Of course it does.
I have noo idea what happens if I press "Save settings" on all these cookie banners.
Pretty sure somewhere there is a hidden checkbox that allows everything. It probably still tracks, just makes you happy reading the giant popup list.
They invented "essential cookies for marketing purposes" anyway.
And after there was this "You accept tracking ads or you pay to us" popup.
Similar issue with Reddit's privacy "settings" last I checked. I'd uncheck everything. Then I'd go back. Some stayed unchecked. Some didn't. Go figure.
Not at all, malicious may even be preferable as that's easier to correct than "skill issue." But I would argue it does matter from the "$TECH_CO bad amirite" perspective.
Having done a fair amount of important-but-niche work.. yeah. There are genuinely very few incentives to do this sort of work. It's very much to the point where doing stuff like this necessitates being aggressive towards people who aren't used to that sort of interaction, which is socially extremely difficult to do. And that often even means being aggressive towards colleagues who tend to have softer opinions on things. The alternative is languishing in hidden problems. The folks who end up doing this work, IME, have been burned pretty hard in the past and have decided to continue to wade through the potential of being burned again. Not many people do that.
Ultimately, there aren't that many people who have the technical knowledge, the ideology (that the internet should be for the good of the general public, not for corporations), the dedication and the time - and those who do exist are split between multiple issues (e.g. preventing the CSAM bill).
In this case, it's specifically that not all DPAs are doing their job correctly: some due to understaffing, others arguably due to ideological reasons.
I partially blame the GDPR itself - I still stand behind the spirit of that law, but it's IMHO not strict enough (or has too many loopholes): I think the selling of personal data to third parties should have been banned outright.
Not OP, but Max Schrems (and that's why the decisions related to this are called Schrems, Schrems II et al.). To be fair, he leads NOYB (so it's not just him), but he has a personal interest here.
We don't know the name, the article states that the org is putting itself in front. I am not surprised someone doesn't want to get entangled with Meta and use his/her own resources to fight this beast.
Oh, really? Even more opaque. You don’t need to be of voting age (??) in order to be an activist or political in some sort of way. I’m pretty sure that Greta Thunberg wasn’t when she became famous.
Anyway, if this thread leaves you frustrated then maybe just don't participate in it?
The EU has 100's of millions of people, not all of them are in a position to bring this kind of effort because it requires bringing suit (which children may be able to do but don't generally do) and a very large chunk of a lifetime's worth of dedication. So in an attempt to roughly indicate the order of magnitude of difference between the number of people that could have taken action but didn't I used the 300 million figure. I haven't checked it for accuracy and Greta Thunberg notwithstanding the fact that you bring her up as an example is exactly because such individuals are so rare which is exactly the point that I was making.
Without Schrems for privacy and without Thunberg for climate change these subjects would get less attention than they do, and both of them have been instrumental in making meaningful change when in fact both of these subjects should concern the vast majority of that 300 million, give or take.
I completely understand Meta finding profitable ways to skirt around the law - even breaking it subtly at times.
But I'm very surprised the apparent offsenses are so large and so obvious.
I was expecting them do do more subtle things like 'accidentally' asking users their cookie preference every time they use the site till they hit accept, and then never asking them ever again. When investigated, they can easily say 'oh, it was a bug because the fact the user rejected cookies was itself stored in a cookie'.
> But I'm very surprised the apparent offsenses are so large and so obvious.
As long as it continues to be more profitable to go big when they break the law that's what facebook will do. Same as any other company. No need for facebook to even try to hide it because the fines/slaps on the wrist just don't matter. Try locking up CEOs or shareholders and watch how quickly they start following the law.
The DPC (if it is legally an option) should go for the highest possible fines available to them at this point, since Meta has by repeated and wilful infringing made it pretty clear that they will try anything to get around these laws.
Like I have some sympathy for a legacy business that simply mismanages their GDPR obligations and buys some dodgy "compliance management" solution and ends up infringing - there a "slap on the wrist" light enforcement is appropriate.
