We have Micky Mouse laws in the US. Legally mega corps have to do whatever ensures rising profits. If they pollute the local river, causing birth defects and cancers, it's often more profitable than not polluting in the first place.
Push come to shove you can just shut the company down when you get sued.
The only thing you can do is be a smart consumer. Know who owns your data, and be mindful of what your actually buying.
I really want a VR headset, not a Facebook Advertisement delivery device .
I doubt it. Not because Facebook is good but because I fear what would fill the vacuum left behind if they retreat. Do you want a taste? Look what Hubert Burda's companies are doing and you will want Facebook back.
Burda is behind the Clix browser which brands itself as a privacy respecting Chrome/Firefox alternative but is outright spyware in my opinion. There have been a few threads about this on HN in the past.
Another example is Xing which is a surprisingly popular LinkedIn clone that copies many of the dark patters of the original.
Xing-like pulp will be the European Facebook? Oh god no. In EU only German media corporations have enough money to enter this market, but they have no sophistication to create anything engaging or interesting. Facebook-like success story of bunch of folks building something from scratch simply doesn't occur in Europe and it is disgraceful.
As someone who's been on Xing from the very beginning (when it was still called OpenBC) and has been on LinkedIn for sometime my opinion is this:
You can accuse Xing of many things but not that they are behind LinkedIn. I mean regarding the technology, UX and overall experience I have no complaints and I find the community there much more pleasant than LinkedIn. That's one reason I'm still on Xing, but quit LinkedIn some time ago.
What I criticize though is their use of dark patterns and tricking their users into accepting things they most probably don't really want. In that regard they are more akin to Facebook and maybe even worse than the recent LinkedIn.
This is pretty pathetic of Facebook; and they stoop even lower by claiming embattlement solidarity with other businesses because of the pandemic.
A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from Covid-19.
Clean up your act, or leave the EU data in the EU; we all know you're not going anywhere.
It's definitely an interesting architecture problem.
If the EU says that all data related to EU residents has to stay in the EU, what happens if I as an American leave a comment on a post by a friend of mine in Europe? If my interactions with Europeans have to be stored in the EU, will all of my requests have to be served by Facebook servers in the EU? Definitely won't be fun for latency. I don't think that would be an insurmountable problem, but it makes things complicated.
Let's make things even more complicated: what if another jurisdiction passes similar rules? Lets say all data pertaining to residents of New Zealand and Australia has to stay in Oceania. How will people in the EU and Oceania be able to interact without running afoul of at least one jurisdiction's rules?
There would also be problems when people travel (either as tourists or to permanently move); what happens to their 'old' data, or their 'new' data when/if they travel back? So-called 'edge cases' become big problems when you have a large number of users, and fines/penalties are based on corporate revenues (rather than damages).
Those are edge cases that need to be resolved. In many cases there may not be satisfactory resolutions for them. And it’s almost always the case that the law will not punish somebody for an Un implementable regulation if they see that the entity made a reasonable effort to try and follow it.
Talking about edge cases is a distraction from the fact that FB is refusing to implement things that are very much not edge cases and do not have fundamental implementation challenges associated with them.
Cross-jurisdiction issues crop up all the time. Sometimes they must follow the route that provides the most privacy and this is compliant everywhere, sometimes there are trade deals and compromises are made. In a conversation between an American and a German, I would expect the American to get EU levels of protection. This is all pie-in-the-sky though, I’m sure.
If I'm understanding the article correctly, the problem is that the EU levels of protection give EU datacenters a monopoly on the data. The regulation isn't compatible with other nations passing the same sort of laws.
If the US passed a mirroring law in order to protect Americans' data from being spied on by GHCQ, then you have two mutually exclusive privacy regulations. The data can't exist outside of the EU, but the data also can't exist outside of the US. Considering the competing goals (in this hypothetical situation where the US doesn't want Americans being spied on by the EU, and the EU doesn't want Europeans being spied on by the US), I have 0 faith in the governments being able to resolve this balkanization.
Possibly, but I think the key lines are "the US does not limit surveillance of EU citizens" and "there were insufficient safeguards against snooping by US intelligence agencies", which suggests that it's fixable, although the medicine is unpleasant for US-based-whoopee-you-get-free-data-and-you-get-free-data companies; The EU is operating pretty consistently, I'd say. They work like a club with rules that allows anyone to enter provided they follow their rules, and making the club very attractive to join so that entrants willingly make the changes. The US is generally not inclined to take other countries' interests to heart and is not renowned for equitable relationship-building, but it defends its citizens' rights and its companies' rights, so the EU does the same and Facebook blubs, it's just standard business PR.
this is not about comments, it's about a lot of other interactions, many outside Facebook apps and sites - Facebook has info about websites you visited and links you clicked and webpages you liked, and where and when you did that
I don't buy their bluff. Uber is dominant in every market because it strangles its competitors, not because no one else can make a ride share application.
In theory they should have a pretty decent bargaining position though. Imagine Facebook, Instagram and Whatsapp to stop functioning by year end. I bet a lot of consumers would be pretty upset about that and I think most of them really don't care that their data is being sent to the US.
