Meta banned from using personal data for behavioral advertising in EU/EEA

skilledtothegills@lemmy.world to Technology@lemmy.world – 336 points –
stackdiary.com

The EDPB issued an urgent binding decision that essentially bans Meta from using personal data for behavioral advertising in the entire European Economic Area (EEA).

20

Now I would also like a ban on using my personal data to train an AI model. Soon we'll get ads based on ai prediction based on our personal data as an indirect way to still do the same things.

Nowadays, you have to assume your personal data being used to train an AI model is the cost of signing up to any free website unless they explicitly tell you otherwise.

Right. That's the point. Let's make that illegal. The same way you can't sign a contract to give away any other rights.

Sounds a bit too close to a black mirror episode to me. The one with the dating site.

Yeah, if they can, they will.

She also highlighted that Meta has not shown compliance with the orders set by Ireland’s Data Protection Act (IE DPA) last year.

Because getting caught and fined a couple million isn't even a minor business expense to these companies. Stop acting surprised when they don't follow your rules when you fine them 0.007% of their yearly profits.

Like,

Despite this, Facebook and Instagram remained operational in Norway, where EU data protection laws prohibit such advertising practices. The platforms faced a daily fine of one million Norwegian kroner (around €89,000).

Their bean counters probably laughed out loud when they were told about this, and I wouldn't blame them. This is a joke. They probably spend more on toilet paper for their office workers. Meta has nearly 200 BILLION (with a B!) in assets. Treat them like it.

I always thought it would be a good idea to fine publicly traded corporations a percentage of their market cap + 10%, going up to maximum of 100% market cap + 10%.

If Meta is worth $817B USD, then we should treat them like it.

GDPR:

These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

4% can be a lot in absolute numbers for these massive corporations. But it's such a low percentage that it could indeed be included in operational cost and then be ignored.

It helps a lot that that's revenue and not profit, so it ignores other expenses. Of course, I don't know how much that matters, but it is still enough to hurt.

I'd say that's a huge problem actually.

For a normal company, abusing data is a small part of their business and profit is a few percent of revenue, so such a fine would be devastating.

For some tech companies, profit is in the double digit percent of revenue and half of it comes from breaking the law, so the 4% are a tax they can happily pay and still be more profitable than if they followed the law.

Depends. It's up to 4% of the yearly revenue per court ruling. And not necessarily once per year. If you were to continue to ignore these rulings and continue abusing the data, that can rack up fast. Pay once - that may or may not be a problem. Pay monthly - there goes up to 48% of your yearly revenue.

It'd be great if that was how it works, unfortunately it seems like the penalties are closer to once every 3-5 years than monthly, skewing the balance even further to "screw the law, just pay the fee":(

They won't hand out fines every few weeks easily. And usually you cannot get fined twice for the same thing. BUT it was a (albeit able bit exaggerated) projection what could happen, if you constantly ignore the court orders and continue breaking the law. At first, you might get some time to change your processes, get compliant, ... but when it won't stop, you get fined again. And it won't be lenient the further you stress it. Also that's just the fine for the GDPR violation itself. Ignoring court orders, violating the law continuously,... will get you other fines - assuming you don't change you behavior.

It will take a while to get there, sure and I think Meta will try to continue processing this data as mich as they can, but the EU doesn't look like they're joking too much.

Oh man that sounds juicy 🤤

Only change I’d argue for is to go off market cap instead of annual worldwide revenue though because you can say some insanely small amount on paper like 4%, but then that same 4% turns from ~$5B USD with annual revenue to ~$33B USD with market cap. But because we’d also want to actually deter businesses from breaking it and considering it a cost of business, I would think something like a fine of 110% of market cap value would be a huge deterrence.

1 more...

deleted

No, the article is just regurgitating old news and the old misleading claim (omitting the critical part that they're only banned from using data "on the basis of contract and legitimate interest").

This "news" is what made Facebook start with the "agree or pay" bullshit.

deleted

Weird. The article does have today's date but only mentions the Nov 10 decision. I think maybe what happened today is the publication of the full text of the decision?

Same misleading nonsense. If you follow the links it becomes obvious that it's the old news banning FB from using the data on the basis of contract and legitimate interest - which they're avoiding by claiming "consent" after people choose that they'd rather not pay a triple-digit amount per year to use the site.