Isn't the main function of Facebook to allow users to upload or enter contents for others to view?
It seems like people here tend to think of ad profiles as the only data that matters, but Facebook "collects" messages you post and photos you upload, just like most email services "collect" all your emails. This kind of data is far more sensitive than your ad profile.
> This kind of data is far more sensitive than your ad profile.
Yes and no.
certainly people share and post sensitive stuff on Facebook. But Facebook knowing I've visited certain categories of websites because those sites have a Facebook pixel or they're running a third party widget that has a FB pixel is historically a much more opaque form of data collection.
The valuable data they have is to build a model of your personality and emotional dynamics, where they can control the input, what you see in timeline, and watch the output, the mood revealed by your subsequent actions and posts. Knowing what stimulus will upset you enough to donate or share a given type of content is pretty valuable, even compared to knowing you need a new laptop.
The main function of Facebook is to spy on people, the providers of the data. All data gathered is then sold to paying customers. They make all their money this way.
If they only had a graph with persons and relations between these persons and did nothing else with it than show this to these people, maybe we were not facing this discussion now.
The cynic in me would say: store all data on EU soil ;)
This comment is very biased, who are you to speak for all facebook users?
For one thing, Facebook allows me to stay connected with my family in another country. I'm infinity grateful to it for that, and I'm ready to exchange getting this amazing free service for my very personal information. No one stole this data from me, I'm happy with this arrangement.
Same with other the services: Google's, amazon, and what not... Hell, the progress all these amazing services brought made my live on earth a heaven really (not sarcastic)!
I'm personaly not afraid of big tech, imho they compete with each other, they rise and fall, let them be. I'm afraid of regulation that incentivizes lobbying, kill competition, and create long term monopolies.
They do not compete with each other (potential competitors just get bought out), and already do lobbying in vast quantities. And there's nothing about inter-country communication which requires Facebook's data mining, inasmuch as there are already network links between them which Facebook uses.
i can think of a couple of sad examples where buyout resulted in drop of quality or even dying off. it's often used to kill competition and not the other way.
The problem here is that the majority of users don't actually have informed consent. They don't know what is happening. They think it's just being served ads or something and are like "OK, I can accept the ads in exchange for the service" - what they don't know is FB is passing data to and from data brokers, purchasing your credit card purchases, matching your phone numbers against real life data, then leaking that data to unintended recipients via API or otherwise.
I wouldn't care if I was served isolated display ads, even targetted based on my entered data.
There are plenty of services that would serve that role - staying connected with your family - at least as good as FB does. That's the part most people are missing, I think: that FB doesn't really have that much to offer, apart from its market share. And, because of FB monopoly, pretty much anything that hurts them is good for the market, ie everyone, in particular their users.
You have been able to do that since email existed. You would just pay a few cents extra a month to your ISP for them to run the servers. Their business model wasn't data mining and behavioural manipulation.
You do realize any potential Facebook alternative will face the same problems, further entrenching Facebooks market position.
This even applies to federated social networks like matrix - a EU server can't easily send messages containing personal data to US ones without at least signing an contract with the required "standard contractual clauses" (technically an contract is always required).
Its possible you will have eu only fb, Asia only fb which would not be such a bad thing. Not only would the new entities break monopoly, but also be more compliant than haughty American tech companies with their billions of daus
I can’t see why it would be devastating in practice. Why can’t the servers that deduce every little thing about the users be also based in EU?
If I want a worldwide ad (is that even a thing?) for left-leaning horse owners between ages of 20-27.5 with a child and at least 2 partners, can’t that be dished out from an EU server for EU users?
I, an American, have a friend in France, where is our friendship stored? I send a message to my friend in France they send me one back, where are these two messages stored? We have a photo taken while traveling together in Belgium with 2 other Americans, what server? I could see this being a problem only effectively solved by a separate EU and US Facebook.
It is not clear what data they are worried about transmission of, but each type seems to need special consideration. You mention ad-targeting data, but most data collected by Facebook useful to the surveillance agencies Ireland is worried about are more personal than that.
I suspect cases like this are a tiny minority. You could handle them by falling back to the current way of doing this, ie US servers, and still protect the vast majority of data that's not related to US citizens.
A tiny minority of Facebook users is millions of people. Lots of people have international family and friends. A fallback approach is infeasible for legal requirements, unless it's there for appealing the fine to a lower value.
The question is potentially very difficult, and could only be resolved by constructive engagement with the party making the rules.
The question can be solved trivially easily by just using a big-hammer approach of banning any transfer of personal information to US, period. There are no reasons for allowing the transfer to happen, other than making it easier for Facebook to make money. FB would implement it by only storing interactions involving any EU nationals in EU.
We do want to make it easier for Facebook for political reasons, though, and it's still not particularly hard: just declare that only the data/conversations involving US citizens can be stored on US servers.
Of course not; the data would come from FB's EU servers. The "transfer" above applies to where the data is stored, not where it can be accessed from. From the users point of view the only change would be... nothing; the latency is already at the point where it wouldn't incur any observable penalty.
I don't have many Facebook friends, but they include people on at least 3 other continents. I'm sure a lot of folks have at least some friends in other countries.
I think you’d be surprised that HN is not representative for the general population, and that talking with people from another continent over WhatsApp is, in fact, an exception and not the rule.
I would assume that most Europeans know people living on another continent, or at least people who have lived there in the recent past. There are plenty of careers and hobbies where you make international connections, plenty of jobs that require you to live somewhere else for a while, and plenty of people looking for opportunities elsewhere.
Globally, around 1 person in 30 lives outside their country of origin, so knowing people in other countries should be common.
> I would assume that most Europeans know people living on another continent
Not most, just some.
1 out of 30 is a bit more than 3% and many of those have family connections, they are not strangers living abroad, they are - for example - Italians living in Canada.
And then said person acquires triple citizenship via naturalisation and marriage, and moves to a fourth country. Does your principle still apply? What happens if those other three countries have similar rules?
Are you sure? What if they decided to copy this EU solution (adding they own 'interesting' ideas)?
Russia arleady have data localization law, Facebook just ignores it and it's not enforced. What if it will become enforced? Facebook couldn't say this is something unusual because it will exactly thing EU required of them.
