This Leipzig ruling is notable, but the practical impact may be more limited than the €5,000 figure suggests. While the court explicitly said users don't need to prove individual damages to sue, European class action mechanisms are still quite different from US-style litigation.
Germany doesn't have the same litigation incentive structures as the US - no contingency fees, loser-pays costs, and relatively limited collective redress options. Most German consumers aren't going to file individual €5,000 lawsuits over tracking pixels, especially given the legal costs and time involved.
Personally, I hope this gets picked up by a consumer protection organization or a well-funded litigation group. Germany has been gradually expanding its collective action framework, but it's still primarily driven by qualified entities rather than individual plaintiffs.
It should be noted that this may not stand on appeal. The full decision is not yet available. All we know is from the press statement.
For example, the court ruled that the plaintiff is entitled to these damages without even hearing them personally on what kind of injury they sustained. This is an interesting direction, and we will see how it is argued in the decision itself. I would assume this could be something that Meta challenges on appeal.
Another way to go would be to argue that this lawsuit involves unresolved questions of EU law that need to be addressed by the ECJ.
In either case, this verdict will create some legal uncertainty in the short term, and I assume many people will sue---but we shall see what happens on appeal and perhaps at the ECJ, which will perhaps be a couple of years out.
What I don't understand is the responsibility of Facebook vs the operator of the website where the tracking takes place. I thought that under GDPR it was the responsibility of the website to get consent from users before passing on data to ad networks.
What do you mean by website as a "place"? I'm not so sure the GDPR mentions tracking. Here's what the court said was relevant:
"Meta, Betreiberin der sozialen Netzwerke Instagram und Facebook, hat Business Tools entwickelt, die von zahlreichen Betreibern auf ihren Webseiten und Apps eingebunden werden und die Daten der Nutzer von Instagram und Facebook an Meta senden. Jeder Nutzer ist für Meta zu jeder Zeit individuell erkennbar, sobald er sich auf den Dritt-Webseiten bewegt oder eine App benutzt hat, auch wenn er sich nicht über den Account von Instagram und Facebook angemeldet hat. Die Daten sendet Meta Ireland ausnahmslos weltweit in Drittstaaten, insbesondere in die USA. Dort wertet sie die Daten in für den Nutzer unbekanntem Maß aus."
Can't some shady legal firm now just dig out who is in the exact same situation as this user, and sue on behalf of them, keeping (say) 10%? I'd be happy to let them.
But in the end this kind of thing shouldn't be regulated by lawsuits from individuals. The fines as I remember it can be up to 4% global annual revenue and it's about time someone actually handed a fine of 4% global annual revenue to a company the size of Meta, so companies finally realize that the law isn't just a recommendation.
There are (non-shady) firms that do exactly this for other areas (flight compensation, most notably).
There are some issues with contingency fees in German legal professional law. However, it can be argued that suing for these 5,000 EUR is just "collections", so it may be allowed.
The risk lies elsewhere: As I outlined in another comment, there is reason to believe that this may not stand on appeal, or at least that other courts in other parts of Germany may decide differently. As a result, it takes a lot of capital to keep all of these lawsuits going until the Federal Court of Justice or the ECJ have decided and there is legal certainty.
My understanding is that there is no 1-to-1 European equivalent to class action lawsuits in the USA.
There is a EU directive that allows for "representative action" but it's much narrower scope compared to what Americans are familiar with in class action.
AFAIK Germany (and most European countries) has civil law, so court rulings probably won't have as much of an impact as it would in countries like the US
You guys remember how 5+ years ago, an headline like this on HN would invariably prompt cries from the Americans that this was just the Europeans finding excuses to take advantage and steal from poor innocent American companies. How the mood has changed on this huh. I'm glad to see the European approach vindicated, even if at times not strong enough.
And not only are those cries wrong, reality is quite the opposite. The vast majority of fines are towards european businesses. Big Tech aren't the only ones who violate data privacy standards all the time. [0] You just don't read about those here, so people like to just assume those fines don't exist.
Additionally, it helps to actually learn how the current law developed - it primarily was modeled after the german Bundesdatenschutzgesetz, which was put into law in a modern form in the 90s, long before FAANG.
