Twitter | Search | |
Johnny Ryan
Facebook is confronting EU users a new “terms of service” dialogue that denies access until a user opt-ins to tracking for ad targeting, and various other data processing purposes...
Reply Retweet Like More
Johnny Ryan May 8
Replying to @johnnyryan
These Terms refer to the “data policy” that says “we use the information we have about you – including information about your interests, actions and connections – to select and personalise ads, offers and other sponsored content that we show you.”
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
The data policy also says “We use the information [including] the websites you visit and ads you see … to help advertisers and other partners measure the effectiveness and distribution of their ads and services, and…” See
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
This appears to breach several important principles of the , including the principle of purpose limitation, freely given, non-conditional consent, and of transparency. In other words, if Facebook attempts to collect consent in this manner, that consent will be unlawful.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
European Regulators have been very clear on this point. See for example Article 29 WP guidance on conflation of multiple purposes
Reply Retweet Like
Public May 8
Replying to @johnnyryan @EU_EDPS
Actually you can opt out of many data processing purposes. At least in the Germany dialogue.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
Then, a mere 24 days before the application of the , 's head of privacy announces plans to build “Clear History”, with which users can opt-out of Facebook collecting data about their visits to other websites and apps. But the GDPR demands not an opt-out, but an opt-in.
Reply Retweet Like
Johnny Ryan May 8
Replying to @publictorsten @EU_EDPS
I'd like to see screen shots
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
Nor is Clear History available to non-Facebook users. A further sign of Facebook’s brinksmanship: it said “it will take a few months to build Clear History”, which means that the feature will not be available to users until long after the GDPR has been applied later this month.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
Facebook is playing a dangerous game of “chicken” with the regulators. Reading through a recent court ruling from the Brussels Court of First Instance shows how dangerous this is for the company.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
Here are some quotes: "The court has come to the decision that in all the cases described, Facebook does not obtain any legally valid consent in the sense of Article 5 (a) Privacy Act [Data Protection Directive] and Article 129 ECA [ePrivacy] for the disputed data processing."
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
See the ruling text
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
The Court also made clear that consent requests must be specific: "Specific means that the expression of will must related to a specific instance or category of data processing and can thus not be obtained on the basis of a general authorization for an open series of processing."
Reply Retweet Like
Public May 8
Replying to @johnnyryan @EU_EDPS
I've got them somewhere...but as to be expected, it's a lot of dark pattern UX.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
This part of the ruling was based on Article 1, section 8, of the Belgian Privacy Act, which uses the same formula of words as Article 4, paragraph 11, of the GDPR (“freely given, specific, informed…”).
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
In other words, the Court is upholding a standard that is virtually identical to the standard that will apply under the GDPR. Facebook’s new GDPR consent dialogue faces the same problem, and is unlawful for the same reason.
Reply Retweet Like
Public May 8
Replying to @johnnyryan @EU_EDPS
The ones from Google are in my blog. (but in German)
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
The Court also found that Facebook users are not clearly told what “purposes” Facebook processes the personal data for. Nor does it clearly explain its use of sensitive data including any personal data that could reveal religious belief, sexual orientation, etc.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
Facebook has recently gone some way to inform users about the use of personal data concerning their political interests, but this is only a partial solution to a far broader risk for the company. Its handling of sensitive categories of personal data will be a major challenge.
Reply Retweet Like
Johnny Ryan May 8
Replying to @johnnyryan
Unsurprisingly in the aftermath of the Cambridge Analytica scandal, the Court found that Facebook did not properly disclose who it was sharing the data with.
Reply Retweet Like