Russia and Turkey have something like GDPR minus a few clauses plus national scope instead of EU scope. Data portability agreements between those would be pretty straightforward.
I belong to a group that has several connections in countries all around Europe due to frequent traveling to dance events. Most of these people post on Facebook in their own language and attend local events.
Outside of this bubble, things are very different. The majority of people never move from where they are born, speak poor English and never travel.
While the people with international connections are surely a relevant amount, and even adding expats that keep contact with friends and family, it's the group with not international connections that I would define as "widespread" and "normal".
We're not talking about storing/transferring data between different countries within the EU though. The cross-the-pond-friendship example was only provided as an example of the topic at hand and not the fact that 'mericans don't have European friends.
I was initially thinking like you too. But it likely isn’t true.
With Facebook’s lowering importance and my self getting older, my interaction with non Americans has lowered. If we are talking about the EU only, the amount is minimal.
Thinking about others around me, most don’t have anything significant with EU residents or have one specific set of friendship[s] in the EU.
If you're both cryonically frozen, is the friendship suspended? Does it spring back into being when you're both defrosted, arising from the process of living? By this account, friendships aren't purely a matter of data storage.
If we're feeling especially poetic, we could make the case that friendships can live on despite the death of one of the participants.
Also, do we always assume a binary friendship of exactly two participants?
People who live in society have learnt how to see themselves, in mirrors, as they appear to their friends. I have no friends: is that why my flesh is so naked?
Let us consider your hypothetical glitched friend-state within Antoine’s concept of distributed self awareness. Does the friend delusion lead to self delusion or vice versa?
I may not consider someone a friend, but still know they do. Imagine the case of people that make "friends" to abuse them or steal information. Note that it doesnt stop them from feeling the friendship is fake and faking that themselves. You see patterns like that in spy stories with double or triple agents. Not sure how many recursions a human brain is able to handle on an everyday basis, I would guess between 2 and 4?
> We have a photo taken while traveling together in Belgium with 2 other Americans, what server?
EU GDPR is pretty clear that all of the cases which involve transferring data from the EU to the US fall under EU GDPR rules. It refers to the location of the data, not the citizenship or residency status of the individuals who are involved.
So, the photo that you took and uploaded within EU borders is theoretically in scope for EU GDPR - even if your French friend is not in the photo.
Good point. Is the ban more about where content is stored or how it is accessed? I guess there is nothing bad about you seeing a page served from Europe.
Otherwise, a lot of this data presumably isn’t covered by GDPR. You and your friend are ultimately user_ids with a relationship_id or sth, and these surely aren’t GDPR-controlled (but they point at details that are)
Data that can be traced back to a person is covered by GDPR. If the user_ids have attached user datasets somewhere they are covered. If they don't have that, but the graph formed by user_ids and relationship_ids is isomorphic to publically known facts or facts that people with access to the graph have, that make people identifiable in the graph, it is covered by GDPR. One example would be a is-neighbour-of relation for peoples' addresses together with a public phone/address-book.
Your message will be stored in the US. Your friends message in the EU.
The metadata ( conversation table of both) would be stored in the US.
Your picture from Europe as a US user with US residency will be stored in the US. As Facebook wouldn't want your data under GDPR and since it's also not required.
Yes, this is exactly the challenge. It extends far beyond just ad-targeting. On the database side, social network sharding, replication, and caching schemes aren't typically designed based on national origin of users.
If you have a full datacenter (i.e. containing databases, not just a frontend or CDN / PoP footprint) in a country, then typically the entire logical data set -- all data for all users worldwide -- is presumably replicated there. Other systems and services will then make assumptions that any object can be looked up with low sub-ms latency.
Social networks often contain activity streams and other pages that include content from many users at once. Consider algorithmic ranking of feed content, comments on popular page content, etc: how do you even implement this if even some small subset of the data needs to be fetched from halfway around the world on every page view?
Anyway, to answer your original question, friendships are bidirectional associations and would typically be stored in two places: one entry in your db shard, and one entry in your friend's shard. Photos are objects and presumably would be "owned" by a single user or page and located there (at least in terms of the metadata about the photo); however tags may be associations which have entries on multiple shards just like friendships. If some of these shards can only be accessed across a trans-Atlantic link, the entire scheme falls apart due to the latency.
"The social graph is tightly interconnected; it is not possible to group users so that cross-partition requests are
rare. This means that each TAO follower must be local
to a tier of databases holding a complete multi-petabyte
copy of the social graph. It would be prohibitively expensive to provide full replicas in every data center.
Our solution to this problem is to choose data center
locations that are clustered into only a few regions, where
the intra-region latency is small (typically less than 1 millisecond). It is then sufficient to store one complete copy of the social graph per region. Figure 2 shows the overall architecture of the master/slave TAO system."
Correct. There would have been no problem if Facebook were not abusing peoples data and trust so dramatically and brazenly, but Europe is forced to do this to deal with the American lawmakers refusing to step up
> the entire scheme falls apart due to the latency.
Every proper Microservice zoo also has the exact same problem of ownership of data and latency. Holding duplicates of often needed parts of the data works surprisingly well and would also be fine with GDPR.
If this was required, the solution wouldn't be too bad. There is a latency penalty, but in a normal browser on a normal computer, FB doesn't feel that close to the latency minimums as it is.
Option A) client sends feed request to all regulatory domains and mixes results itself. Downside is either you'd always see the tail content from all regions, or client would have fetched content it doesn't display. Also, if client has to contact a load balancer in the regulatory domain directly, you're at the mercy of the client's international transit which is often worse than FB's.
Option B), like option A, but client sends feed request to nearest server, nearest server bifurcates the request to one per regulatory domain. If regulatory domain is local, satisfy request (with all the sharded queries), otherwise send it to a request processor with local data and do the processing there. Feed request processor mixes the data. Downside, extra memory used holding results waiting for the remote regions to respond and managing more requests in progress. You could get tricky and use recent response times to try to get all responses back around the same time, and reduce the time where you had some region's data in memory, but not all of them, but that's probably silly.
Both of these are more work than the current scheme, and nobody likes regulation requiring more work, but still. Figuring out where things are permitted to be stored when they involve people in multiple domains sounds like a headache though. And actually splitting the data once the parameters are clear doesn't sound like my kind of fun either.