Worth noting the tracker does not track which fines are currently being contested (in an obvious manner). i.e. do not assume all the fines you see there have actually been paid
Though probably safe to assume the smaller fines against smaller companies with smaller lobbying^H^H^H^H^H^H legal teams most likely have :-)
I went to the site and sorted by fine - I needed to go to the bottom of second list to find a non US company ? By the time I get to pages that are mostly non US companies the fines are two orders of magnitude smaller and dropping fast - do you have any aggregate view to compare ? I would not be surprised at all that indeed most of the fines were towards US companies in total amount.
No no, you misunderstand. Over here in America we have given up on fighting it and prefer to let mega-corps like Google and Meta own the advertising space. Smaller companies quickly moved to a subscription model, at least until the EU finds a way to make money illegal.
Amazing. On like every thread of EU fining some US company for things such as privacy violations there's a stream of mor... er... users claiming that EU is only using that as a revenue stream to extract money from US companies because they have no homegrown businesses or similar bullshit (despite European companies being fines the same way).
Hell, you can find some of the same moronic arguments on this very thread still.
>You guys remember how 5+ years ago, an headline like this on HN would invariably prompt cries from the Americans
I remember it. I'm pretty sure it's always just been the sellouts that work for anti-consumer tech companies (and the wannabes). Sometimes they're rationalizing their career to themselves and us, othertimes they're aware and just saying whatever they think will keep the con running for as long as possible.
One of the things HN serves as is a no-risk place for scrupleless software businesspeople to practice how to swindle nerds with specious arguments.
Money and economy is an instrument, not a goal. If a person lives a rat life, being constantly spied, manipulated and sold, what's the point of being richer? To buy what? The most precious thing of freedom and independence is lost already then.
Those companies choose to operate in the EU, if they don't like the legal environment they can just pack up and leave. Why do you think they don't do that? Why do you feel the need to defend companies breaking the law?
You can’t really express those opinions here anymore because of the overall political shift of the website, which is enforced (always has been) through the moderation system. It’s not specifically about this particular decision.
Interesting that the court emphasized identifiability even without logging in. That cuts right through the usual "anonymous tracking" defense a lot of companies hide behind
You can scan any website or ecommerce solution and see which 3rd parties they load before consent using this free privacy scanner -> https://privacyscanner.aesirx.io/
73% of Danish Business Websites Found in Violation of GDPR Consent Rules.
After scanning 36,496 company domains in Denmark, we found that over 73% load trackers before consent - including Google Tag Manager, Google Analytics, Facebook, and even third-party CMPs.
Very interesting. Could become a geopolitical and trade football between Europe and US. Tariffs anyone? Ultimately it’s a question of power: will Europe allow its citizens to be predated upon? My guess is probably.
1. The sum. You are tracked and you get shown some ads. How does that causes you 5k EUR in damages?
2. Responsibility. If a site decides to add tracking or ads from a company, is only the ads company responsible for the tracking and damages?
3. Many of the services on the internet are free or cheaper because of ads. Because of that I find the attitude of the judges making these rulings disingenuous.
4. How much of this is outrage against American companies caused by the rift between US and Europe?
Imo a lot of change is already happening. The sentiment wasn't good the last years but now it's turning into going away from American services rather sooner than to late.
More and more European alternatives pop up, governments and companies are switching stack.
It will take a while to migrate, but I am sure effects will be visible soon enough to US companies
Just because a profile can be valuable, that doesn't mean that someone creating that profile damages you by that amount. If I document a celebrity's hobbies I'm not damaging the celebrity.
These tracking "pixels" are used across the entire ad tech industry. It is very pervasive. Amazon, Twitter / X, Facebook / Meta, Pinterest, Snap, TikTok...
It's not just pixels. They strongly encourage site owners to send (normalised and hashed) personal data from every interaction to them, with the promise of better targeting for the site's ads. You cannot block this or opt out because it's server-side.
I recently told my bank I don't agree to their new privacy terms. I sent them all 26 pages, marked up with various red lines crossing out the objectionable clauses. One was about tracking pixels, web beacons and the like.
There was also much worse stuff contained like behavioral profiling and sharing my data with outside advertising conglomerates.
After-the-fact opt out mechanisms were described for a lot of it, but I explained very clearly that I am not consenting in the first place. The fact they provide an opt out for some of the most shameful portions reinforces that they don't need consent in the first place to provide me with banking services. I don't know who in their right mind would accept such terms. Unfortunately most individuals I know wouldn't have a clue what the jargon means or how it affects them.