But Meta has been entangled in GDPR enforcement since the beginning, repeatedly, who clearly understood the regulation to begin with and went straight out of the gates attempting to workaround and arguably being the reason the regulation was enacted in the first place.
I really want to see those 4% of global revenue fines piling on at this point.
The DPC is corrupt and does not want to go for the highest possible fines. They have been extremely lenient towards Facebook despite being able to impose harsher punishments.
Same with me and Facebook, I missed out on a christmas get-together among long time friends because of it :/
At least the group who did show up "blamed"* the host for only inviting to the event via FB, which I see as a massively positive sign of the culture slowly changing
*Not in a negative way, but in a "what did you expect, only inviting people via facebook" kinda way
I also applaud this and personally would prefer to just pay for services instead of being the product, but I'm afraid this is not a popular opinion. People don't want to pay, at least not knowingly. I'm curious how this will play out.
That cliché is no longer applicable (was it ever?) and repeating it only helps the worst infringers.
You can pay and still be the product. Consider the streaming services which charge you but still serve ads, or physical appliances that you buy but send your usage habits to the manufacturer (like TVs). Paying is not a guarantee that a company will treat you or your privacy with respect.
Here here. Paying no longer protects anything. If anything, you’re more valuable as a data brokered account if you’re KYC verified as a real person: so in fact the opposite case is now often the reality.
Consider that paying makes you prime rib for Sunday dinner from a data perspective: card verified PII.
And do not forget that you can be assigned an ID and disassociated from your data, which can then be tracked anonymously completely legally as a non-personally identifiable account. And let me assure you de-anonymizing a collected dataset is often not a very difficult problem in the modern data brokerage filled era.
We cannot pay out way out of this. We need rights to privacy and deletion enshrined in constitutional-style law, and soon. It must become a fundamental human right.
This is 100% true. The problem is not paying or not. The problem is that tracking, collecting and selling your data is irrelevant to the Facebook few. They will still trade you as a cattle. The only difference is that you won't be flooded with ads (BM - 15MM - ads playing in full volume because you dared to look away)
Oh man, that explains a lot of my confusion. I've seen people say weary and I thought they actually meant weary. Like they were tired because of the thing. But it never scanned correctly, so I was just confused.
Indeed. A mistyped phrase missed by both my sleep addled self and my annoying spell checker.
Rather than be defenseive (fore I gaudere gehrehte), let’s reflect on this moment to enjoy the fact that “we have over two thousand years of records of old people claiming that language has already peaked.”
> Consider the streaming services which charge you but still serve ads
I pay for the ad-free experience on every service that offers it, and I still see ads. The 4 second hulu splash screen at the start of EVERY item I stream is still an ad. HBO, sorry MAX, showing 30s ads for other shows EVERY. TIME. I stream something, still an ad. At least those I can skip, but I shouldn't have to.
There was no real purpose to my post, I just needed to vent about that part your point.
I don't think you should continue using them if paying for them still has ads. We take collective action now or we end up with cable TV all over again.
You can wear a seat belt and still die in a crash.
Nothing in life is a guarantee. It’s pure pedantry to hear someone say “I would rather pay than be the product” and to choose to interpret that as “I believe that paying always guarantees that the company will never also use indirect monetization”.
Preferring business with direct monetization models is risk mitigation, not a naive (and incorrect) belief in a magic bullet solution to a complex problem.
So next time you walk down the street, if someone crosses your path give them you wallet, phone, laptop, sneakers, jacket because "hey they may pull a knife on me"(?)
I say that where money can be made, money will be made. But we have laws and regulations, and when the Metas of this world play dirty, you can stick it to them. (in most cases it will be too little - too late)(but the solution is not to roll over)
Especially since you have to dox yourself in order to pay. They might have a pretty good idea exactly which individual you are before you pay but they definitely do after.
> People don't want to pay, at least not knowingly
That’s fairly recent. It was (and is) normal to pay for having a phone number. Paying more for making a phone call was normal, too, as was paying for such services as a phone line that told you the current time or a weather prediction.
It was also normal to pay for having an email address, and most people, to this day, pay for having internet connectivity.
I think it’s more that people object to moving from ‘free’ to paid. If most people pay for a service, they’ll accept that as the way it is.
