A leak from the @EU_EDPB reveals that the #EU's top #privacy regulator is about to overrule the Irish Data Protection Commission and declare #Facebook's business model illegal, banning #surveillance-based #ads without explicit consent:
noyb.eu/en/noyb-win-pe… 1/
noyb.eu/en/noyb-win-pe… 1/
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
pluralistic.net/2022/12/07/luc… 2/
pluralistic.net/2022/12/07/luc… 2/
In some ways, this is unsurprising. Since the #GDPR's beginning, it's been crystal clear that the intention of the landmark privacy regulation was to extinguish commercial surveillance and ring down the curtain on #ConsentTheater. 3/
That's the fiction that you "agree" to be spied on by clicking "I agree" or just by landing on a web-page that has a link to some fine-print. 4/
Under the GDPR, the default for data-collection is meaningful consent, meaning that a company that wants to spy on you and then sell or use the data it gathers has to ask you about each piece of data they plan to capture and each use they plan to make of it. 5/
These uses have to be individually enumerated, and the user has to actively opt into giving up each piece of data and into each use of that data. 6/
That means that if you're planning to steal 700 pieces of information from me and then use it in 700 ways, you need to ask me 1,400 questions and get a "Yes" to each of them. 7/
What's more, I have to be given a single tickbox at the start of this process that says, "No to all," and then I have to be given access to all the features of the site or service.
The point of this exercise is to reveal consent theater for the sham it is. 8/
The point of this exercise is to reveal consent theater for the sham it is. 8/
For all that apologists for commercial surveillance insist that "people like ads, so long as they're well-targeted" and "peoples' use of high-surveillance services like Facebook shows a 'revealed preference' for being spied on," we all know that everyone hates surveillance. 9/
There's empirical proof of this! When #Apple added one-click tracker opt-out on its #Ios platform, *96% of users* opted out, costing Facebook *more than $10b* in the *first year* (talk about a 'revealed preference!'). 10/
(Of course, Apple only opted those users out of tracking by its rivals, and secretly continued highly invasive, nonconsenual tracking of its customers):
pluralistic.net/2022/11/14/lux… 11/
pluralistic.net/2022/11/14/lux… 11/
Properly enforced, the GDPR upends the order of the digital world: any argument about surveillance among product managers would have been settled in favor of privacy, when the pro-privacy side argued that no one would give consent, and asking would scare off lots of users. 12/
But the GDPR *wasn't* properly enforced, thanks to structural problems with European #Federalism itself. The first line of GDPR enforcement came from privacy regulators in whatever country a privacy-violator called home. 13/
That meant that when Big Tech companies violated the GDPR, they'd have to account for themselves to the privacy regulator in #Ireland. 14/
For multinational corporations, Ireland is what old-time con-artists used to call a #MadeTown, where the cop on the beat is in on the side of the criminals. 15/
Ireland's decision to transform itself into a #TaxHaven means that it can't afford to upset the corporations that fly Irish flags of convenience and maintain the pretense that all their profits are floating in a state of untaxable grace in the Irish Sea. 16/
That's because there are plenty of other EU countries that compete with Ireland in the international race to the bottom on corporate governance: Malta, Luxembourg, the Netherlands, Cyprus, etc. 17/
(And of course, there's post-#Brexit UK, where the plan is to create an unregulated haven for the worst, wealthiest companies in the world.) 18/
All this means that seeking Irish justice from a corporation that wronged you is like asking a court in Moscow to punish an oligarch's commercial empire on your behalf. 19/
Irish regulators are either #DingoBabysitters (guards in league with the guarded) or resource-starved into ineffectual torpor.
That's how Facebook got away with violating the GDPR for so many years. 20/
That's how Facebook got away with violating the GDPR for so many years. 20/
The company hid behind the laughable fairy-tale that it didn't need consent to spy on us because it had a #LegitimatePurpose for its surveillance, namely, that it was *contractually obliged* to spy on us thanks to the "agreement" we click on when we sign up for the service. 21/
That is, you and Facebook had entered into a contract whereby Facebook promised you that it would spy on you, and if it didn't spy on you, it would be violating that promise.
Har.
Har.
Har. 22/
Har.
Har.
Har. 22/
But while the GDPR has a structural weakness - allowing corporations to choose to be regulated in countries that can't afford to piss them off - it also has a key strength: the #PrivateRightOfAction. 23/
That's the right of individuals to sue companies that violate the law, rather than having to convince a public prosecutor to take up their case.