A meeting was set up with my bank manager, and to underscore my point I brought in the original, aged-parchment paperwork I signed over two decades ago to open the account. That was only 5 pages long by comparison.
I also brought in a screenshot from Facebook that proved the bank uploaded some information about me to them in a Custom Audience customer list (a tool offered to advertisers that perversely deputizes them in Meta's quest to ingest all of our personal information). They have no business telling Meta or other third parties who I bank with (which is what the hashed uploaded lists are used to match & confirm).
The manager was quite understanding of my concerns and agreed none of what I objected to is legitimately needed to provide me with banking. I politely explained if they expected me to agree to this garbage I would take my personal and business deposits elsewhere.
I was pragmatic, and realize they're not going to reprogram their whole web portal just for me, but told them if they were going to go ahead and embed web beacons and the like in pages served up to me, or engage in more aggressive privacy violations, then they're doing so without my consent (an important distinction if I suffer damages down the line). In the end, my redlined version of their policy was affixed to my file to document that I do not in fact accept their terms, and they got to keep me as a customer. Not as good as a countersigned revised agreement, but enough to indicate my intent should consensus ad idem come into question.
I realize this was a lot of time and effort (and some risk of further nuisance if it failed and my accounts had to be closed), expended for something most people don't seem to care about. But the growing trend of companies outside tech adopting all our worst dark patterns really gets my gears grinding.
The story goes to show that if you choose to push back, sometimes you can win.
Good job Europe, keep blazing a trail which I hope my country eventually decides to follow.
The footballification of everything. Most important is to score a point against "the other team", nevermind the world going to shit in the process.
And that is 90% of the issue US culture has at the moment. You are not thinking about topics and how they impact your lifes, you're thinking about whose team that topic is on and how you can show them.
Only issue is that voting politicians whose topics negatively impact your life out of office is your only agency within a democracy. Giving it up while thinking "my tribe strong" is the ultimate ideocracy.
The denial to market by vetoing is working, but its not a long term strategy. To push that back, the eu would have to push its own social network alternative, that undermines Metas growth in those fields.
I can not see that yet-
> the eu would have to push its own social network alternative
Why?
A thing it seems like a lot of people are missing is that European companies are taken to the same (if not a higher) standard for compliance with EU law.
The EU regulates to ensure that market participants work fairly - these rules are generally not about trading barriers (if they were, they'd do it poorly)
> Most parts of Europe long moved away from any social media dependency all that's left is IM/chatting.
Glancing at people's phone screens while riding public transport, I beg to differ. Doom scrolling everywhere. Though much of it is arguably not really 'social network'-like, as most posts appear to be from strangers half a globe away.
If there were some huge multi-national social media company headquartered in France, I don't see any reason to believe things would be better. It might be theoretically easier to hold them accountable, but I suspect EU governments would be more prone to listen to their lobbying instead.
I can subscribe to the people I want to keep up with just fine. I do not need alternative ad-money-fueled intermediaries that get to decide what to insert into and remove from my feed. If there are no indefinitely growing profits to be made there, that is perfectly okay.
The point in the case is that Meta kept a detailed profile of the individual, and then processed that data, even though the person didn't have an account with the company.
That's against the EU's data processing and consent laws, irrespective of the actions of the third party app.
My unpopular opinion: they shouldn't seek consent, this should be completely opt in. Draconian laws should make this happen and flip this backward industry so everything is opposite.
This Leipzig ruling is notable, but the practical impact may be more limited than the €5,000 figure suggests. While the court explicitly said users don't need to prove individual damages to sue, European class action mechanisms are still quite different from US-style litigation.
Germany doesn't have the same litigation incentive structures as the US - no contingency fees, loser-pays costs, and relatively limited collective redress options. Most German consumers aren't going to file individual €5,000 lawsuits over tracking pixels, especially given the legal costs and time involved.
Personally, I hope this gets picked up by a consumer protection organization or a well-funded litigation group. Germany has been gradually expanding its collective action framework, but it's still primarily driven by qualified entities rather than individual plaintiffs.
In Germany consumers are opted in by default, unlike all other European Countries.
This is also why there currently are class action lawsuits against X and Tiktok based in Germany with claims of damages of EUR 500 and EUR 2000.