Disclosure: I worked at FB, but not with FB user data.
As someone who spent a decade working on databases and scalability at multiple social networks (including FB), I believe this problem is substantially more difficult than you're taking into consideration here.
Viewing a couple pages of my news feed randomly just now, I see content from a mix of friends in the U.S., Ireland, Germany, the U.K., and Hong Kong. The content is algorithmically ranked and sorted, and then paginated. Similar situation with viewing comments on popular pages, which may span many countries.
If ranking/sorting is performed either client-side (your option A) or even in a nearby aggregation server (B), each and every user-facing pageload of N posts/comments/whatever would need to fetch the worst-case of N entries from each regulatory domain, and then re-rank/sort/paginate the aggregation of them.
This presents numerous significant problems: not just network latency on every single page load (which would be severe), but also bandwidth consumption, memory, and cpu wherever the aggregation/ranking are being performed. I don't think your option A is even feasible for a worldwide social network, with many users in countries where less powerful devices are prevalent. Even option B would have scary implications for the worldwide increase in network bandwidth consumption alone.
And that's not even considering the problem of how you migrate one of the largest data sets in human history from a non-geo-sharded topology to a geo-sharded one.
Worst-case, multiply all of this effort (and bandwidth impact) by every single multi-national social network, publishing platform, and user-generated content site/app/product. The GDPR-compliance efforts of 2017-2018, which were quite substantial at all of these companies, would look like peanuts in comparison.
There is an assumption that everything in the world should have 10ms latency. Why? Borders have always been meaningful to protect unique people groups. Maybe the extra latency is a way to protect indigenous cultures and allow local solutions to compete with Facebook. There are indigenous people groups all over the world where governments have said "leave those people alone!" American tech companies have done FAR more to destroy local cultures than missionaries could have ever dreamed of. Just because you can doesn't mean you should. Ultimately where it's going is that to the degree Facebook can't buy off all the local politicians it's going to have to follow the local laws and have unique policies for each jurisdiction. Ideally you would just have local companies running the social network, enforcing local norms, with federated APIs to communicate globally. Unfortunately the tech companies already control so much media and mindshare they are gonna probably keep that from happening in most places.
So Facebook would have to redesign their sharding. Who cares?
Also, let's not forget that we're talking about a service with absolutely horrible reliability. Facebook only cares about reliability at scale; at a single person level reliability is quite poor; you can suddenly discover that your random post has 60 thousand likes (for a few minutes), or a friend of yours has a new post (they don't). Thus, the questions of "what if something has >10ms latency" don't really matter - Facebook fails much worse than that all the time.
> So Facebook would have to redesign their sharding. Who cares?
Do you believe Facebook is the only company that would ever be affected by this?
Personally I strongly suspect that once the precedent is set -- that is, regulation requiring user data to remain strictly on servers in the user's country and nowhere else -- the entire tech industry would be severely impacted.
> the questions of "what if something has >10ms latency" don't really matter
Internal point lookups for each individual piece of content would go from sub-ms (intra-region) to now being upwards of 200ms (network requests spanning the globe). And for many social applications, a given page contains content from dozens of sources. Much of this could be parallelized, but even then, the total wall time for each parallelized multi-get is determined by whichever source had the worst-case latency. In any case, we're not just talking about tens of ms of impact here, but rather a latency increase of 2 orders of magnitude (or more!) for even the simplest lookup operations.
> Do you believe Facebook is the only company that would ever be affected by this?
Of course not, Facebook is not the only company parasitizing on users' privacy. The point still stands, though: it's an absolutely tiny (compared to the company's income) amount of work, versus users's rights.
As for delays - again, FB routinely displays much worse problems, adding some more delay there wouldn't be noticeable.
This particular ruling affects only Facebook (and is specifically against Facebook), because it is only Facebook that has here been identified as failing to offer those safeguards.
Google similarly is a tech giant operating across this border, and doesn't currently face such a sanction.
i don’t think it’s that complicated. your account is in a US database. your friends in a french database.
the us db can have a list of friends by user id and those friends might be in other countries db. however your identity and data live in us db only.
if you create a message the message can either be stored in the us and referenced by id in france (or duplicated since you intentionally sent it there). same for photos
this makes each transmission of data across regional boundaries more intentional and easy to add governance checks
An "easy" solution would be for FB to lobby for the USA to adopt privacy laws similar to those in Europe. Then maybe the data transfer ban could be lifted (somehow I suspect that will not be the case)
The US would have to agree that data on EU citizens is not theirs to snoop in. They would also have to trust that the US would actually honor that, and I think most will agree that the EU can't trust the US on that.
In case it wasn't clear; this was the exact issue. The EU decided that current US legislation makes it impossible for Facebook to ensure the US government will respect the privacy of EU residents.
Search "privacy shield invalidated" for more info.
This is spot on and a big problem. And although nobody here including me would shed a tear about Facebook in this case, I am worried about the precedent this sets.
Facebook has the deep pockets to either build this through or fight it legally to the bitter end.
But for any startup trying to build a global X, this can put a serious blocker in the way. Global sharding of entities and working with that isn‘t for the faint of heart. I know we‘d stand still for a year or two trying to implement something similar as a small to mid sized startup.
Philosophically and as a user, I actually like the idea, but wearing the systems architect here, this requirement scares me to no end and could throw a literal wrench into the operations of any global effort.
Your friendship can be stored in US or France. The problem is, everything else about that French national is still being stored in US, even if it's in no way related to US nationals.
I guess a US company running that ad would no longer be allowed to do purchase attribution.
More practically through, all of facebook's infrastructure is built on a transparently globally replicated database. Data siloing was only originally considered for launching facebook in China
With regards to targeting: yes, you can target any country (and all of them).
With regards to reach: yes, because you'll reach the user on pretty much any site/app with ads, so it's virtually "running worldwide" (from the user's point of view).
In some countries like France they will have to comply with the local laws that restrict strongly non-anonymous listing of persons and basically bans some criterion like race or religion (bad memories from WWII). I suspect their algorithms can't offer the guarantees asked by the law for personal data.
> can’t see why it would be devastating in practice.