For example, I think
people would happily pay $1 of more a month for GPS, if it never hadn’t been free.
I ran one of many commercial ISPs in 1995 and we founded ours out of frustration with the available commercial ISPs before us.
AFAIK the first commercial ISP dates to around '89.
But I don't think the fact the internet once had restrictions on commercial activity really makes much difference to the argument above other than in the details, given the argument was broader than about the net.
There were commercial services on the Internet before that too, but note the comment also talked about e.g. phone services, and so more broadly about paying for services, not just internet.
People pay for lots of social gathering type places - community centers, libraries, gyms, clubs and such. But they only do so if the prices are reasonable. And prices are usually reasonable because the club in question is not trying to grow till it takes over the world. It is a roughly fixed size place, where subscription fees pay for keeping the place running.
The cost of running most social media is only about a $1/year (yes year not month) [1]. Social media companies when they want to charge $50-100/year. People are not stupid. Why would they pay more than $2/year.
I know this is a startup incubator (whatever that is) forum, but I’m tired of this Market Strategy-first framing.[1] Companies like Meta clearly gave away access to their platform in order to build an effective monopoly in some niche.[2] And companies will do whatever within the Law to increase profits. I’m sure all the CEOs here will agree. Anything less is leaving money on the table.
This worship of the Market Strategy was bad enough before when there wasn’t much talk of actual laws defining how much of a “product” they can make their users. But now there are! And this submission is about unlawful practices. And we’re still going to frame this as Meta just being effectively forced by the horrible consumers who refuse to “pay for services”? Ridiculous.
And I haven’t even really gotten into how much of a fallacy the specific belief is that if you just “pay for services” then you won’t become a “product”. But thankfully there are a lot of other reasonable posters on this forum about tech company profit-maximization.
[1] The Company’s perspective is the prime one. The Company doing shady stuff is merely because the consumer’s are stingy or difficult in some way. If the consumers are inconvenienced by the Company then that is just because the Company had to adopt a market strategy which is not as wholesome as the one they could have used if the consumers were better in some way.
[2] And do we have to retread the hopelessness of making a social network where you have to pay to use it when no one else is using it (at the start)? That’s a complete dead-end.
I pay for a lot of services and I don't pay for many more of other ones. I also don't use a lot of free services. I'm sure that I'm a product of a lot of services I pay for, despite I'm paying for them. They are probably selling my data with or without my consent. There are so many fine prints and different ways to interpret the terms of contract.
I think the price point was meant to discourage people from paying. It's on par with streaming services, but with the content produced by the users. Do they get 200+ dollars in ads for the average user?
For example, I considered paying but I have a semi-inactice Facebook account which isn't worth that to me. I'm also not convinced of Facebook's integrity to honor the deal and not process the data anyway.
The price might actually be adequate - they're not getting 200+ dollars in ads for the average user (IIRC it was something like 50+), however, these aren't average users; if someone is the type of person who's willing to pay 200+ dollars for Facebook, then showing ads to them can easily be worth 4x as much as the average user, that is the kind of disposable income for random conveniences that many advertisers want to get and are willing to pay a premium for.
Through it should be noted that GDPR requires no tracking but not no ads, and companies try to lump that together to pretend there is no reasonable solution.
E.g. a lot of newspapers use approaches similar to Meta (and similar not lawful) i.e. either you get tracked and ads or you pay and get neither ads or tracking. But this is illegal as opting out is noticeable more complex then opting in (account creation requirement is already illegal, money requirement more so). What would be legal would be a choice between "ad(personalized with tracking)" or "ad(no tracking)" and "no ad but account + cost money". You also still can choose ads based on the article/site content etc. (Also another problem with account requirement for no adds is that it often deceptively sneaks in the permission to track when creating the account making it de-facto no option to not be spied on!)
Another problem is that it can be easily too expensive for many people (not just very poor ones). Especially if like currently there are no "supper cheap but also very limited accounts".