Sounds like something someone could commoditise. 2500 free euro! Sign here!
AFAIK that business model already works with rental contracts.
3 replies →
It should be noted that this may not stand on appeal. The full decision is not yet available. All we know is from the press statement.
For example, the court ruled that the plaintiff is entitled to these damages without even hearing them personally on what kind of injury they sustained. This is an interesting direction, and we will see how it is argued in the decision itself. I would assume this could be something that Meta challenges on appeal.
Another way to go would be to argue that this lawsuit involves unresolved questions of EU law that need to be addressed by the ECJ.
In either case, this verdict will create some legal uncertainty in the short term, and I assume many people will sue---but we shall see what happens on appeal and perhaps at the ECJ, which will perhaps be a couple of years out.
What I don't understand is the responsibility of Facebook vs the operator of the website where the tracking takes place. I thought that under GDPR it was the responsibility of the website to get consent from users before passing on data to ad networks.
Both are liable. From TFA:
"The court’s decision exposes all websites and apps using tracking technology to significant lawsuits, experts said."
1 reply →
What do you mean by website as a "place"? I'm not so sure the GDPR mentions tracking. Here's what the court said was relevant:
"Meta, Betreiberin der sozialen Netzwerke Instagram und Facebook, hat Business Tools entwickelt, die von zahlreichen Betreibern auf ihren Webseiten und Apps eingebunden werden und die Daten der Nutzer von Instagram und Facebook an Meta senden. Jeder Nutzer ist für Meta zu jeder Zeit individuell erkennbar, sobald er sich auf den Dritt-Webseiten bewegt oder eine App benutzt hat, auch wenn er sich nicht über den Account von Instagram und Facebook angemeldet hat. Die Daten sendet Meta Ireland ausnahmslos weltweit in Drittstaaten, insbesondere in die USA. Dort wertet sie die Daten in für den Nutzer unbekanntem Maß aus."
1 reply →
Can't some shady legal firm now just dig out who is in the exact same situation as this user, and sue on behalf of them, keeping (say) 10%? I'd be happy to let them.
But in the end this kind of thing shouldn't be regulated by lawsuits from individuals. The fines as I remember it can be up to 4% global annual revenue and it's about time someone actually handed a fine of 4% global annual revenue to a company the size of Meta, so companies finally realize that the law isn't just a recommendation.
There are (non-shady) firms that do exactly this for other areas (flight compensation, most notably).
There are some issues with contingency fees in German legal professional law. However, it can be argued that suing for these 5,000 EUR is just "collections", so it may be allowed.
The risk lies elsewhere: As I outlined in another comment, there is reason to believe that this may not stand on appeal, or at least that other courts in other parts of Germany may decide differently. As a result, it takes a lot of capital to keep all of these lawsuits going until the Federal Court of Justice or the ECJ have decided and there is legal certainty.
My understanding is that there is no 1-to-1 European equivalent to class action lawsuits in the USA.
There is a EU directive that allows for "representative action" but it's much narrower scope compared to what Americans are familiar with in class action.
Yes. But there's law firms who streamline such individual processes if the business case is actually large enough.
For example there's a law that says the airline needs to pay you 400€(?) if your flight is delayed by more than 2h if it's due to the airlines fault.
There's a company that handles these cases for 130€.
That's 270€ you get and you just need to enter some data.
9 replies →
Pedantry: the EU doesn't have a unified legal system.
Yeah, class action-style suits are probably coming, especially now that this ruling sets a precedent
AFAIK Germany (and most European countries) has civil law, so court rulings probably won't have as much of an impact as it would in countries like the US
3 replies →
You guys remember how 5+ years ago, an headline like this on HN would invariably prompt cries from the Americans that this was just the Europeans finding excuses to take advantage and steal from poor innocent American companies. How the mood has changed on this huh. I'm glad to see the European approach vindicated, even if at times not strong enough.
And not only are those cries wrong, reality is quite the opposite. The vast majority of fines are towards european businesses. Big Tech aren't the only ones who violate data privacy standards all the time. [0] You just don't read about those here, so people like to just assume those fines don't exist.
Additionally, it helps to actually learn how the current law developed - it primarily was modeled after the german Bundesdatenschutzgesetz, which was put into law in a modern form in the 90s, long before FAANG.