It's really hard to design systems split like that. There are so many corner cases. What when a user from the EU shares an image with a US group containing users from Australia. Where will the image be sent? Where will it be stored? What happens if the US members leave that group? Need the image be rehomed? What if at the moment that happens there is a trans oceanic bandwidth shortage/outage? Will there be a queue for rehoming images triggered by the final member of a group from a continent leaving the group?
To avoid all the complexity, 99% of 'distributed' systems have a 'master' for the data in just one place. I'm not sure there are any distributed datastores that are masterless outside academia.
> The case stems from European Union concerns that United States government surveillance may not respect the privacy rights of EU citizens
These are valid concerns that I share as a U.S. citizen concerned about my own privacy from government surveillance. It's appropriate for other countries to share them and to take action.
But is it clear that government surveillance by EU countries is more respecting of privacy? It seems to me more like the 5/9/14 Eyes countries are cooperating on just these kinds of intrusions. It isn't clear to me that Facebook data held on European servers will be any more secure from intelligence agencies than on U.S. servers ... including from U.S. agencies.
People using facebook ? They do not care at all about where, how and volume of their data. All they want is "pointy/clicky" access to numb their minds.
But storing data outside the US, where would US people get their pics from should facebook fold, I will loose my best and free Backup Servise, the NSA :)
I've seen this argument a lot recently. "If we screw other people in a sufficiently convoluted and Rube-Goldbergian enough way then it's almost like we're not screwing over anyone at all!"
I'd be more comfortable with that than with my own government, that cares what I do and how I vote, having access to facebook's data on me. The scariest part of European data sitting on US servers for Europeans is that the US will have absolutely no regulations keeping them from harvesting, slicing, and packaging every bit of it, and sending it back to Europe.
Keeping the data from being shipped out is a good step (hopefully not just focused on Facebook), but reimportation of that data is a laundering process that can render local data protections moot.
The difference is that, as an E.U citizen, the governments and agencies that might access this data, along with the laws that allow for that access, are ultimately accountable to me and my fellow citizens. If my data is transferred to the U.S, I have no ability to influence how it's used at all, I effectively have no rights.
I’m an average random person. I have zero, even being high paranoia, of some other country surveilling me.
But my own country “spying” and surveilling me can be scary. They have a lot of power over me. My one voice isn’t important enough to change any legislation or actions. I doubt yours is either. If something unlucky happens with the surveillance of you in your country, you’re likely out of luck. OTOH, nothing happens if Russia or China surveils me (common boogeymen of the west)
> My one voice isn’t important enough to change any legislation or actions. I doubt yours is either.
It sounds like you're suggesting human rights (such as the right to privacy) should only be granted to those who really need. Presumably the government would then get to decide who really needs each right, and who isn't important enough to warrant them.
Also, I think you're forgetting cases where people have been spied on and ultimately renditioned or murdered by a hostile government while in a third country. Perhaps Assange and Khashoggi aren't perfect examples of that, but there are plenty of examples of Russian and Chinese dissidents who have been killed or threatened while living in the West.
>are ultimately accountable to me and my fellow citizens.
Haha yeah right. I don't even know the names of agencies which could have acces to this data in EU, I would supect neither do 99.99% of the people here. EU is really super distant entity compared to local government, we have 25%-30% voter turnout on those elections arround here.
I wonder what would happen if Facebook choose to pull out of the EU with a large banner "Due to new EU regulations, we have to stop operations until regulations change".
Would there be a large public outcry ?
Me, I would like to see facebook, google, apple... reigned in, but they have a large bank account where that can "donate" to pols, so we will probably see a big loophole appear.
I use Facebook but them leaving EU would be amazing because I only use it to keep in touch with friends and family, and now they'd be forced off it. <3
It would be inconvenient for me, but as long as there is something else we can move to (Diaspora), I will survive.
I know two people who have married people from the US who have moved here. I imagine they wouldn't be very happy not being able to interact with their friends across the seas nearly as easily. Who would they blame? That is a good question.
On the other hand, Twitter would be pretty pointless if I could only interact with EU tweeps. I don't know if they would be hit by this, I assume there is a GDPR exception for this the user publishes?
It's not possible, because how are they going to block EU nationals from continuing to use the service?
People can use VPN, disguise themselves as Americans and so on. There is no way they can wiggle themselves out of it unless they'll close the entire operation, and that is not going to happen as Facebook is a spying front.
That's a really risky maneuver for Facebook. Yeah, maybe it has the desired result and the regulators back down. Or maybe competitors that have been locked out for over a decade due to the unassailable network advantage of Facebook finally have their chance to shine, and a new European social network competitor to Facebook rises up. The new competitor would be able to architect their service ground-up for GDPR compliance, which is something Facebook hasn't really been able to do since their platform has a lot of architectural inertia behind it.
Why would EU (government) care? It's not like EU citizens would leave EU. Especially given that the government is preaching that this is protecting citizen rights.
Nothing, because the only important asset FB has is its market share. If they left the EU, you'd have a functionally similar alternative very, very quickly.
In modern cloud data is likely encrypted on disk and typically spread across servers. It’s not really feasible to access the data by physically taking control of the servers or disks.
Does the physical location really matter? If authorities need to access the data, they would anyways need a higher level access to it. In this sense it is more relevant who is controlling the data and where and under what jurisdiction that entity is located.
It's not a matter of data being encrypted, it's about the US authorities being able to demand decrypted access to the data of EU citizens from Facebook.
And, although this is an educated guess, about US businesses paying for Facebook ad services targeting EU customers using the collected data in a way that GDPR would block in EU.
Oh, so basically that thing that dictates that US can ask any US-based company to disclose any data in its possession, and so to protect EU citizens, EU wants US-based companies to store EU data on EU servers.
If I also remember correctly from reading up on Tutanota, it gets so nuanced, that to the US authorities it is enough that a single US employee of a non-US company has access to such data to summon them to disclose it?
It does apply in the EU and that's the point, if a US company can't engineer a legal or technical work around then they can't operate in the EU without breaking either US or EU laws.
If the US believes that it's in a strong enough position that these companies can remain competitive while ignoring either US or EU law (and dodging enforcement) then it's welcome to not make amendments to the CLOUD Act. Otherwise it can have US companies lose market share(or suffer EU enforcement actions) or employ diplomatic lines to neuter or work around the law.