I mean consider YT Premium Lite is 5.99€, no ads but you still get tracked. Twitch has no Lite version (and some non YT-lite premium features are actually for free) cost 11.99 (YT non lite is 12.99). Most news papers and similar are between 3€ and 8€ or so, commonly 5€. Of most of them I only read ~1 article per moth or so, often less and often not even the whole article sometimes I just look for a link to the original source and often I realize I just got click baited and bail out. Like you could easily end up 80+€ a month that's just ... to much for many.
And in pretty much all case paying means no ads but not no tracking/selling your information, at best a bit less tracking.
If you pay them, you don't cease being the product, you actually become an even better product. Now they know you have more than enough disposable income to pay them not to annoy you with advertising and tracking noise. That's actually the exact sort of person whose attention advertisers want. People with surpluss money and the willingness to spend it on stuff they don't actually need.
The answer to advertisers and suveillance capitalists is technological blocking of their monetization attempts while simultaneously leeching their "free" services. You want the value they extract from you to be zero or negative. It should cost them money until they cease and desist.
Since running a business costs money, the only result that will satisfy organisations like noyb is that companies like Facebook disappear from the EU. You will read many people here in HN openly saying how they would like social media to disappear, not only for themselves, but for everybody else, including those who enjoy it.
NOYB is not inherently opposed to Facebook and other social media. It does fight against unlawful (and arguably unethical) tracking. If a company can't find a solid business model that works within the bounds established by law, that's not NOYB's problem.
NOYB is perfectly fine with companies making money by placing ads (as long as they preserve your privacy).
This is incorrect, or at least incorrect if you generalize it beyond noyb.
All I want is for the true costs of using a product to be understood. Businesses can and should make money! But it’s wrong to present a product as “free” when it is not. It’s no different than having a fine print click license granting Facebook permission to come take stuff from your garage.
Yes, businesses cost money to run. No, that does not mean that all business models must be permitted regardless of consumer and social harm.
There is no fundamental right to a profitable businesses; if a business cannot be profitable within the bounds we choose to set, oh well.
(And I say this as a huge EU policy skeptic that thinks they are way over-regulating)
They should charge a fair price for their product and deliver something good to customers.
No one is forcing Facebook to not charge for their service. They just can’t do it without slurping your data. If they can’t have a business without invading people’s privacy, they shouldn’t have a business. It is baffling that people still shill these practices from big corporations. It’s like saying “I can’t make money without robbing you, so it should be legal for me to rob you”.
> the only result that will satisfy organisations like noyb is that companies like Facebook disappear from the EU.
This is absolutely not true and frankly reads like an argument in bad faith. noyb’s position is clear: don’t invade people’s privacy.
I don't understand this argument. Meta makes its money from selling adverts. Meta grabs bucketloads of personal data from us. Meta shows us adverts when we access their systems. NOYB is objecting to Meta grabbing bucketloads of personal data from us. This doesn't stop them selling adverts or showing adverts to us, therefore it doesn't stop Meta making money. There's no reason for Meta to disappear - just for them to stop violating our fundamental rights.
Count me in. I openly say that I would like social media to disappear. I think they're a net negative for society in general and a massive step back for the web in particular. The web was not meant to be concentrated in a bunch of trillion dollar corporation websites.
Facebook should be forced to pay € 251.88 per year to all the user who consented to keep the symmetry. It's only fair if that's how much data violating basic privacy is worth to Facebook.
This is an interesting argument. I wonder how it would be handled if Facebook instead had a 2-tier system where both tiers were paid. So you'd have to pay a base fee to use Facebook (and get tracked) and then a premium tier to remove the tracking.
Putting aside the obvious ethical issues with such a system (that are obviously the reason why NOYB is filing), the "as easy to withdraw as it is to give" setup would be kept in such a situation I think.
Ethically, paying for privacy has in my opinion no place in a post-GDPR world (and I do support the GDPR) and it's shameful that several DPAs have tacitly approved of it for local newspapers. Facebook doing it will likely drag the practice to CJEU, which is the worst outcome for this scheme because CJEU tends to not like GAFAMs "it's not against the letter, but against the spirit" crap in the slightest. I personally wouldn't be surprised if CJEU ends up shooting down the scheme as violating the GDPR.