[0] see the tracker: https://www.enforcementtracker.com/
Worth noting the tracker does not track which fines are currently being contested (in an obvious manner). i.e. do not assume all the fines you see there have actually been paid
Though probably safe to assume the smaller fines against smaller companies with smaller lobbying^H^H^H^H^H^H legal teams most likely have :-)
I went to the site and sorted by fine - I needed to go to the bottom of second list to find a non US company ? By the time I get to pages that are mostly non US companies the fines are two orders of magnitude smaller and dropping fast - do you have any aggregate view to compare ? I would not be surprised at all that indeed most of the fines were towards US companies in total amount.
21 replies →
I was surprised to see doctors and even a bakery on the list!
1 reply →
5 years? I think it was last week.
[flagged]
[flagged]
4 replies →
[flagged]
As an American, my reservations about European privacy laws are related to jurisdiction, and none of them applies here. I welcome this decision.
No no, you misunderstand. Over here in America we have given up on fighting it and prefer to let mega-corps like Google and Meta own the advertising space. Smaller companies quickly moved to a subscription model, at least until the EU finds a way to make money illegal.
Americans are still asleep at 7GMT ;)
> cries from the Americans that this was just the Europeans finding excuses to take advantage and steal from poor innocent American companies
Spotify found in violation of EU data protection laws by Stockholm Court - https://www.investing.com/news/stock-market-news/spotify-fou...
Or what about Enel (Italian): https://www.reuters.com/business/energy/italy-regulator-fine...
Or Criteo (French): https://techcrunch.com/2023/06/22/adtech-giant-criteo-his-wi...
H&M (Swedish) fined for breaking GDPR over employee surveillance: https://www.bbc.com/news/technology-54418936
etc.
Probably people who own stock in those companies
Er... No, sorry, I don't remember anyone saying that at all.
Amazing. On like every thread of EU fining some US company for things such as privacy violations there's a stream of mor... er... users claiming that EU is only using that as a revenue stream to extract money from US companies because they have no homegrown businesses or similar bullshit (despite European companies being fines the same way).
Hell, you can find some of the same moronic arguments on this very thread still.
2 replies →
I very clearly do. So that's weird.
It entirely saturates discussions about companies that rhyme with "Snapple" in my experience.
1 reply →
LOL there's people saying it in this thread.
>You guys remember how 5+ years ago, an headline like this on HN would invariably prompt cries from the Americans
I remember it. I'm pretty sure it's always just been the sellouts that work for anti-consumer tech companies (and the wannabes). Sometimes they're rationalizing their career to themselves and us, othertimes they're aware and just saying whatever they think will keep the con running for as long as possible.
One of the things HN serves as is a no-risk place for scrupleless software businesspeople to practice how to swindle nerds with specious arguments.
[flagged]
Personally, as an American, I'd happily push our economy down the stairs to dissociate from people who espouse this sort of attitude.
The economy is also in tatters because Germans relied too much on US and Chinese markets.
All of these have the same root cause. American imperialism that has for too long been tolerated here. Thankfully, things are starting to change.
1 reply →
Money and economy is an instrument, not a goal. If a person lives a rat life, being constantly spied, manipulated and sold, what's the point of being richer? To buy what? The most precious thing of freedom and independence is lost already then.
Without dignity it's better to die.
So in your eyes, a race to the moral and ethical bottom is the only way a society should function?
> Also a coincidence that Trump happens to be pushing the poor innocent Germans to contribute to their own defense.
Trump is literally supporting Russia.
> How the mood has changed on this huh.
I don't think you're right on the timing, but a related essay:
https://www.imightbewrong.org/p/why-doesnt-hitler-mcfuckface...
I don't think the mood of Americans has really changed. It's just that right now only the Europeans are awake.
>How the mood has changed on this huh.
has it? if anything, EU continues to fleece US companies with nonsensical, hastily-implemented laws and absurd fines.
https://duckduckgo.com/?q=EU+DSA+twitter
It's funny how American always bring up data privacy violation fines as fleecing US companies, but never complain about the fines against car manufacturers in the US (which have been largely against non-US companies)[https://young-lawgroup.com/news/the-largest-auto-fines-in-u-... https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal].
Just to clarify I completely agree with the fines in both the US and EU, remember big corporations are not your "team" (for the vast majority of you).
