The problem is that the law raises more questions than it answers. But arguably, features like being having a profile in the first place could be affected. The law demands that only the minimal amount of personal information required for a specific purpose be collected, and then that it must be deleted as soon as that purpose has been completed. They cannot request more information than perhaps the person’s name and email address, lest they run afoul of this law. So if someone posts something in their timeline, how long is it allowed to stay? Until all friends have seen it, or longer? Was it a violation of the law to even have a space for the user to enter the information into the timeline, since it wasn’t “necessary”?
So the EU has created a law that Facebook and many other online services will arguably at all times be in violation of. This will create an environment where the EU can use the threat of enforcing the law to effectively impose its will on these massive businesses that cannot comply and still run their business. This was sold to the public as a privacy law, but it’s really just a huge power play.
This comment is really inaccurate. Under GDPR you must have a legal basis for all data processing activities. In the case of maintaining a social profile, the legal basis is "explicit consent" pursuant to "serving the interests of the data subject". Therefore the posts on the wall can stay up as long as the user continues to consent to their staying up.
What cannot be kept indefinitely is the data that Facebook has not received explicit consent for -- the profiling in the background, scraping information from other sites, and so on.
HN seems united in its love of this legislation (someone even called me a "f*cking ignorant clown" in a flagged comment below), so I'll leave this thread with this. GDPR wouldn't be the first time that well-intentioned but broadly written laws have created the potential for unforeseen and very nasty results. One recent example is how the passage of FOSTA - a law designed to deter human trafficking - resulted in the instant shutdown of one of the largest and oldest personals sites on the Internet [1].
Broadly written legislation, whether intended by its authors or not, always winds up being used as a tool to gain leverage where the government didn't have it before. So yes, there will be some good things that result from this legislation, just as some good things will likely result from FOSTA. But because it is so broadly written and many things in it will be up to the interpretation of individual courts when actions are brought under it, mark my words: it will be used in ways that nobody defending it in this thread has thought about, to impose fines and other sanctions on companies (perhaps even some of the startups of HN users, should some government person in the EU take issue with their business) for reasons that you may very well not agree with.
I believe previous legislation regarding cookies was a mess like you said, and a big learning process for the EU.
I’ve worked with people who are experts on the new regulations. They don’t seem to be at all confused about what it means or implies. The only unknowns they’re talking about is the practicalities of someone like Facebook conforming eg requesting many different permissions. But that’s because businesses like Facebook are doing unethical stuff, ie they’ve been doing things you really won’t want to explicitly give them permission to do.
> always winds up being used as a tool to gain leverage where the government didn't have it before.
GDPR builds on previous law, such as PECR and DPA.
If it's not legal under GDPR there's a good chnce it was already not legal under PECR or DPA. And we didn't see those used by governments to get leverage.
> The law demands that only the minimal amount of personal information required for a specific purpose be collected, and then that it must be deleted as soon as that purpose has been completed. [...] So if someone posts something in their timeline, how long is it allowed to stay? Until all friends have seen it, or longer?
In that example, wouldn't the specific purpose be "to display it on the user's timeline" (or on the user's profile)? So it would be allowed to stay as long as the timeline (or the user's profile) is visible (and the user didn't mark that piece of information as hidden).
But collecting the wall post in the first place, which was not necessary for any party, may in fact be illegal under this law. It says specifically that companies are to collect "the minimum amount of information necessary". If I put a box in front of you and encourage you to input highly personal data, such as what you had for lunch, who you voted for, what you're doing at work today, or how you're feeling today...am I not actively violating this law? There's at least an argument to be made that I am.
> So if someone posts something in their timeline, how long is it allowed to stay? Until all friends have seen it, or longer? Was it a violation of the law to even have a space for the user to enter the information into the timeline, since it wasn’t “necessary”?
I'm not following the logic here. A social network to me is a place where you post information you're willing to broadcast publicly or to your friends. That's the whole point of social networks. Users understand this and want their data used in that way so I don't see how it would be against GDPR.
Eeeee... yes you are not following logic, one thing is you sharing your data to your friends. Something else is social network selling those data or use them against you for their benefit.
Every time the EU implements some law or regulation regarding control of personal data and privacy, someone has to dismiss all the problems those laws are intended to address entirely, and go on to post some defensive, nationalist spiel about it being an attack on US companies.
Perhaps the problem is that these companies make their money in an incredibly unethical way that an increasing number of people are very uncomfortable with?
Stop turning this into something it isn't. All you are doing is poisoning the debate.
What the fuck are you smoking. Five fucking years this legislation has been open for public discussion, thousands of hours of open hearings. Every arsehole has had their five minutes. Every fucking detail and possible consequence discussed and argued over. Nearly two fucking years since it became law across the EU, a month from going into force and fucking ignorant clowns like you pop up with the dumbest fucking takes.
So the EU has created a law that Facebook and many other online services will arguably at all times be in violation of. This will create an environment where the EU can use the threat of enforcing the law to effectively impose its will on these massive businesses that cannot comply and still run their business. This was sold to the public as a privacy law, but it’s really just a huge power play.