> the "as easy to withdraw as it is to give" setup would be kept in such a situation I think.
Debatable. Let’s say the base fee was 1€ and premium was 1000000€. Not many people could afford the latter. Even if it were 25€, or 10€, or even lower, as long as there’s any price discrepancy, one is not as easy as the other.
Are you saying that it's OK for Facebook to break the law and violate users' privacy, because users have the option of not using Facebook? Like, it's OK to mug people in Brixton, because if you don't want to be mugged you can just avoid Brixton?
Anyway, Facebook tracks people who've never visited the Facebook website, via their fkin Like button. So yes: people are making me use Facebook.
There are plenty of jobs where not using Facebook is not an option. "You could just get a different livelihood" is generally above the threshold of when the legal system considers it "forcing" someone. Don't like working 14 hour days? Just get a different job... is not how worker rights work (at least in Europe).
There are things you can't put in food even though you can choose not to eat it.
Individual action does not work for some issues. This is one of them.
Tracking is everywhere. It is not just facebook. It is every website and there is no realistic alternative as an individual user except be excluded from majority of the internet.
> Ethically, paying for privacy has in my opinion no place in a post-GDPR world (and I do support the GDPR) and it's shameful that several DPAs have tacitly approved of it for local newspapers.
Is that paying for privacy or paying with privacy?
NOYB: "None of Your Business", it's the site being linked. They're a customer rights activist group led by Max Schrems whose self-declared job appears to be "drag every business in the world to the attention of the DPAs to make sure they're both compliant and don't do any funny business with the GDPR".
DPA: Data Protection Authority. They're local to each EU country (including those that aren't full Member States but do follow EU laws) and it's their job to enforce the GDPR at a country level. Usually they're a government department. The one you hear the most in the context of GAFAM enforcement is the Irish one, which is infamously underequipped and overburdened because GAFAM has lobbied the Irish government to not take enforcement seriously so all GAFAM companies can put their EU headquarters there (which permits them to only have to comply with the Irish DPA, something called the "one-stop shop" solution.)
CJEU: Court of Justice of the European Union. Think SCOTUS but for the EU. While technically the CJEU doesn't operate on the concept of precedent (its main job is enforcing that Member States follow EU laws and directives correctly), their interpretations of EU law are the final interpretation of those laws. Usually once a case has gone through a DPA and isn't resolved satisfactorily (or isn't complied with), it ends up before CJEU. GAFAM has dragged basically all enforcement cases before CJEU to drag out the process.
GAFAM: An abbreviation referring to the five largest American tech giants: Google, Apple, Facebook, Amazon, Microsoft. Usually is used as a shorthand for the "big tech" side of the IT industry.
Interesting, how many of the 100s of newspapers in the EU that are doing exactly the same thing as Facebook has he dragged into court for doing it? They've been doing it for a lot longer. I do see some cases against Conde Nast, but that's not for this behavior.
I do think it's good though when somebody will go and try to take the most extreme position of some law so that the lawmakers will maybe realize that they got it wrong.
I wish the EU would grow some balls and tell Ireland to fuck off with their shenanigans of letting these companies get away with everything.
Meta should be getting fined for every red cent they steal from users, 4% of global revenue doesn't even come close to the sort of fines that scumfuck of a company deserves.
If one reads the complaint, really all the complainant is trying to do is to change his subscription from unpaid to paid.
First he subscribes to Facebook and Instagram for free, an unpaid subscription where he agrees to receive targeted ads.
Next he tries to change his subscription to paid, presumably with terms where Meta agrees not to send targeted ads.^1
Signing up for the unpaid subscription can be done with a single click.
Signing up for the paid subscription cannot.
"When the complainant finally reached the correct page, he was confronted with two options. The first preselected and reflecting his current situation was to continue using Facebook with trackers (Kostenfrei mit Werbung verwenden). The second entailed the purchase of a 9,99 monthly subscription, in order to have access to the service without being tracked (Aboabschlieen und ohne Werbung verwenden) see screenshot below, left side."