1 reply →
Those companies choose to operate in the EU, if they don't like the legal environment they can just pack up and leave. Why do you think they don't do that? Why do you feel the need to defend companies breaking the law?
6 replies →
Meta is very welcome to stop operating in EU to not be subject to their laws.
Or, you know, they could just respect the law. Like other companies that operate here. Novel concept I know.
And, to complement your lack of research, EU companies are subject to those laws and are frequently fined as well for those violations.
You can’t really express those opinions here anymore because of the overall political shift of the website, which is enforced (always has been) through the moderation system. It’s not specifically about this particular decision.
I really hope it turns into a class action because I'd so wish to be part of it
Can't wait for this to hit the fan: https://wire.com/en/blog/metas-stealth-tracking-another-eu-w...
And, just like always, nothing meaningful will be done.
Interesting that the court emphasized identifiability even without logging in. That cuts right through the usual "anonymous tracking" defense a lot of companies hide behind
You can read full analysis here:
https://www.linkedin.com/pulse/5000-pixel-tracker-why-latest...
In Germany consumers does not need to file a lawsuit, they are included by default, which is very different than all other European countries.
You can scan any website or ecommerce solution and see which 3rd parties they load before consent using this free privacy scanner -> https://privacyscanner.aesirx.io/
73% of Danish Business Websites Found in Violation of GDPR Consent Rules. After scanning 36,496 company domains in Denmark, we found that over 73% load trackers before consent - including Google Tag Manager, Google Analytics, Facebook, and even third-party CMPs.
https://news.ycombinator.com/item?id=44533592
Wild numbers that prove that something needs to be done about the problems
There's a very easy solution to this: ban 3rd party tracking altogether. Then there wouldn't be any confusion.
Very interesting. Could become a geopolitical and trade football between Europe and US. Tariffs anyone? Ultimately it’s a question of power: will Europe allow its citizens to be predated upon? My guess is probably.
I have a few big problems with this ruling:
1. The sum. You are tracked and you get shown some ads. How does that causes you 5k EUR in damages?
2. Responsibility. If a site decides to add tracking or ads from a company, is only the ads company responsible for the tracking and damages?
3. Many of the services on the internet are free or cheaper because of ads. Because of that I find the attitude of the judges making these rulings disingenuous.
4. How much of this is outrage against American companies caused by the rift between US and Europe?
Call me cynical, but nothing's going to change
Imo a lot of change is already happening. The sentiment wasn't good the last years but now it's turning into going away from American services rather sooner than to late.
More and more European alternatives pop up, governments and companies are switching stack.
It will take a while to migrate, but I am sure effects will be visible soon enough to US companies
If these rulings and laws were meaningless, the Trump administration wouldn't be blackmailing the EU over it.
Just because a profile can be valuable, that doesn't mean that someone creating that profile damages you by that amount. If I document a celebrity's hobbies I'm not damaging the celebrity.
Meta and their scummy little ways. And this is just what we know they're up to.
These tracking "pixels" are used across the entire ad tech industry. It is very pervasive. Amazon, Twitter / X, Facebook / Meta, Pinterest, Snap, TikTok...
It's not just pixels. They strongly encourage site owners to send (normalised and hashed) personal data from every interaction to them, with the promise of better targeting for the site's ads. You cannot block this or opt out because it's server-side.
3 replies →
Yep, and it doesn't make it right.
I recently told my bank I don't agree to their new privacy terms. I sent them all 26 pages, marked up with various red lines crossing out the objectionable clauses. One was about tracking pixels, web beacons and the like.
There was also much worse stuff contained like behavioral profiling and sharing my data with outside advertising conglomerates.
After-the-fact opt out mechanisms were described for a lot of it, but I explained very clearly that I am not consenting in the first place. The fact they provide an opt out for some of the most shameful portions reinforces that they don't need consent in the first place to provide me with banking services. I don't know who in their right mind would accept such terms. Unfortunately most individuals I know wouldn't have a clue what the jargon means or how it affects them.
A meeting was set up with my bank manager, and to underscore my point I brought in the original, aged-parchment paperwork I signed over two decades ago to open the account. That was only 5 pages long by comparison.
I also brought in a screenshot from Facebook that proved the bank uploaded some information about me to them in a Custom Audience customer list (a tool offered to advertisers that perversely deputizes them in Meta's quest to ingest all of our personal information). They have no business telling Meta or other third parties who I bank with (which is what the hashed uploaded lists are used to match & confirm).