I suspect they'll just bow to the EU demands though, it's probably the simplest way without burning any bridges.
We got good alternatives for WhatsApp (Signal, Threema, Telegram). Not perfect, but fit for purpose.
Instagram and FB.. plenty of boards and forums, Mastodon.
For anyone who thinks that "there are no technology alternatives for XYZ" or that "tech cannot move so fast to close the XYZ gap".. see what happened in 2020 with COVID and how fast tech industry moved to cover the gaps that were newly created (or lately enhanced).
I think it's more: people are using WhatsApp (etc), presumably for a reason[0], and Facebook thinks (not necessarily falsely) that it can mislead those people to blame their government for 'forcing' Facebook to break the software they're using.
0: That that reason is "it's a pain in the ass to migrate to something else" rather than any actual merit of WhatsApp wouldn't make this tactic this any less effective.
This was huge tactical mistake that they have made. The same issue that they have is also common for google, microsoft, amazon (probably).
If EU would let them off the hook based on their "threats", everyone would start doing it the same. Now FB has put themself into unique position where they have forced EU to do exactly what they dont want.
Seems like a US person's post on a European page or friend would be have restrictions on the US side but on the EU side data processing could take place there.
I think the EU is doing this to spark interest in EU tech companies. Right now, you get laughed at if you suggest building a social network product. But if the legislature can create an environment where this market opens up, then it might not be so funny!
The whole Europe won't though. People use FB/Instagram/WhatsApp because they like it and often rely on it. If those disappear tomorrow because of politics then riots in Europe demanding heads of EU politicians are more likely than people saying good riddance.
"A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from Covid-19"
The "we" in the above quote is both touching and sincere.
>>>Wait, does that mean that snooping by US intelligence agencies on people in EU is required for Facebook operation?
Any US-based company is required to submit to warrants/subpoenas (assuming they're legal/proper) from intelligence agencies. It may certainly be the case that courts would hold Facebook in contempt if they refused - even if they refused in order to comply with EU law.
>" US intelligence agencies don't need warrants to get data regarding non-US persons. Such data must be handed over upon request."
My understanding was that intelligence agencies were required to get a so-called "FISA warrant" to compel the production of information. [1] Am I missing something?
I would agree that the so-called "Foreign Intelligence Surveillance Court (FISC)" is really more of a board than a court, but that doesn't mean that US companies are simply providing information upon request. I view the FISC as a symptom of the ever-growing regulatory state, but that is a (somewhat) separate matter.
Basically the national surveillance agency wants APIs with all communication networks, so they can request anything, arguing their automated big data mining will only request data they are allowed to request, by law or warrant. The data providing business should not look into the details what they request, because that would endanger national security.
The FISA courts have a history of signing very broad warrants like "all data related to who talks to whom necessary for national security"
And the agency has argued in the past that they can copy anything anyway because only if a human officially looks at the data in an investigation, a warrant is needed. As long as it is only fully automated machines running big data analysis on it, and no one is looking, such rules do not apply.
And the FISA court pretty much signs any "look into it" order if the machine says "i found something, someone should look into this".
The worst of the worst is that skynet thing: it creates lists of people that are to be targeted by automated flying killer robots. I know this sounds ridiculous. That is the reason why they picked that name.
Its just weird interactions with common data handling laws, usually any data travelling trough US is subjected to US intelligence agencies where applicable by this sovereign nation (Obviously) and an european facebook post read by a US citizen is still required to follow european data protection regulations(also completely applicable here)
So the new age internet needs bureaucratic regulation tags to comply with all laws.
the safe harbor / privacy shield agreement was dq'd because US intelligence can reach into the data, thereby not meeting the requirements of GDPR. facebook can't operate because it now lacks safe harbor, and is unable to meet the alternate requirements for data protection.
it's a very interesting ruling, because SCC was upheld, and US intelligence can just as easily look into data transferred under SCC agreements. in my brief reading, users have to explicitly agree to allow export of their data under SCC though.
it would result in a federated system, just like email, where communication between europeans stay in europe, and only intercontinental contacts go across the atlantic.
It's interesting that it qualified the statement with, “Facebook is not threatening to withdraw from Europe,”. It sounds like what they are really saying is that we have a lot of work to do to figure out how to operate under these conditions. That's a fair statements, but I have full faith that capitalism will motivate them to figure out how to make it all work.
The headline is sort of sensationalized. I guess that’s all that matters because most of the commenters here seem to have only read the headline and then commented less than 5 words on that.
144 comments
[ 3.4 ms ] story [ 207 ms ] threadPush come to shove you can just shut the company down when you get sued.
The only thing you can do is be a smart consumer. Know who owns your data, and be mindful of what your actually buying.
I really want a VR headset, not a Facebook Advertisement delivery device .
Another example is Xing which is a surprisingly popular LinkedIn clone that copies many of the dark patters of the original.
You can accuse Xing of many things but not that they are behind LinkedIn. I mean regarding the technology, UX and overall experience I have no complaints and I find the community there much more pleasant than LinkedIn. That's one reason I'm still on Xing, but quit LinkedIn some time ago.
