Tech Companies move to limit GDPR exposure

[nua_play_ray]

On Thursday David Ingram of the Irish Times newspaper, in Ireland, reported that Facebook is set to make changes to its terms of service/governance that will effectively put 1.5 billion members outside the net of the EUs new General Data Protection Regulation (GDPR), which comes into effect on the 25^th May.

 

Currently, almost 1.9 billion Facebook users outside the United States and Canada are governed by the terms of service agreed with the companies’ international headquarters in Ireland.

 

The Irish Times reports that, “Facebook confirmed the move on Tuesday” suggesting Facebook is keen to reduce its exposure to GDPR penalties, which allow for fines of up to 4% of global annual revenue for infractions.

 

“The change affects more than 70 per cent of Facebook’s 2 billion-plus members. As of December, Facebook had 239 million users in the United States and Canada, 370 million in Europe and 1.52 billion users elsewhere.” – Irish Times

 

In his recent Congress appearance, Mark Zuckerberg, when asked by Congressman Gene Green whether Facebook would extend the same protections to Americans that Europeans would receive under the GDPR, replied “Yes, Congressman. We believe that everyone around the world deserves good privacy controls. We have had a lot of these controls in place for years. The GDPR requires us to do a few more things and we are going to extend that to the world”.

 

Today’s reporting by the Irish Times flags a significant concern for privacy protection advocates and could be highlighting the start of a trend by tech companies to isolate their users globally from terms of service and regulations such as the GDPR in Europe. LinkedIn, part of Microsoft, on the 8^th of May will move non-Europeans currently contracted to LinkedIn Ireland, to contracts with US Based LinkedIn Corp.

 

Apparently, these moves are to help users understand which legal entity is responsible for their data.

 

https://www.irishtimes.com/business/technology/facebook-to-put-1-5bn-users-out-of-reach-of-new-eu-gdpr-privacy-law-1.3466837

 

https://www.eugdpr.org/eugdpr.org.html

 

[SpaceGhostC2C]

This concept may come in handy:

https://www.investopedia.com/terms/r/regulatory-arbitrage.asp

[captain_to_fire]

55 minutes ago, nua_play_ray said:

4% of global annual revenue for infractions

...or 20 million Euros, either which one is higher. 

56 minutes ago, nua_play_ray said:

Yes, Congressman. We believe that everyone around the world deserves good privacy controls.

Nah. I think most people in the tech industry knows that shit ain’t real. 

 

[Thaldor]

I only wish that EU would have made GDPR same as taxation, not based on in which country the company works, but in which country the customer lives. This way probably it wouldn't matter for which company the ToS is signed and where the database is, because the customer still lives where (s)he lives and if (s)he happens to live in EU the company must comply with GDPR or loose the EU markets. And for real I think people in EU can live quite well without the companies and social medias that stronger GDPR would drive away and EU is too big market to be left untouched just because they would need to comply with stronger privacy regulations.

[jj9987]

2 minutes ago, Thaldor said:

I only wish that EU would have made GDPR same as taxation, not based on in which country the company works, but in which country the customer lives. This way probably it wouldn't matter for which company the ToS is signed and where the database is, because the customer still lives where (s)he lives and if (s)he happens to live in EU the company must comply with GDPR or loose the EU markets. And for real I think people in EU can live quite well without the companies and social medias that stronger GDPR would drive away and EU is too big market to be left untouched just because they would need to comply with stronger privacy regulations.

GDPR includes this too. If your company has any EU customers, they must comply with the GDPR, at least for these people.

[dfsdfgfkjsefoiqzemnd]

Just now, jj9987 said:

If your company has any EU customers, they must comply with the GDPR, at least for these people.

Indeed.  That's why they're only moving the data of people who aren't in the EU.  EU citizens will still be registered in the Irish headquarters. 

[vanished]

Wow, the balls on them to do this right in the middle of everyone hating on them for privacy concerns.  It's like they actually don't even care what people think.  Which is all fine and good - they don't have to - but people also don't need to use their platform, and considering they've already seen large numbers of people leaving I don't think the "we'll do what we want and we know you'll stay" attitude is the right approach here.

[Thaldor]

15 minutes ago, jj9987 said:

GDPR includes this too. If your company has any EU customers, they must comply with the GDPR, at least for these people.

I was in believe that it didn't, but good that I'm wrong

 

Now we wait for the second wave of GDPR to come (haven't read about from anywhere else than from my local newspaper (sorry, in Finnish only) so, no "proper source" and that is too vague to be writing more) and make tracking and listening people, collecting personal data that can be linked to the person and reading private messages illegal to some extent. What I got from that article it basicly attacks Facebooks "like"-button protocol to follow people outside of the Facebook through cookies and the like-buttons. Something around current GDPR allows people to know what information is collected, why it is collected, where it is kept and make it even more possible to get to see all of the data company has collected, the second one is purely to enforce privacy in the internet.

[HalGameGuru]

I think people are conflating 2 disparate things. Not wanting to face GDPR fines and Not wanting to provide privacy. Even if they were to implement all GDPR protections, even more stringent ones, they would still wish to limit their vulnerability to those fines in case of a breach or whathaveyou. It's akin to a property owner installing sprinklers and fire extinguishers and then saying that him trying to negotiate a lower price on his insurance means he isn't trying to protect you from fire.

[dfsdfgfkjsefoiqzemnd]

10 minutes ago, Nicholatian said:

even though they have done nothing out of the ordinary  ...

... for no valid reason

Such regulations don't come out of thin air.  They are almost always a response to systematic abuse.