The manager was quite understanding of my concerns and agreed none of what I objected to is legitimately needed to provide me with banking. I politely explained if they expected me to agree to this garbage I would take my personal and business deposits elsewhere.
I was pragmatic, and realize they're not going to reprogram their whole web portal just for me, but told them if they were going to go ahead and embed web beacons and the like in pages served up to me, or engage in more aggressive privacy violations, then they're doing so without my consent (an important distinction if I suffer damages down the line). In the end, my redlined version of their policy was affixed to my file to document that I do not in fact accept their terms, and they got to keep me as a customer. Not as good as a countersigned revised agreement, but enough to indicate my intent should consensus ad idem come into question.
I realize this was a lot of time and effort (and some risk of further nuisance if it failed and my accounts had to be closed), expended for something most people don't seem to care about. But the growing trend of companies outside tech adopting all our worst dark patterns really gets my gears grinding.
The story goes to show that if you choose to push back, sometimes you can win.
Good job Europe, keep blazing a trail which I hope my country eventually decides to follow.
14 replies →
[flagged]
The footballification of everything. Most important is to score a point against "the other team", nevermind the world going to shit in the process.
And that is 90% of the issue US culture has at the moment. You are not thinking about topics and how they impact your lifes, you're thinking about whose team that topic is on and how you can show them.
Only issue is that voting politicians whose topics negatively impact your life out of office is your only agency within a democracy. Giving it up while thinking "my tribe strong" is the ultimate ideocracy.
2 replies →
The denial to market by vetoing is working, but its not a long term strategy. To push that back, the eu would have to push its own social network alternative, that undermines Metas growth in those fields. I can not see that yet-
> the eu would have to push its own social network alternative
Why?
A thing it seems like a lot of people are missing is that European companies are taken to the same (if not a higher) standard for compliance with EU law.
The EU regulates to ensure that market participants work fairly - these rules are generally not about trading barriers (if they were, they'd do it poorly)
The next social network will not be another social network.
Most parts of Europe long moved away from any social media dependency all that's left is IM/chatting.
Where only WhatsApp is a somewhat popular American software, the rest isn't.
Edit:// to clarify I am not saying people aren't using Instagram or even Facebook. My point is they don't use it to socialize anymore
> Most parts of Europe long moved away from any social media dependency all that's left is IM/chatting.
Glancing at people's phone screens while riding public transport, I beg to differ. Doom scrolling everywhere. Though much of it is arguably not really 'social network'-like, as most posts appear to be from strangers half a globe away.
1 reply →
I'd love to agree, but 99% of the people I know use Instagram more than once per day.
2 replies →
Yeah it does feel like social media is... kinda over?
Everyone I know is tired of the concept and tired of the tracking and profiling it entails.
If there were some huge multi-national social media company headquartered in France, I don't see any reason to believe things would be better. It might be theoretically easier to hold them accountable, but I suspect EU governments would be more prone to listen to their lobbying instead.
Why France?
France is not exempt from its anti privacy law attempts around mass surveillance.
1 reply →
I can subscribe to the people I want to keep up with just fine. I do not need alternative ad-money-fueled intermediaries that get to decide what to insert into and remove from my feed. If there are no indefinitely growing profits to be made there, that is perfectly okay.
Regulatory pressure can slow Meta down...
[flagged]
Isn't it easier to click on the link and read the first paragraph or skim the article?
[flagged]
Some people are so dumb they don't know how dumb they are. Thank you for making me realize I'm one of those.
[flagged]
The point in the case is that Meta kept a detailed profile of the individual, and then processed that data, even though the person didn't have an account with the company.
That's against the EU's data processing and consent laws, irrespective of the actions of the third party app.
If I try to rob a bank and succeed, it's not my fault if the bank doesn't protect it's money sufficiently well.
That's how a lot of security researchers think...
2 replies →
Meta has the same obligations to seek consent regardless Og how they obtain the data - that seems fair, no?
My unpopular opinion: they shouldn't seek consent, this should be completely opt in. Draconian laws should make this happen and flip this backward industry so everything is opposite.
5 replies →
People are harmed, Meta benefits. That means Meta did wrong, the middle is just details.
Nice!