social networks since that data remains for eternity!
People say if you don't want facebook to know anything about you, then you shouldn't post there.
So others reply that it doesn't matter that you didn't give the data to facebook, one of your friends might.
So now the statement is that if you don't want facebook to know anything about you, then you shouldn't tell your friends, colleagues, etc. anything - after all, they may enter it on facebook.
Watch all the tech companies leave Ireland due draconian European laws.
I don't understand, why all law must be proactive. Let people try and experiment, let norms evolve. Why must we prelegislate things, wait until facebook or someone else starts doing horrible things before passing a law.
Companies and governments already did horrible things in the past few decades. That's why the laws are there. Basically the same reasons why the US has the right to bare arms.
You may want to read up on your history before you call European laws to protect the privacy, freedom and very lives of it's own citizens "draconian".
They are only draconian if you believe the rights of corporations trump those of the people. Which is basically what the US has been doing for quite a while now, not really an example other countries care to follow.
Wonder if tech companies will start to think twice about that particular tax dodge, given the subjecting-yourself-to-EU-jurisdiction tradeoff it involves.
It's to do with whether a company has a 'physical presence' in a country. Facebook has a large presence in Ireland as a company, and Ireland is part of Europe.
It's less to do with a country enforcing it's laws abroad, and more to do with companies setting up a physical presence in a country.
It doesn't have to be a physical presence. Some EU countries block gambling sites without a physical presence (for example, a court can decide that the french law applies, depending on a number of parameters, like among others the availability of translations)
I don't think comparing copyright enforcement, and companies offering a service targeted to citizens of foreign countries is really relevant.
As far as I know, what matters is that Facebook targets EU citizens (by having subsidiaries in the EU, by running ads, by explicitly accepting users from abroad etc.)
Funny, I had to take a two hour mandatory company privacy training course today and the gist of it was the company could only use personal information customers allowed for the purpose it was intended to be used for.
The personal info can't be used for anything else other than what the customer agreed to. When the information is no longer required or whatever it was used for is finished the information has to be securely destroyed, until that point it has to be stored and guarded as securely as is possible.
Anyway after all that they proudly said we have a TRUSTe rating and showed other sites which also have it one of which is Facebook. Something seems wrong with that picture.
I don't understand WHY Facebook chose to not reveal the rest of the data on the first attempt. Let it be a sign of good faith! FB is not alone in this, obviously sites that I visit track usage and what not.
If its a best practices for business thing (do not bend over more than you have too) then C'MONNN! This is the post baby boomers age, bro - the digital age. Get with the show, be good.
Why would they delay sending others the data? In fact, I would use this opportunity to gain the trust that left the building with the long lost battle about privacy (settings)
Of course I presume all the data they collect is within the bounds of legal and ethical lines.
So, I'm going to make a statement that I think is important for anyone reading anything on the internet.
WHAT IS THE PROOF! (also known as 'consider the author', 'read the article', etc)
Now I can't say with certainty that any of these claims are false or true, but it occurs to me that a lot of these claims are based on what facebook MIGHT be doing with your data. I decided to take a look at the complaint and attachments for the shadow profiles case, I don't see any evidence that these shadow profiles exist, just that there is the possibility that they exist.
And for those that will inevitably say that proof isn't necessary, that means you don't trust facebook. If thats the case, there is nothing they can do to prove to you what they're doing is legitimate short of open sourcing their entire stack (and even then, you must trust that what they're running == the source they give you). So either trust that what they're saying is true, find evidence that they're doing something they aren't supposed to, or stop using the service entirely.
Your boss has called his users "dumb fucks", doesn't delete data about them that he says he does and is tracking all their website visits and more. Can you perhaps see past your big salary to how people are, in general, worried? Given the number of lies already told and weird stuff already done why shouldn't people believe new rumours? Watch the video report he was emailed, by your company, huge amounts of data. Much of that data was supposed to be deleted.
Disclaimer, jack works with me at Facebook, so he's going to be biased (as will I). However, it is true that there appears to be a circular dependency between speculation and outrage here, and that probably isn't the greatest thing in the world. All I can do is tell you to keep looking for evidence (seriously, keep us honest), and we will earn your trust again some day.