[Thaldor]

19 minutes ago, Nicholatian said:

From the looks of things, the EU is economically shooting itself in the foot, again, with overbearing regulation and taxation. There is a way to fairly balance the interests of corporations with the interests of the public, and it seems those in charge of the EU have no idea about that. They’re consistently harsh and hostile to businesses both domestically and internationally, even though they have done nothing out of the ordinary, and it is unsurprising that they end up taking as much as possible out of the EU because of it. If I had somebody incessantly micromanaging and hawking over my affairs morning, noon and night for no valid reason, I would want to leave too.

But who can you blame for that?

 

It's horrendous how bad security is on some sites and we are not even talking about some hundreds to thousands users consisting small sites. GDPR is a wake up hammer because companies don't take the hint from some "small little" databreaks like Yahoo and update their security. I believe a company that has implemented what is considered today good security doesn't need to worry about getting fined over GDPR if they get hacked because they have taken the precautions.

 

Same thing has been going on with Facebook and gaming industry, both have been trying out what is the line between good and bad. Facebook found out that the line is selling ad space for Cambridge Analytica and Russians. Gaming industry found out that line is between lootboxes and P2W lootboxes. Google has been doing the same but has been under the wind just because no one really puts their personal information into the Google as clearly as to the Facebook. It's almost funny how long and how much it has taken to get legistation about internet privacy, and I mean good legistation not just small things here and there, but something that really makes companies play nice. I am 100% sure that Facebook knew what Russians and CA were doing and probably many more before them, just by considering how much data Facebook collects from everywhere, they just didn't see a need to do anything about it just because probably these parties were "good" customers and paid well.
 

Spoiler

I have been against heavy regulations a long time, but after a little traveling to Asia and US I kind of started to realize how good it is to have those thight regulations. Like we have extremely thight regulations for hygiene in restaurants and even in grocery stores here in Finland, and I thought that they are way overshooting those, but after seeing how things are in places like India and China I changed my opinion. Like how absurd it can be to someone who lives somewhere else that we can actually just take a glass and fill it with tap water and drink it, or walk to the grocery store, buy an apple and eat it right after without fear of dying from pesticides and wahtever and that actually everything ment to be edible in the grocery store is edible, you don't really need to boil for safety, even if that is adviced in some cases, but mostly some food just tastes better when boiled. Some bigger corporations probably don't like it and it makes things a bit more expensive, but it's extremely good for everyone. And even if most of the regulations seem overshooting and too thight now, probably in the future it can be seen why that regulation was made, like it seemed harsh at the time to ban the pink slime from meat when it first came, we didn't get cheaper meat with pink slime in it, but then it was found that the pink slime is not that good for humans, good thing that it was banned in the first place.

 

 

[captain cactus]

2 hours ago, jj9987 said:

GDPR includes this too. If your company has any EU customers, they must comply with the GDPR, at least for these people.

If this is the case and FB knows this, aren't they shooting themselves in the foot right now? I'm an EU citizen, so these GDPR rules apply to me, does this mean the EU could theoretically sue FB for not following these rules and force them to do so anyway?

[dfsdfgfkjsefoiqzemnd]

9 minutes ago, lots of unexplainable lag said:

I'm an EU citizen, so these GDPR rules apply to me, does this mean the EU could theoretically sue FB for not following these rules and force them to do so anyway?

FB will have no choice but to apply the GDPR rules to your data.  It's that of people living outside the EU that isn't protected anymore if they migrate those profiles to the ToS and privacy statements that are used for US-based people. 

In the past the people living in Africa, Asia, Australia and South America also fell under the irish HQ (probably due to tax reasons).  It's only those people's data that is officially migrated, making them fall under the less strict US regulations. 

[samcool55]

21 minutes ago, lots of unexplainable lag said:

If this is the case and FB knows this, aren't they shooting themselves in the foot right now? I'm an EU citizen, so these GDPR rules apply to me, does this mean the EU could theoretically sue FB for not following these rules and force them to do so anyway?

Yes, but as you say, only if the GDPR rules aren't applied properly for EU citizens. GDPR isn't a thing for non-eu people.

 

If you have a company in the EU and save data from people outside of the EU, they need to follow the GDPR rules.

 

If you have a company outside of the EU, but store data from people from the EU, that data needs to follow the GDPR rules, even if your company is in china or japan or mexico or whatever. Information from EU citizens needs to follow the GDPR rules, regardless where the company is located.

 

Also, thanks to GDPR, you can call GFK for example (a massive marketing analyzing company, the kind that would buy and sell user information in bulk), ask them to give you everything they know about you (probably more than you might expect) and then demand them to delete it all. Those kinds of companies probably know about you, but most people don't even know they exist, but now we can at least figure out if they know something about is or not and get it deleted as well if we want to.

[LAwLz]

On 4/19/2018 at 9:58 PM, Nicholatian said:

You wrote a lot of things here, most of which reads to say you’re a ‘proponent of regulation’, which averts literally everything concrete about regulations in the first place because it’s ground held in a fairytale.

 

Nobody in their right minds is generally ‘for’ or ‘against’ regulation. The issue with Facebook and CA is incredibly complex, I commented on the intricacies of it above, and the issue I take with the regulations enforced by the EU is that they are fundamentally irresponsible and lopsided, and may never actually absolve privacy concerns because they never acknowledge any public responsibility in the matter at all. This isn’t a “criticism of regulations”, that doesn’t make any sense – this is a criticism of these particular regulations that have been put into place. They mean well but are really misguided, as I elaborated on earlier ITT.

Wait, it sounds to me like you think GDPR is a response to the Facebook scandal.

It's not. GDPR was finalized back in 2016 and have had a 2 year adoption period before going in effect. It's an updated version of the already existing data Protection Directive from 1995 which is no longer adequate (because things has changed in the last 20 years). 

 

What issue do you have with GDPR exactly? Any specific section?