76 comments

[ 3.4 ms ] story [ 131 ms ] thread
Moving data to the EU would be a Herculean task for Facebook. It wouldn’t surprise me if they disclosed this risk, as they have with the SEC, pursued a legal strategy to keep data abroad, and then did a hail mary to move back data to the EU if necessary, leading to a correction (in a “positive” way) to their share price.
Unlike the Australian case where Murdoch was involved . This time Facebook might as well as leave. I was surprised when they say they could not carry out their shenanigans by keeping the user data in Europe. They are getting desperate.
Yes, please do shut down here!

What a quack.

Well, it won't happen. It's just a way too big market to give up. Even if they are forced to invest a significant amount of their engineering power to get it done, they probably will have to. And I think they should be required to do it, if the same requirements apply to every other company too.
It's a form of regulatory capture that will enable to FB to do just fine, and have tons of companies pull out of Europe for almost zero benefit to Europeans.

It's a 'nice thought' to have all data and data processing apply locally in Europe, but it also has only very, very marginal benefits.

Just think for a moment: where are the Europeans who are directly harmed because FB has their data in the US under different jurisdiction, whereupon, if the data were all in Luxembourg, their personal outcome would be better?

I'm not even sure that exists.

Were Sven and Francois harmed, distraught and complained to the EU that this data ought to be in Luxembourg in which case they would not have been harmed?

The regulation requires a fair bit of cost and complexity for very little upside and will make it more difficult for companies to operate.

Of the things we don't like about Facebook that the data is in the USA is not the biggest burden.

It's one thing, but not a the most obvious thing.

It's just a way too big market to give up.

Google gave up on China. Maybe there's reason to hope.

Did they though? They don't offer some services there but analytics, search (google.cn) and ads are still available AFAIK. Those are the big money makers for them.
Like that’ll ever happen, too much money on the table to just walk away. I hope the EU regulators realize this and stick to their guns.
Yeah, IMO it's just a populist negotiation tactic that Zuck hopes has the effect of the EU public lobbying their politicians to "please keep Facebook in the EU!".
Hopefully they do more than "consider". Pulling the plug would be a benefit to every European citizen (EU member or not).
What about the hundreds of millions of people that voluntarily use Facebook every month in the EU?
I doubt any of them would notice the difference after a month of cold turkey.

Anything productive done on Meta platforms can be achieved through alternative, less socially destructive means.

And yet people choose to use Facebook/Insta. This scary slide towards people feeling that they know what is best for everyone else is extremely un-Democratic.
Maybe because reality has proven that people don't know what they are doing.

E.G. The anti-vaccers, anti-climate change supporters that Facebook eagerly monetizes.

Maybe we can actually get vaccination numbers up in the EU if these idiots weren't given a soapbox by FB.

The "scary slide" is towards megacorps owning our lives, not the EU's very late effort to slow it down.
A lot easier for an EU citizen to ditch Facebook than it is for them to ditch the EU. I prefer to have autonomy and choose which products and services I use
You are free to use any service which doesn't break the law. If you don't like the law you can try to get the law changed. That's the democratic way. Letting FB get away with breaking the law, cause "people voluntarily use it .." is not.
(comment deleted)
> This scary slide towards people feeling that they know what is best for everyone else is extremely un-Democratic.

No it's not. Undemocratic would be a few prohibiting many from harming themselves. Even the majority prohibiting something would still be democratic. Democracy is not the same thing as libertarianism.

Wanting others to live healthier lives and saying that aloud has nothing to do with any form of government at all. I don't need to live in a dictatorship to talk about the dangers of alcohol, obesity, or facebook.

> Even the majority prohibiting something would still be democratic.

The vast majority of people use the services that a vocal few object to. We have already had a vote (implicitly) and we know where the will of the people lies. But there are people who believe the government should unilaterally overrule this because they believe they know what's best for them. That is absolutely undemocratic.

> Wanting others to live healthier lives and saying that aloud has nothing to do with any form of government at all. I don't need to live in a dictatorship to talk about the dangers of alcohol, obesity, or facebook.

Which of course is a complete strawman and not at all what I said, or claimed was ocurring.

They’ll move to a more respectful EU-based replacement. The core functionality of Facebook (blog-like pages & messaging) is not rocket science.
It is more like they are blackmailed that they will lose access to their friends if they leave. We don't use fb because it is a good product. We use it because it was 'hot' and now we are stuck with a company that agressively (ab)uses its network effect to gain profit and other benefits for itself.
I am one of this people and I would be enthusiastic about such change.

I am stuck on FB purely due to nasty network effects.

Yeah right.

After all that trouble for getting an extra billion users, they would abandon 350 million popular in targeted ads ones.

Sure. I'll believe that when I see it.