There should really be a third option: unsubscribe.
1. But does data collection still continue. Meta would probably argue it needs to track everything the complainant does while logged in to the Facebook and Instagram servers for "security" but without any restrictions on how they can use the data collected. We have already seen Facebook and Twitter getting caught using collected telephone numbers for commercial purposes when they were collected under the guise of being needed for "security". Even more, is Meta still allowed to track the complainant on the open web, outside of Meta's websites. The claims of "security" arguably do not apply there.
Is Meta still collecting and processing the complainant's data regardless of which subscription he chooses. If yes, then arguably he is only revoking consent to have ads placed on the Meta webpages that he accesses. The consent may not relate to data processing.
How does the GDPR define "data processing".
For example,
"Data processing is the collection and manipulation of digital data to produce meaningful information." French, Carl (1996). Data Processing and Information Technology (10th ed.). Thomson. p. 2. ISBN 1844801004.
Meta could still "collect and manipulate data [from the complainant] to produce meaningful information" but refrain from placing ads in webpages viewed by the complainant.
Those nice realistic people ready to bend over any master peeing on them and saying its gold, how nice would have been monarchies for those sweet realistic people
Id call “naive” and “worthless for mankind”
Who knows how many were calling the founding fathers naives
Just because you don't like it does not make it "social infrastructure."
The world runs on WhatsApp and billions use Facebook to keep in touch with their family and friends. Instagram is also a huge part of the social component of the internet.
The bigger problem here is that the EU offers no pathway to companies offering free-to-use, expensive-to-run services online.
If GDPR was interpreted as the EU would like it, everything from WhatsApp to Maps to YouTube would switch to paid-only.
A horde of startups would take up the banner, and as soon as they ran out of VC money, they too would need to switch to paid-only business models in order to adhere to GDPR.
The EU does not understand how to run a successful tech industry.
Edit: Non-targeted ads do not lead to break even. This law will simply lock most poor people out of the internet.
> EU offers no pathway to companies offering free-to-use, expensive-to-run services online.
You can still serve ads in the EU. Literally nothing is stopping you from doing that.
> If GDPR was interpreted as the EU would like it, everything from WhatsApp to Maps to YouTube would switch to paid-only.
This is a lie. And GDPR should be interpreted exactly the way EU wants it to be interpreted because it's an EU law.
> and as soon as they ran out of VC money, they too would need to switch to paid-only business models i
Oh wow. "Companies should actually be profitable and not run on unlimited VC money" is such a radical concept.
> The EU does not understand how to run a successful tech industry.
Where "successful tech industry" is "hope there's unlimited VC money so that we can keep running our 'free' business while harvesting all available data on everyone because it's our God-given right"?
Irrelevant. Normal ads are barely profitable. Your company will not be able to provide services to users if it had to depend on just normal ads.
> This is a lie. And GDPR should be interpreted exactly the way EU wants it to be interpreted because it's an EU law.
I don't really care about what the EU thinks is right. The EU does not understand what it takes to run a modern web service. It's sensible to fight these absurd rulings in court.
You can consent to drugs or alcohol but can't consent to targeted ads. It's insane.
> Oh wow. "Companies should actually be profitable and not run on unlimited VC money" is such a radical concept.
That profit can be obtained either with targeted ads or locking poor people out of the internet. Those are your options.
> Where "successful tech industry" is "hope there's unlimited VC money so that we can keep running our 'free' business while harvesting all available data on everyone because it's our God-given right"?
How much VC money does Google use again?
This is a blind law that pays no attention to the practicality of running services the world relies on.
> The EU does not understand what it takes to run a modern web service.
Demagoguery
> That profit can be obtained either with targeted ads or locking poor people out of the internet. Those are your options.
False dichotomy based on feelings
> How much VC money does Google use again?
These are literally your words: "A horde of startups would take up the banner, and as soon as they ran out of VC money".
Also, Google was extremely immensely profitable in the era before large-scale data harvesting.
> This is a blind law that pays no attention to the practicality of running services the world relies on.
Demagoguery. "We can't exist without large-scale invasive and pervasive tracking" is not a given. It's a narrative pushed by the industry with literally zero proof.