You can of course note that the same issue will arise going the other way (EU company operating in the US) but the cost for the EU is obviously judged to be less than what's gained by protecting their citizens (or that it's at least a good drum to beat to trade for other considerations from the US).
it's not about where the data is stored, it's about Facebooks inability to guarantee the rights of EU citizens and their data as it's transferred to the US
It is incredibly rich for governments to regulate what can be done with data citizen willingly give up in the name of "protecting privacy". Yet they can monitor our Internet and phone activity without consequence. It is so disheartening watching the EU ruin the Internet. First the effect GDPR was to litter the web with PITA popups and now they want to tell people what to do with their data. The EU cannot collapse soon enough. The weight of the bureaucracy will be their downfall.
I know that a lot of people's reaction to this might be, "screw Facebook", but the ramification might be "entrench Facebook such that no one can compete with them."
If the Irish data regulator enforces the provisional order, it would effectively end the privileged access companies in the US have to personal data from Europe and put them on the same footing as companies in other nations outside the bloc.
This isn't just about Facebook. This is about whether every small company trying to bootstrap itself needs to take large steps to architect their data storage in a way that allows for segregation between European and American data.
For Facebook, this might be costly and annoying to deal with. But what if you want to launch a new Flickr, Tumblr, Twitter, Airbnb, recipe website, etc.? You're a team of 2-4 trying to get things off the ground. Do you need to make sure that you are unavailable in the EU? Do you need to work on splitting data storage before you even find product-market-fit?
Like, Airbnb certainly hosts lots of data about people and places, but when they were just starting out and trying to get traction, it seems like it would be a big hurdle to comply with this.
Facebook can comply with this. I think it would be a big burden on anyone trying to compete with Facebook going forward or the ability of new companies to get off the ground.
It was quite easy, in my software, to have a settings with “data storage location” EU/US/Asia, and we transfer the data over to the country of their choice, with a little downtime. Granted there is a main database with everyone’s key/auth/chosen database, but that’s the only centralized data.
Yeah agree with you. I don't see what the difficulty is. It is mostly an infrastructure issue and if you're starting from zero you're going cloud anyways
Every EU company has been having these compliance problems since the Privacy Shield invalidation in last year's Schrems II judgement. It is only Facebook that had the lawyers (and the gall) to sue the Irish DPC to prevent them from enforcing this judgement. Other authorities have already started enforcing, for example a small Bavarian company got a slap on the wrist for having used MailChimp.
But yes, the EU regulatory environment is definitely making it more difficult to cheaply trial some business idea. GDPR isn't part of the problem. By unifying EU data protection law it has become easier to target the EU as a whole. My gripe is more with things like the upcoming copyright directive which is a de-facto link tax.
But Steve Case was not pushing to win 100% he was happy to be biggest player with competitors. So AOL was a lot less ruthless. Also our revenue model was “fun stuff for people to use so they pay a subscription” not “sell peoples intimate data to data brokers.” But definitely a lesson in how innovation can leave an organization. Informally, I blame the influx of MBAs and people attracted more to success than to building fun user experiences, but of course lobbying from phone and cable to block access to the higher speed plumbing which was allowed by law for POTS made the business model of subscribe for a good experience untenable.
Ignoring Facebook entirely, this impacts the US company I work for in a big way. We are in data centers throughout Europe and follow GDPR, best security practices, limit access to production data, etc.
Our company’s interpretation is that we will need EU based teams (that we will have to hire for) to help debug production issues and to help customers because if I look at the data to triage I’ve transferred it out of the EU.
The EU lawmakers are doing what the gutless paid for and owned US lawmakers cannot or will not do.
The US congress balooneyd around with Zuckerberg, he took the piss out of them.
The EU politicians are a little bit less shameless and do something to protect the population(not even the local electorate, they have the ability to see beyond the box).
Facebook and Instagram are designed to keep people more "engaged"(addicted) , in order to collect more data and push ads down everyones throat and retarget those who do not want any business with them.
Tried to delete FB, ig or WA account completely? Every imaginable Ui obstruction and retention trick will bother you on the way out.
The mother ship wants all the data intermingled to be more efficient. Hell no, team EU lawmakers all the way.
This is why every time I hear someone complain about GDPR i gently remind them that it’s the exact type of legislation people say they want to protect their data. People are so short sighted.
People also allocate the blame in weird directions. Like when the topic of the popups and privacy controls comes up people often blame lawmakers for making 'annoying' laws, when really they should blame the companies for violating privacy. The annoying popups exist because the companies are data hungry, the laws just require them to make it transparent.
> Tried to delete FB, ig or WA account completely? Every imaginable Ui obstruction and retention trick will bother you on the way out.
Deleting WhatsApp is Settings -> Account -> Delete My Account -> Delete My Account
Deleting Facebook is Settings -> Account Ownership -> Deactivation and Deletion -> Delete Account (With a very clear choice between deactivation and permanent deletion) -> Delete Account
Compare that to unsubscribing from the New York Times...
It is true that subscription s and re occuring payments are much worse, but we are talking "freeware" here. Especially IG you have to do in the browser.
Except that's not really what happens with Facebook. I deleted my account there ages ago, and discovered later when checking haveibeenpwned.com that the email address I used there was part of a data dump from Facebook. So, do I believe that FB really delete your data when you request to permanently delete it? Nope, not in the slightest.
The last published DPC audit found that it does [1]. There's really no reason to subject themselves to huge fines and lie about it, a very small fraction of facebook users delete anything.
The "data dump" you're referring to was probably scraped from public facebook pages before you deleted the account. There has never to my knowledge been a case of private data becoming public that was exfiltrated from facebook proper.
As I recall, the 'View As' was a feature, allowing you to see your own profile and posts as would be seen by another person, so you could make sure your post privacy/visibility settings were set up the way you wanted. I used the feature quite often and was quite annoyed when they disappeared it one day. Do you have more info on this?
Facebook have (had?) this clause of "if you reconnect in the following 30 days the account deletion will be cancelled" instead of deleting it immediately. Which is indeed one of the trick mentioned by GP.
Not sure they still do this, but when I deleted my Facebook account (some years ago) there were numerous dark patterns designed to get me to relent, including at one point showing me pictures of some of my friends and saying "Are you sure you want to do this? <person's name> will miss you" etc. It was incredibly manipulative.