Hey Mark, can you please buy Pinterest, too before leaving EU?
No that would be a waste of money with no real synergies. They are better off buying a video games co like Take Two or Roblox for advancing the metaverse
The joke was that they want Pinterest removed in Europe as well.
At least from Google "search results". But reading HN comments regarding those it looks like we would be better off with Google leaving EU, too..
Jeremy Clarkson's "Oh no! Anyway..." comes to mind
Please don't forget to take WhatsApp with you.
How does this work for data involving both a EU citizen and non-EU citizen?
I'm guessing that this is the key problem.

Suppose California makes a nice new privacy-friendly law next year that prohibits personal data for its inhabitants from being moved abroad without explicit consent. Then, "x follows y" has to be kept in the EU if either X or Y is in the EU (AIUI and IANAL), and but if either is in California then the future Californian act also applies. This isn't simple, and x-to-y relationships are central to almost everything Facebook does.

Getting explicit consent to transfer just messages is fine.

FB has problem mostly due to their attempt to transfer various harvested personal data.

Do you really think so?

Start at the money end. FB wants to use the harvested data for selling more and/or more expensive advertising, right? That advertising is sold to companies that market something in the EU. It more or less has to be — a company that sells something to EU customers can't really escape having a presence in the EU.

So, given that, if Facebook were able to keep the EU data separate from the rest of the world, what speaks against spinning up another few servers running the same software that Facebook already has, running the analyses on a separate EU shard, and then selling the same advertising to the same companies, except with EU invoices made out from Facebook's Irish subsidiary?

That means that advertising customers such as P&G would receive at least eight monthly invoices for a four-month advertising campaign, and it means deploying software on more servers. Neither of those sound like showstoppers from where I sit (and I sit in an Expert Armchair).

So there must be something wrong with an assumptions, and to my mind, the big candidate is that the harvested data can't be cleanly sharded, because much of it comes from user pairs, and that the law doesn't allow unclean sharding and/or perhaps a little bit of export.

(comment deleted)
Whatsapp is not part of this because it doesn't store data in servers?

But what about the situation when a message is sent but not delivered. Doesn't the message sit in a server?

If messages are stored like media, it's gone from their servers in a couple of days, it seems. (If you don't hit the download button fairly soon, it complains that the media is no longer available and you'll have to ask your contact to resend it.)
"When contacted by City A.M. today, John Nolan, Meta’s London-based tech media and advertising communications leader, did not deny or play down the reports. Instead, he shared a statement from Nick Clegg, Meta’s VP of Global Affairs and Communications. Clegg warned that “a lack of safe, secure and legal international data transfers would damage the economy and hamper the growth of data-driven businesses in the EU, just as we seek a recovery from Covid-19.” “The impact would be felt by businesses large and small, across multiple sectors,” he continued."

Lol, the underhanded passive aggressive tone. "Let us use your data, or else...". I wish they'd actually have the balls to do it instead of just bluffing, because then we'd finally have a reason to build our own social networks.

If they pulled the plug on Europe that would be truely amazing.
No, they're calling the bluff on the hypocrisy of the laws to the extent they are singling out Facebook.

If EU pursued everyone to the same extent, it would be seriously damaging.

They're going to have to figure something else out, especially given the there's nothing inherently wrong with hosting and processing data offshore. If 'feels' like things could be improved if data were processed locally but the real consumer damage is not hugely material. I wonder if there is just a better way to deal with the issue, for example, by requiring that Facebook adhere to some minimum set of rules and that's that.

No, it doesn't single out Facebook at all. It applies to every company equally. What singles Facebook out is their practices. Equal treatment under the law means treating those equally who act equally, in this case it'd just be doing its job. Microsoft for example, already voluntarily stores data in Europe (https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boun...)

And of course the user damage is material, because American data protection laws are weaker than European ones. That's why they're shoving the data across the pond in the first place.

>by requiring that Facebook adhere to some minimum set of rules and that's that.

that literally is what the data protection legislation is about

" It applies to every company equally. "

It doesn't though. If laws are not prosecuted consistently, then they are not 'applied' consistently.

There's a lot of populist and political outrage (and jealousy) in the EU that I think has disproportionately singled out FB and it lacks hugely material legitimacy on the data protection front.

If FB magically had all EU citizens data hosted in the EU ... it wouldn't make a shred of a difference. Nobody would notice. It would be largely inconsequential.

For corporate and government data, i.e. Google Docs, I think it starts to make much more of a difference.

And if the EU would sort out their own IP laws (i.e. Ireland) they would be able to tax more efficiently.

'The Problem' is not so much FB or FAANGS, it's that Europe has been absent from the game and has zero winners in important and developing areas. If Google were based in Europe I think attitudes would be different and it would have little to do with 'data sovereignty'.

I support the notion of regionally hosted data, but it's a bit of a distraction.

> It doesn't though. If laws are not prosecuted consistently, then they are not 'applied' consistently.

Which company that breaks GDPR on the same scale as Facebook is not prosecuted though? If you make such an accusation please provide at least an example.

If you mean that the EU is using more resources to hold Facebook accountable than some two person shop: Yes. In the face of limited personal and time, you'll have to choose which to pursue first. And the EU has wisely decided that going after the big companies first gives the most bang for the buck.