If your business for some reason cannot exist without that, good riddance.
How many "successful tech companies" have we seen out of the US in the past 20 years? Now out of the EU?
The entire modern world relies on US tech and the EU has no muscle or understanding for what it takes to run these companies. They are trying to regulate something they fundamentally do not understand.
It baffles me that the US has been the nest of some of the greatest things for human beings, and now has completely forgotten itself, it baffles me that you had a guy called Kennedy coming up with this perfection https://www.youtube.com/watch?v=3FAmr1la6w0
And now you remember nothing of what he said, it is unbelievable that you're here only measuring the success of a company regardless of the effects it has on the people, you measure the success of the company by money, ok. I consider US tech company as the worst, as the most exploiting, depressing, cheating, dangerous, who serve no purpose other than the one of their shareholders. Do you own the definition of success?
It's very straightforward to interpret, Meta simply doesn't like the interpretation since in any reasonable interpretation of GDPR there is no way for them to be permitted to keep tracking all their users legally, no matter what they write in their terms&conditions or do otherwise.
They're free to run non-tracking ads, they're free to charge money and refuse service to non-payers, they're free to quit EU market, but they're not free to track people who do not want to be tracked (no matter if they're paying or not, no matter if they're seeing ads or not), privacy in EU is not something the users can trade away or sell in a contract, it either has to be gifted as free choice (and free to revoke) or Meta can't use it, GDPR doesn't allow for a legal option to "buy" it with discounts or free service.
GDPR is a relatively uncontroversial law within EU, it's not a narrow-niche-lobby law, it's democratically passed with general acceptance from all EU regions and diverse party groups, and there is no meaningful opposition to it from EU voters, and it works quite well for all the mainstream use cases (telecomms, banking, various loyalty programs of physical and online stores and the big retail chains, targeting for phone and mail marketing, treatment of data by landlords and creditors, healthcare data, all the intermediaries for insurance or healthcare or hiring, etc, etc) which arguably are far more important to one's daily life than whatever Meta does, and only the niche of internet ads is still lagging behind due to political reasons related to how global companies run their operations through Ireland and the tiny Irish DPA couldn't (or wouldn't, there are some perverse incentives at play) enforce things in a timely manner.
While I personally don't think that it "would kill nearly every tech company that offers services to the general public for free. You can say good bye to Maps, YouTube, WhatsApp, etc.", I'll accept that on this aspect perhaps I'm mistaken and you're totally right, however, that has little to do with the grandparent argument that it's hard to interpret - the law is reasonably clear to interpret and that (anti-tracking) interpretation has been reaffirmed when challenged in courts, and even if it turns out that the EU voters are making a mistake because they(we) fundamentally don't understand something, that's still not an accidental mistake, that is intentional choice. And IMHO it's quite straightforward that they(we) in EU have the right to make that choice even if it turns out to be stupid in the long run, and Meta doesn't have the right (neither legal nor moral) to deny EU people that choice, they have to follow the law as intended or leave.
I wish we could ban this kind of argument on HN. It is so short-sighted and absolutely ignores reality for everyday folks who are totally uneducated about tech (and don't care to be).
It always strikes me as a 'caveat emptor' argument (Latin for "let the buyer beware") and smacks of condescension.
"Fuck yeah I'm ripping you off, why are you so stupid as to let me do it?"
I don’t remember the details but the spirit of the GDPR is basically that processing of your personal data requires your informed consent, and service cannot be withheld if you refuse to give this consent. What Meta is doing (not refusing to provide the service, but charging for it) is interesting, but sort of goes against the spirit of the law.
Personally I find this kind of condescending: I’m not allowed to enter into agreements as I see fit because some EU bureaucrat wants to “protect” me. It would be much better if the regulators focused on keeping these giant companies honest, holding them to their own terms of service and forcing them to communicate those terms in a clear and transparent way.
(And yes: I never wipe my ass without checking the latest EU regulations…)
They invented "essential cookies for marketing purposes" anyway. And after there was this "You accept tracking ads or you pay to us" popup.