158 comments
[ 3.2 ms ] story [ 129 ms ] threadIt seems like people here tend to think of ad profiles as the only data that matters, but Facebook "collects" messages you post and photos you upload, just like most email services "collect" all your emails. This kind of data is far more sensitive than your ad profile.
Yes and no.
certainly people share and post sensitive stuff on Facebook. But Facebook knowing I've visited certain categories of websites because those sites have a Facebook pixel or they're running a third party widget that has a FB pixel is historically a much more opaque form of data collection.
The cynic in me would say: store all data on EU soil ;)
For one thing, Facebook allows me to stay connected with my family in another country. I'm infinity grateful to it for that, and I'm ready to exchange getting this amazing free service for my very personal information. No one stole this data from me, I'm happy with this arrangement.
Same with other the services: Google's, amazon, and what not... Hell, the progress all these amazing services brought made my live on earth a heaven really (not sarcastic)!
I'm personaly not afraid of big tech, imho they compete with each other, they rise and fall, let them be. I'm afraid of regulation that incentivizes lobbying, kill competition, and create long term monopolies.
Otherwise, in the Middle Ages, “European kingdoms don’t fight wars, they just conquer one another”
Anyway, if the competition is not an ends unto itself it would seem a more direct argument can be made.
I wouldn't care if I was served isolated display ads, even targetted based on my entered data.
This even applies to federated social networks like matrix - a EU server can't easily send messages containing personal data to US ones without at least signing an contract with the required "standard contractual clauses" (technically an contract is always required).
If I want a worldwide ad (is that even a thing?) for left-leaning horse owners between ages of 20-27.5 with a child and at least 2 partners, can’t that be dished out from an EU server for EU users?
It is not clear what data they are worried about transmission of, but each type seems to need special consideration. You mention ad-targeting data, but most data collected by Facebook useful to the surveillance agencies Ireland is worried about are more personal than that.
The question is potentially very difficult, and could only be resolved by constructive engagement with the party making the rules.
Don't forget what happens when people travel.
Borders are heavily controlled by USA, why shouldn't other countries to the same?
We do want to make it easier for Facebook for political reasons, though, and it's still not particularly hard: just declare that only the data/conversations involving US citizens can be stored on US servers.
Knowing people in other countries is a tiny minority? Maybe in the US, given its size, but it's pretty widespread and normal in Europe.
Absolutely yes.
Especially across two continents.
Europeans who have friends from Europe would all be in Europe anyway.
Europe is larger than US btw, it has two times the population.
Russia+Turkey+Germany alone account for 95% of the population of the United States.
Globally, around 1 person in 30 lives outside their country of origin, so knowing people in other countries should be common.
Not most, just some.
1 out of 30 is a bit more than 3% and many of those have family connections, they are not strangers living abroad, they are - for example - Italians living in Canada.
EU citizens whose data should be kept in EU.
I believe, in the context of this proposed ban "Europe" means "the EU", not geographical Europe. So both Russia and Turkey don't count.
I belong to a group that has several connections in countries all around Europe due to frequent traveling to dance events. Most of these people post on Facebook in their own language and attend local events.
Outside of this bubble, things are very different. The majority of people never move from where they are born, speak poor English and never travel.
While the people with international connections are surely a relevant amount, and even adding expats that keep contact with friends and family, it's the group with not international connections that I would define as "widespread" and "normal".
With Facebook’s lowering importance and my self getting older, my interaction with non Americans has lowered. If we are talking about the EU only, the amount is minimal.
Thinking about others around me, most don’t have anything significant with EU residents or have one specific set of friendship[s] in the EU.
Sounds almost philosophical. I have a friend. We both have brains. In which brain is our friendship stored?
If we're feeling especially poetic, we could make the case that friendships can live on despite the death of one of the participants.
Also, do we always assume a binary friendship of exactly two participants?
https://www.goodreads.com/quotes/548471-people-who-live-in-s...
Let us consider your hypothetical glitched friend-state within Antoine’s concept of distributed self awareness. Does the friend delusion lead to self delusion or vice versa?
EU GDPR is pretty clear that all of the cases which involve transferring data from the EU to the US fall under EU GDPR rules. It refers to the location of the data, not the citizenship or residency status of the individuals who are involved.
So, the photo that you took and uploaded within EU borders is theoretically in scope for EU GDPR - even if your French friend is not in the photo.
Otherwise, a lot of this data presumably isn’t covered by GDPR. You and your friend are ultimately user_ids with a relationship_id or sth, and these surely aren’t GDPR-controlled (but they point at details that are)
Your message will be stored in the US. Your friends message in the EU.
The metadata ( conversation table of both) would be stored in the US.
Your picture from Europe as a US user with US residency will be stored in the US. As Facebook wouldn't want your data under GDPR and since it's also not required.
Seriously?
If you have a full datacenter (i.e. containing databases, not just a frontend or CDN / PoP footprint) in a country, then typically the entire logical data set -- all data for all users worldwide -- is presumably replicated there. Other systems and services will then make assumptions that any object can be looked up with low sub-ms latency.
Social networks often contain activity streams and other pages that include content from many users at once. Consider algorithmic ranking of feed content, comments on popular page content, etc: how do you even implement this if even some small subset of the data needs to be fetched from halfway around the world on every page view?
Anyway, to answer your original question, friendships are bidirectional associations and would typically be stored in two places: one entry in your db shard, and one entry in your friend's shard. Photos are objects and presumably would be "owned" by a single user or page and located there (at least in terms of the metadata about the photo); however tags may be associations which have entries on multiple shards just like friendships. If some of these shards can only be accessed across a trans-Atlantic link, the entire scheme falls apart due to the latency.
"The social graph is tightly interconnected; it is not possible to group users so that cross-partition requests are rare. This means that each TAO follower must be local to a tier of databases holding a complete multi-petabyte copy of the social graph. It would be prohibitively expensive to provide full replicas in every data center. Our solution to this problem is to choose data center locations that are clustered into only a few regions, where the intra-region latency is small (typically less than 1 millisecond). It is then sufficient to store one complete copy of the social graph per region. Figure 2 shows the overall architecture of the master/slave TAO system."
https://www.usenix.org/system/files/conference/atc13/atc13-b...
edit: Oh hah, didn't realize parent was former DB person at FB. I was too, just a few years before :-)
Every proper Microservice zoo also has the exact same problem of ownership of data and latency. Holding duplicates of often needed parts of the data works surprisingly well and would also be fine with GDPR.