What I criticize though is their use of dark patterns and tricking their users into accepting things they most probably don't really want. In that regard they are more akin to Facebook and maybe even worse than the recent LinkedIn.
https://news.ycombinator.com/item?id=24549979
https://news.ycombinator.com/item?id=24543932
https://news.ycombinator.com/item?id=24554893
A lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from Covid-19.
Clean up your act, or leave the EU data in the EU; we all know you're not going anywhere.
If the EU says that all data related to EU residents has to stay in the EU, what happens if I as an American leave a comment on a post by a friend of mine in Europe? If my interactions with Europeans have to be stored in the EU, will all of my requests have to be served by Facebook servers in the EU? Definitely won't be fun for latency. I don't think that would be an insurmountable problem, but it makes things complicated.
Let's make things even more complicated: what if another jurisdiction passes similar rules? Lets say all data pertaining to residents of New Zealand and Australia has to stay in Oceania. How will people in the EU and Oceania be able to interact without running afoul of at least one jurisdiction's rules?
Talking about edge cases is a distraction from the fact that FB is refusing to implement things that are very much not edge cases and do not have fundamental implementation challenges associated with them.
If the US passed a mirroring law in order to protect Americans' data from being spied on by GHCQ, then you have two mutually exclusive privacy regulations. The data can't exist outside of the EU, but the data also can't exist outside of the US. Considering the competing goals (in this hypothetical situation where the US doesn't want Americans being spied on by the EU, and the EU doesn't want Europeans being spied on by the US), I have 0 faith in the governments being able to resolve this balkanization.
https://www.youtube.com/watch?v=JrYtD7gSWsI
Instagram and FB.. plenty of boards and forums, Mastodon.
For anyone who thinks that "there are no technology alternatives for XYZ" or that "tech cannot move so fast to close the XYZ gap".. see what happened in 2020 with COVID and how fast tech industry moved to cover the gaps that were newly created (or lately enhanced).
0: That that reason is "it's a pain in the ass to migrate to something else" rather than any actual merit of WhatsApp wouldn't make this tactic this any less effective.
This was huge tactical mistake that they have made. The same issue that they have is also common for google, microsoft, amazon (probably).
If EU would let them off the hook based on their "threats", everyone would start doing it the same. Now FB has put themself into unique position where they have forced EU to do exactly what they dont want.
Someone is very stupid in their chain of command.
The "we" in the above quote is both touching and sincere.
> In a court filing in Dublin, Facebook’s associate general counsel wrote that enforcing the ban would leave the company unable to operate.
Wait, does that mean that snooping by US intelligence agencies on people in EU is required for Facebook operation?
It's a weird ban though, as if interpreted as described, it would lead to two Facebooks where EU/US users would not be able to interact.
(the ruling wasnt a total ban on sending data, rather that there must be restrictions over what private data can be transferred)
Any US-based company is required to submit to warrants/subpoenas (assuming they're legal/proper) from intelligence agencies. It may certainly be the case that courts would hold Facebook in contempt if they refused - even if they refused in order to comply with EU law.
This is both a problem for individual civil liberties and for non-US businesses, as the US intelligence system does conduct commercial espionage.
My understanding was that intelligence agencies were required to get a so-called "FISA warrant" to compel the production of information. [1] Am I missing something?
[1] https://en.wikipedia.org/wiki/United_States_Foreign_Intellig...
Yeah: Stellar Wind, muscular, prism and skynet
Basically the national surveillance agency wants APIs with all communication networks, so they can request anything, arguing their automated big data mining will only request data they are allowed to request, by law or warrant. The data providing business should not look into the details what they request, because that would endanger national security.
The FISA courts have a history of signing very broad warrants like "all data related to who talks to whom necessary for national security"
And the agency has argued in the past that they can copy anything anyway because only if a human officially looks at the data in an investigation, a warrant is needed. As long as it is only fully automated machines running big data analysis on it, and no one is looking, such rules do not apply.
And the FISA court pretty much signs any "look into it" order if the machine says "i found something, someone should look into this".
The worst of the worst is that skynet thing: it creates lists of people that are to be targeted by automated flying killer robots. I know this sounds ridiculous. That is the reason why they picked that name.
I remember reading a Wired article probably 10 years ago that an early large investor was the NSA/or similar, so yes, snooping may be a feature.
You really didn't look that hard did you?
So the new age internet needs bureaucratic regulation tags to comply with all laws.
Think of something like $0.25 per BGP query. Even that would be enough to grind the web into halt.
the safe harbor / privacy shield agreement was dq'd because US intelligence can reach into the data, thereby not meeting the requirements of GDPR. facebook can't operate because it now lacks safe harbor, and is unable to meet the alternate requirements for data protection.
it's a very interesting ruling, because SCC was upheld, and US intelligence can just as easily look into data transferred under SCC agreements. in my brief reading, users have to explicitly agree to allow export of their data under SCC though.
It's interesting that it qualified the statement with, “Facebook is not threatening to withdraw from Europe,”. It sounds like what they are really saying is that we have a lot of work to do to figure out how to operate under these conditions. That's a fair statements, but I have full faith that capitalism will motivate them to figure out how to make it all work.