Correct. I thought that was in my profile info (it wasn't has since been updated). That said, I was going out of my way to make my comment as general purpose as possible (I think evaluating the bias of anything you read on the internet is generally a Good Idea(tm) )
Regarding deleted data: there are clearly two concepts of 'deleted' a). deleted in terms of the application/user interface (ie, it is no longer visible) and b). deleted in terms of physical removal from all permenant storage. Clicking on a button labelled "delete" does not necesarily imply one or the other.
For example, if I "delete" an email in google it is not deleted, it goes to my 'trash/bin' folder - is this also a breach of the law? and are we sure which definition the "Delete Forever" button is using?
...I suppose its up to the terms and conditions to define this.
Europe has strong data protection laws that the US does not have, so it is entirely apt to say that it is Europe vs Facebook. Could you say that it is Max vs Facebook, yes, you'd be just as right, however these rights affect every single person in Europe that is browsing the internet and comes across a site with a Facebook like button.
I find it funny and a little sad that a single US corp is being pitted against an entire continent. We've all known some corps and individuals have had more wealth than entire countries but this is something different. Eventually I think we'll see the EU become more and more like the Federal US.
One of the complaints is that they have profiles on people who are not users. They can get other people to give them information about you.
Specifically, have a look at complaint #2:
"Shadow Profiles. Facebook is collecting data about people without their knowledge. This information is used to substitute existing profiles and to create profiles of non-users."
This. It's the most important thing to stretch by far. One can definitely argue about whether or not people using Facebook should be allowed to complain that they are giving their data to them.
I do not use Facebook. They still try to get my data.
Well, they would if they could, and wouldn't be shitlisted by at least four layers of filters (NoScript, Ghostery, AdBlock, RequestPolicy). Still, I can't block Facebook trying to get people to identify me on photos I might happen to be on. While pretty much anyone I am closer acquainted to knows that we'd be through if they'd ever put pictures of me on Facebook, I can't control this for obvious reasons. I can't control photos taken of me on, for example, concerts, either. It's this loss of control that worries me the most.
What I am also concerned about is the fact that people who are not aware of the dangers that Facebook poses might learn one day - and then there will be no way to correct their mistakes anymore.
Finally, I am deeply anxious about the future of the net if stupid ideas like the Facebook login gain traction. I don't want to see a web where Facebook or Google are mandatory to do anything useful. It's already extremely disturbing how much of the net runs on stuff made by Google. This amount of dependency on a single, commercial entity is insanity, no matter how persistently they might insist on their "Don't be evil" policy.
The fun thing about tags is that you can't remove them unless you join Facebook. And one of the complaints is that removed tags aren't removed, but made non-public. These two points are raised in complaints #3 and #11:
That's not true. If you visit any website with a "Like" button, FB will track you even if you don't click it. If you use Spotify, FB will get a record of your music even if you don't visit the site.
One might still wish to benefit from some of the undoubtedly useful aspects of Facebook without needlessly surrendering various rights to their data as enshrined in European law.
Yes. But it is not reasonable to expect every (legal) service to be offered in every legal/regulatory environment.
This is not to say that Facebook will not or should not offer its services in Europe. Simply that there are possible legal environments where Facebook would be legally allowed to offer its services, but where it would be economically unsustainable for it to do so... and that it is often quite difficult to understand these sorts of effects ahead of time.
So much outrage, and yet so little actual harm. These people may mean well but they are ushering in an era of government regulation of the internet that will (perversely) entrench incumbents like Facebook.
You chose to use the Facebook service, you chose to provide this information to them, and you chose to agree to their terms of service.
Facebook isn't a government agency, it's a private organization that has persuaded people to give it armloads of data about themselves, and uses that for whatever completely legal purposes it so desires. It's not like they are taking out credit card applications or anything on behalf of these users.
What is it about this completely voluntary relationship that is so inherently evil? I really don't get the harsh kickbacks and complaints against things like "Facebook keeps records of pokes even if the user 'removes' them". So what? How is that something that is litigation or 'outcry' worthy?
How much of this data is just persistent in the system because they operate at a scale where data deletion or removal just cannot feasibly be accomplished[1]? Much like google - 'we dont delete anything'. Why should they legally or otherwise be required to verify something is actually deleted, instead of simply ensuring it's inaccessible in their system? Why is nobody complaining about NTFS or ext3/4 not actually zeroing out the file space when you delete something, and instead just 'marking it deleted' or 'removing the pointer in the inode'? How is that fundamentally any different at all?
Please, educate me, because I really don't get it.