Option A) client sends feed request to all regulatory domains and mixes results itself. Downside is either you'd always see the tail content from all regions, or client would have fetched content it doesn't display. Also, if client has to contact a load balancer in the regulatory domain directly, you're at the mercy of the client's international transit which is often worse than FB's.
Option B), like option A, but client sends feed request to nearest server, nearest server bifurcates the request to one per regulatory domain. If regulatory domain is local, satisfy request (with all the sharded queries), otherwise send it to a request processor with local data and do the processing there. Feed request processor mixes the data. Downside, extra memory used holding results waiting for the remote regions to respond and managing more requests in progress. You could get tricky and use recent response times to try to get all responses back around the same time, and reduce the time where you had some region's data in memory, but not all of them, but that's probably silly.
Both of these are more work than the current scheme, and nobody likes regulation requiring more work, but still. Figuring out where things are permitted to be stored when they involve people in multiple domains sounds like a headache though. And actually splitting the data once the parameters are clear doesn't sound like my kind of fun either.
Disclosure: I worked at FB, but not with FB user data.
Viewing a couple pages of my news feed randomly just now, I see content from a mix of friends in the U.S., Ireland, Germany, the U.K., and Hong Kong. The content is algorithmically ranked and sorted, and then paginated. Similar situation with viewing comments on popular pages, which may span many countries.
If ranking/sorting is performed either client-side (your option A) or even in a nearby aggregation server (B), each and every user-facing pageload of N posts/comments/whatever would need to fetch the worst-case of N entries from each regulatory domain, and then re-rank/sort/paginate the aggregation of them.
This presents numerous significant problems: not just network latency on every single page load (which would be severe), but also bandwidth consumption, memory, and cpu wherever the aggregation/ranking are being performed. I don't think your option A is even feasible for a worldwide social network, with many users in countries where less powerful devices are prevalent. Even option B would have scary implications for the worldwide increase in network bandwidth consumption alone.
And that's not even considering the problem of how you migrate one of the largest data sets in human history from a non-geo-sharded topology to a geo-sharded one.
Worst-case, multiply all of this effort (and bandwidth impact) by every single multi-national social network, publishing platform, and user-generated content site/app/product. The GDPR-compliance efforts of 2017-2018, which were quite substantial at all of these companies, would look like peanuts in comparison.
Also, let's not forget that we're talking about a service with absolutely horrible reliability. Facebook only cares about reliability at scale; at a single person level reliability is quite poor; you can suddenly discover that your random post has 60 thousand likes (for a few minutes), or a friend of yours has a new post (they don't). Thus, the questions of "what if something has >10ms latency" don't really matter - Facebook fails much worse than that all the time.
Do you believe Facebook is the only company that would ever be affected by this?
Personally I strongly suspect that once the precedent is set -- that is, regulation requiring user data to remain strictly on servers in the user's country and nowhere else -- the entire tech industry would be severely impacted.
> the questions of "what if something has >10ms latency" don't really matter
Internal point lookups for each individual piece of content would go from sub-ms (intra-region) to now being upwards of 200ms (network requests spanning the globe). And for many social applications, a given page contains content from dozens of sources. Much of this could be parallelized, but even then, the total wall time for each parallelized multi-get is determined by whichever source had the worst-case latency. In any case, we're not just talking about tens of ms of impact here, but rather a latency increase of 2 orders of magnitude (or more!) for even the simplest lookup operations.
Of course not, Facebook is not the only company parasitizing on users' privacy. The point still stands, though: it's an absolutely tiny (compared to the company's income) amount of work, versus users's rights.
As for delays - again, FB routinely displays much worse problems, adding some more delay there wouldn't be noticeable.
It's quite clear that GDPR allows data to cross the border, if particular safeguards are guaranteed by the data recipient.
That continues to be the advice generally given following the rejection of "Privacy Shield" e.g. by https://gdpr-info.eu/issues/third-countries/
This particular ruling affects only Facebook (and is specifically against Facebook), because it is only Facebook that has here been identified as failing to offer those safeguards.
Google similarly is a tech giant operating across this border, and doesn't currently face such a sanction.
the us db can have a list of friends by user id and those friends might be in other countries db. however your identity and data live in us db only.
if you create a message the message can either be stored in the us and referenced by id in france (or duplicated since you intentionally sent it there). same for photos
this makes each transmission of data across regional boundaries more intentional and easy to add governance checks
Search "privacy shield invalidated" for more info.
Facebook has the deep pockets to either build this through or fight it legally to the bitter end.
But for any startup trying to build a global X, this can put a serious blocker in the way. Global sharding of entities and working with that isn‘t for the faint of heart. I know we‘d stand still for a year or two trying to implement something similar as a small to mid sized startup.
Philosophically and as a user, I actually like the idea, but wearing the systems architect here, this requirement scares me to no end and could throw a literal wrench into the operations of any global effort.
Social connections span legal jurisdictions.
Easier than CSS.
More practically through, all of facebook's infrastructure is built on a transparently globally replicated database. Data siloing was only originally considered for launching facebook in China
With regards to targeting: yes, you can target any country (and all of them).
With regards to reach: yes, because you'll reach the user on pretty much any site/app with ads, so it's virtually "running worldwide" (from the user's point of view).
It's really hard to design systems split like that. There are so many corner cases. What when a user from the EU shares an image with a US group containing users from Australia. Where will the image be sent? Where will it be stored? What happens if the US members leave that group? Need the image be rehomed? What if at the moment that happens there is a trans oceanic bandwidth shortage/outage? Will there be a queue for rehoming images triggered by the final member of a group from a continent leaving the group?
To avoid all the complexity, 99% of 'distributed' systems have a 'master' for the data in just one place. I'm not sure there are any distributed datastores that are masterless outside academia.
It's devastating to their "cost of doing business" not "conduct of business".
These are valid concerns that I share as a U.S. citizen concerned about my own privacy from government surveillance. It's appropriate for other countries to share them and to take action.