The alternative, of course, is the U.S. approach, where say the IRS will not go after the richest tax criminals at all, but instead will go after the poorest/middle class because they know the latter, unlike the former, cannot afford expensive lawyers to fight them in court.
(comment deleted)
Americans have been complaining about the EU fining American companies because they “lost” since at least the Microsoft penalties.

And it has been a demonstrable lie right from the beginning, that only works because sites like HN, being US focused, will only post EU fines on American companies, and ignore the ones on European ones.

But European regulators have almost always cracked down harder on European companies than American ones.

Here, for example, is a list of the 25 largest GDPR fines from a couple of years ago.

https://www.tessian.com/blog/biggest-gdpr-fines-2020/

The vast majority of fines are against European companies (even if you slot the European subsidies of American companies, like Google Ireland, under the U.S.). Unsurprisingly the largest fines tend to be against massive U.S. companies for the simple reason that they have the most data, but despite the U.S. dominating online services, and as you state, EU companies “losing” online, GDPR has fines far more EU companies than US ones.

May I add this chart to the discussion?

http://fingfx.thomsonreuters.com/gfx/editorcharts/EU-GOOGLE-...

Sure, a lot of American tech companies on the list, who were fined for their absolutely egregious and illegal actions.

Daimler, Scania, DAF, Saint Gobain, Philips, Deutsche Bank and others are very European companies.

It just seems more an issue that the American press in general just isn't very interested what happens in the rest of the world. Except if it involves an American company that is.

If you don't believe that I suggest that you compare international reporting in The New York Times (arguably one of the papers with the highest proportion of international news) with a Frankfurter Allgemeine, or Neue Zürcher Zeitung, say.

Again more evidence against your own point.

That's anti-trust regulation and the majority of the fines clearly going to foreign companies.

I don't have the data, but I'll bet $1000 that the majority of US anti-trust fines are nor targeted towards foreign companies, rather domestic.

Europe imposes regulatory sanctions it seems for GDPR and anti-trust that disproportionately target foreign companies that seems clear.

"The vast majority of fines are against European companies"

? The vast majority the fines are to American companies. Literally on top of the list Google, Amazon, FB etc. make up 80% of the fines.

Google is paying $100M and Voda is paying $5M and you're saying they are targeted equally ...

The idea of data not leaving the EU is something I never fully understood.

Years ago, before GDPR was a thing, it was still required, at least in some situations, to store data in the EU. But...how does having a server physically in the EU, and people on other continents ssh'ing in, protect EU citizens?

It had crossed my mind that maybe only EU citizens were supposed to access it, but I'm not a lawyer, much less an international one.

It’s all about jurisdiction. If someone logs into an EU based server from the US, they are expected to abide by the laws of that EU country.
If you're doing business in/with the EU, you're probably subject to their jurisdiction. But I was talking about some kind of data protection laws.

You know what Remote Desktop is? People have, at least in some places and at some times, acted as if keeping data in the EU, meant that you could not, like, copy files off a server in the EU to a computer in the US, but you could sit in the US and access a computer via Remote Desktop in the EU to do the same work.

Sort of like handling toxic materials with waldos. But the more I thought about it, the less sense it made.

It's like when people say you can view information on a website, but not copy it. Viewing it is copying it; that's how computers work.

I think you might misunderstand how courts work. It’s very much humans making decisions, not computers.

> meant that you could not, like, copy files off a server in the EU to a computer in the US, but you could sit in the US and access a computer via Remote Desktop in the EU to do the same work.

All of this still makes a huge difference when the cops show up with a search warrant.

Yes, this made me realize I'd like to have at least some decent EU option that lets me have a feed, friends, and messaging in groups. I'd like it to be centralized for ease of user adoption. Just something simple for friends and family to connect that was under EU laws. It doesn't feel right to have my data cross legislative boundaries like this. At least the EU as a whole is becoming reasonably coherent in terms of privacy laws.

This regardless of what happens with Facebook. I'm personally pretty sure nothing will come of it especially now that their stock is tanking and 25% down. Compounding this loss of investor trust with also leaving EU due to regulatory pressure will start to seriously disrupt their business and further erode trust in that their business model is healthy enough to stay relevant for ad sales in the future.

Ah yes, the Big Tech strategy of turning legislation you don't like into something company ending. Or in this case, we can't do business in your country anymore

It's all bluster and everyone should give this exactly the attention it deserves. None.

I doubt they will say no to the money.
Why does Europe get everything nice? Please pull out of the USA too.
Facebook threat is unsurprisingly grotesque.

I'm more concerned by the naivety shown by anyone who might seriously imagine that this move from the EU is about protecting their privacy.

Sweet dreams.

Most people I know use fb because something called the collective action problem. Each individual would lose by leaving, but if everyone left at the same time, we'd have a more human centric platform. This is the case when laws should be written that state the what we expect from a copmpany operating here.
I'm generally a very optimistic person, but not even I believe this will happen.