I assume you mean the new GDPR rules? I'm not super-familiar, but what I've read says that they need to offer (European) users a new opt-out option and, if they mishandle those users' data then they could be subject to fines.
It's definitely a better regime for users than the US. However, I think it's a fundamentally wrong-headed way to go. For one thing, we've already seen that people can't handle massive numbers of options and the vast majority of people tend to leave things with default settings. Unless GDPR was to require that to default to "out" most people aren't going to check it. I don't think they'd call it "opt out" if the default was out.
Furthermore, this just assumes that FB will treat people who opt out exactly the same and eat the loss. The company is pretty profitable, so they might do that. Or they might react as sites have when they think you're using adblocking and instead you get chunks of ugly black on your screen with overlay text like "We're sorry, we can't show you the cool photo your friends Anna, Ben, Casey, and Dan have reacted to because that would violate your privacy settings. To adjust this preference, go here -->>"
Some people will ignore that, but people are on FB to be social and if the site makes it apparent that your settings are causing you to miss out on the social with your friends then I expect the majority of people will adjust their settings. So now we have a very small number of people who are European, who took the time to change the default setting, and who don't care enough about missing out on social with their friends. I'm guessing the impact of that sliver of users on FB's revenue is down in the noise somewhere and nobody notices.
A more interesting question is what happens when the next Cambridge Analytica mess happens. First, let's assume that EU regulators are diligent and can overcome FB's battery of high-powered lawyers. (That's not unreasonable; they seem to have succeeded against Google several times.) Now they slap FB with a big-ass fine. FB, in turn, files a lawsuit alleging that Future Cambridge Analytica has to pay for this fine. They ask the judge to stay the fine while their suit against FCA winds its way to a conclusion. This is actually kind of reasonable since I expect a court would buy that FCA are actually to blame for the data breach since FCA violated the terms of service. At a minimum it's years of litigation, during which FB doesn't have to pay a dime. Or whatever 1/10th of a Euro is.
I'm sort of sad that GDPR doesn't mandate some kind of insurance because that's one of the ways I know to get people to change behavior and business practices. (That said, the history and practice of malpractice insurance is a strong argument against the effectiveness of this kind of liability insurance, but I digress.)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2018-04-12 09:02 pm (UTC)I assume you mean the new GDPR rules? I'm not super-familiar, but what I've read says that they need to offer (European) users a new opt-out option and, if they mishandle those users' data then they could be subject to fines.
It's definitely a better regime for users than the US. However, I think it's a fundamentally wrong-headed way to go. For one thing, we've already seen that people can't handle massive numbers of options and the vast majority of people tend to leave things with default settings. Unless GDPR was to require that to default to "out" most people aren't going to check it. I don't think they'd call it "opt out" if the default was out.
Furthermore, this just assumes that FB will treat people who opt out exactly the same and eat the loss. The company is pretty profitable, so they might do that. Or they might react as sites have when they think you're using adblocking and instead you get chunks of ugly black on your screen with overlay text like "We're sorry, we can't show you the cool photo your friends Anna, Ben, Casey, and Dan have reacted to because that would violate your privacy settings. To adjust this preference, go here -->>"
Some people will ignore that, but people are on FB to be social and if the site makes it apparent that your settings are causing you to miss out on the social with your friends then I expect the majority of people will adjust their settings. So now we have a very small number of people who are European, who took the time to change the default setting, and who don't care enough about missing out on social with their friends. I'm guessing the impact of that sliver of users on FB's revenue is down in the noise somewhere and nobody notices.
A more interesting question is what happens when the next Cambridge Analytica mess happens. First, let's assume that EU regulators are diligent and can overcome FB's battery of high-powered lawyers. (That's not unreasonable; they seem to have succeeded against Google several times.) Now they slap FB with a big-ass fine. FB, in turn, files a lawsuit alleging that Future Cambridge Analytica has to pay for this fine. They ask the judge to stay the fine while their suit against FCA winds its way to a conclusion. This is actually kind of reasonable since I expect a court would buy that FCA are actually to blame for the data breach since FCA violated the terms of service. At a minimum it's years of litigation, during which FB doesn't have to pay a dime. Or whatever 1/10th of a Euro is.
I'm sort of sad that GDPR doesn't mandate some kind of insurance because that's one of the ways I know to get people to change behavior and business practices. (That said, the history and practice of malpractice insurance is a strong argument against the effectiveness of this kind of liability insurance, but I digress.)