But is it clear that government surveillance by EU countries is more respecting of privacy? It seems to me more like the 5/9/14 Eyes countries are cooperating on just these kinds of intrusions. It isn't clear to me that Facebook data held on European servers will be any more secure from intelligence agencies than on U.S. servers ... including from U.S. agencies.
But storing data outside the US, where would US people get their pics from should facebook fold, I will loose my best and free Backup Servise, the NSA :)
Keeping the data from being shipped out is a good step (hopefully not just focused on Facebook), but reimportation of that data is a laundering process that can render local data protections moot.
But my own country “spying” and surveilling me can be scary. They have a lot of power over me. My one voice isn’t important enough to change any legislation or actions. I doubt yours is either. If something unlucky happens with the surveillance of you in your country, you’re likely out of luck. OTOH, nothing happens if Russia or China surveils me (common boogeymen of the west)
It sounds like you're suggesting human rights (such as the right to privacy) should only be granted to those who really need. Presumably the government would then get to decide who really needs each right, and who isn't important enough to warrant them.
Also, I think you're forgetting cases where people have been spied on and ultimately renditioned or murdered by a hostile government while in a third country. Perhaps Assange and Khashoggi aren't perfect examples of that, but there are plenty of examples of Russian and Chinese dissidents who have been killed or threatened while living in the West.
Right until the point of some weird twist in geopolitics and oops, that other country is sharing all it had on you with your home country.
It's like Microsoft buying Skype or Facebook buying WhatsApp, but you can't opt out and delete your account.
Haha yeah right. I don't even know the names of agencies which could have acces to this data in EU, I would supect neither do 99.99% of the people here. EU is really super distant entity compared to local government, we have 25%-30% voter turnout on those elections arround here.
Would there be a large public outcry ?
Me, I would like to see facebook, google, apple... reigned in, but they have a large bank account where that can "donate" to pols, so we will probably see a big loophole appear.
I know two people who have married people from the US who have moved here. I imagine they wouldn't be very happy not being able to interact with their friends across the seas nearly as easily. Who would they blame? That is a good question.
On the other hand, Twitter would be pretty pointless if I could only interact with EU tweeps. I don't know if they would be hit by this, I assume there is a GDPR exception for this the user publishes?
https://www.ft.com/content/cac1ff54-b976-4ae4-b810-46c29ab26...
Does the physical location really matter? If authorities need to access the data, they would anyways need a higher level access to it. In this sense it is more relevant who is controlling the data and where and under what jurisdiction that entity is located.
Schrems 2 is case primarily about US companies working with US authorities.
https://edpb.europa.eu/our-work-tools/our-documents/other/fr...
If I also remember correctly from reading up on Tutanota, it gets so nuanced, that to the US authorities it is enough that a single US employee of a non-US company has access to such data to summon them to disclose it?
Either way, Facebook is in deep shit.
If the US believes that it's in a strong enough position that these companies can remain competitive while ignoring either US or EU law (and dodging enforcement) then it's welcome to not make amendments to the CLOUD Act. Otherwise it can have US companies lose market share(or suffer EU enforcement actions) or employ diplomatic lines to neuter or work around the law.
You can of course note that the same issue will arise going the other way (EU company operating in the US) but the cost for the EU is obviously judged to be less than what's gained by protecting their citizens (or that it's at least a good drum to beat to trade for other considerations from the US).
If the Irish data regulator enforces the provisional order, it would effectively end the privileged access companies in the US have to personal data from Europe and put them on the same footing as companies in other nations outside the bloc.
This isn't just about Facebook. This is about whether every small company trying to bootstrap itself needs to take large steps to architect their data storage in a way that allows for segregation between European and American data.
For Facebook, this might be costly and annoying to deal with. But what if you want to launch a new Flickr, Tumblr, Twitter, Airbnb, recipe website, etc.? You're a team of 2-4 trying to get things off the ground. Do you need to make sure that you are unavailable in the EU? Do you need to work on splitting data storage before you even find product-market-fit?
Like, Airbnb certainly hosts lots of data about people and places, but when they were just starting out and trying to get traction, it seems like it would be a big hurdle to comply with this.
Facebook can comply with this. I think it would be a big burden on anyone trying to compete with Facebook going forward or the ability of new companies to get off the ground.
It seems you'd have loads of other hurdles to get over before intl-data becomes the thing that would block your growth.
My 4 person team solves with country specific domains and hosting.
Before that we had to figure out how to be profitable and "default alive" which was orders of magnitude harder than data silos.
This regulation might actually make EU startups serving the EU more competitive vs competition from Silicon Valley.
Which would be a double win for the EU legislators.
But yes, the EU regulatory environment is definitely making it more difficult to cheaply trial some business idea. GDPR isn't part of the problem. By unifying EU data protection law it has become easier to target the EU as a whole. My gripe is more with things like the upcoming copyright directive which is a de-facto link tax.
Our company’s interpretation is that we will need EU based teams (that we will have to hire for) to help debug production issues and to help customers because if I look at the data to triage I’ve transferred it out of the EU.
The EU politicians are a little bit less shameless and do something to protect the population(not even the local electorate, they have the ability to see beyond the box).
Facebook and Instagram are designed to keep people more "engaged"(addicted) , in order to collect more data and push ads down everyones throat and retarget those who do not want any business with them. Tried to delete FB, ig or WA account completely? Every imaginable Ui obstruction and retention trick will bother you on the way out.
The mother ship wants all the data intermingled to be more efficient. Hell no, team EU lawmakers all the way.
Deleting WhatsApp is Settings -> Account -> Delete My Account -> Delete My Account
Deleting Facebook is Settings -> Account Ownership -> Deactivation and Deletion -> Delete Account (With a very clear choice between deactivation and permanent deletion) -> Delete Account
Compare that to unsubscribing from the New York Times...
The "data dump" you're referring to was probably scraped from public facebook pages before you deleted the account. There has never to my knowledge been a case of private data becoming public that was exfiltrated from facebook proper.
[1] https://web.archive.org/web/20171218060100/https://www.datap...
1) Facebook had a "View as" bug that allowed anyone to view anyone else's private page as that person.
2) Cambridge Analytica in which Facebook shared private information with third-parties under an NDA.
https://about.fb.com/news/2018/09/security-update/
Nope. If my business depends on breaking the law, then I have two choices: pay the penalties, or cease trading.