eff.org/deeplinks/2019… 24/
eff.org/deeplinks/2019… 24/
The private right of action is *vital* to any privacy regulation, which is why companies fight it so hard. 25/
Whenever a privacy bill with a private right of action comes up, they tell scare-stories about "ambulance chasers" who'll "clog up the system," trotting out urban legends like the McDonald's Hot Coffee story:
pluralistic.net/2022/06/12/hot… 26/
pluralistic.net/2022/06/12/hot… 26/
But here we are, in the last days of 2022, and the private right of action is about to do what the Irish regulators wouldn't do: force Facebook to obey the law. For that, we can thank @maxschrems and the nonprofit he founded, @NOYBeu. 27/
Schrems, you may recall, is the Austrian activist, who, as a Stanford law student, realized EU law barred American tech companies from sending their EU surveillance data to US data-centers, which the NSA and other spy agencies plundered at will:
pluralistic.net/2020/07/16/tex… 28/
pluralistic.net/2020/07/16/tex… 28/
Schrems brought a case against the Irish regulator to the EU's top privacy authority, arguing that it had failed its duty by ruling that Facebook's "contractual obligation" excuse held water. 29/
According to the leaked report, Schrems has succeeded, which means, once again, *Facebook's business model is illegal.* 30/
Facebook will doubtless appeal, but the writing is on the wall here: it's the end of the line for surveillance advertising in Europe, an affluent territory with 500m+ residents. 31/
This decision will doubtless give a tailwind to other important privacy cases in the EU, like @johnnyryan's case against the ad-tech consortium IAB over its "audience taxonomy" codes:
pluralistic.net/2021/06/16/ins… 32/
pluralistic.net/2021/06/16/ins… 32/
It's also likely good news for Schrems' other ongoing cases, like the one he's brought against Google:
pluralistic.net/2020/05/15/out… 33/
pluralistic.net/2020/05/15/out… 33/
Facebook has repeatedly threatened to leave the EU if it is required to stop breaking the law:
pluralistic.net/2020/09/22/unc…
This is a pretty implausible threat, growing less plausible by the day. 34/
pluralistic.net/2020/09/22/unc…
This is a pretty implausible threat, growing less plausible by the day. 34/
The company keeps delivering bad news to investors, who are not mollified by Zuck's promise to rescue the company by convincing all of humanity to spend the rest of their lives as highly surveilled, legless, sexless, low-polygon cartoon characters:
fool.com/investing/2022… 35/
fool.com/investing/2022… 35/
Zuckerberg and his entire senior team have seen their net worth plummet with Meta's share price, and that means the company needs to pay engineers with actual dollars, rather than promises of shares, which kills the massive wage-bill discount the company has enjoyed. 36/
This is not a company that can afford to walk away from Europe!
Between Apple's mobile (third-party) tracker-blocking and the EU calling time on surveillance ads, things are looking grim for Facebook. You love to see it! 37/
Between Apple's mobile (third-party) tracker-blocking and the EU calling time on surveillance ads, things are looking grim for Facebook. You love to see it! 37/
But things could get even worse, and soon, thanks to the double-edged sword of #NetworkEffects.
Facebook is a network effects business: people join the service to socialize with the people who are already there - then more people join to socialize with *them*. 38/
Facebook is a network effects business: people join the service to socialize with the people who are already there - then more people join to socialize with *them*. 38/
But what network effects give, they can also take away: a service that gets more valuable when a new user signs up *loses* value when that user leaves. 39/
This is beautifully explained in @zephoria's "What if failure is the plan?" based on boyd's experiences watching MySpace unravel as key nodes in its social graph disappeared when users quit: "Failure of social media sites tends to be slow then fast":
zephoria.org/thoughts/archi… 40/
zephoria.org/thoughts/archi… 40/
Facebook long understood this, which is why it spent years creating artificial #SwitchingCosts - penalties it could impose on users who quit, such as the loss of their family photos:
eff.org/deeplinks/2021… 41/
eff.org/deeplinks/2021… 41/
This is why Facebook and other tech giants are so scared of #interoperability, and why they are so furious about the new EU #DigitalMarketsAct (#DMA). 42/
That's a rule that will force them to allow new services to connect to their platforms, so that users who quit Big Tech won't have to lose their friends or data:
eff.org/deeplinks/2022… 43/
eff.org/deeplinks/2022… 43/
An #InteroperableFacebook would make it easy to leave social media by canceling the penalties Facebook charges its disloyal users, and the EU's GDPR means that when they flee to a safe haven, they won't have to worry about commercial surveillance:
eff.org/interoperablef… 44/
eff.org/interoperablef… 44/
But what about advertising-supported media? Sure, being spied on sucks, but a subscription-first media landscape is a world where "the truth is paywalled, but the lies are free":
currentaffairs.org/2020/08/the-tr… 45/
currentaffairs.org/2020/08/the-tr… 45/
Ironically, killing surveillance ads is *good* news for ad-driven media. Surveillance-based ad-targeting is nowhere near as effective as Google, Facebook and the other #AdTech companies claim. 46/
These companies are compulsive liars, it would be amazing if the only time they told the truth is when they were boasting about their products!
onezero.medium.com/how-to-destroy… 47/
onezero.medium.com/how-to-destroy… 47/
And consent-theater or no, targeted ads reach fewer users every day, thanks to #AdBlockers, AKA, "the biggest boycott in world history":
blogs.harvard.edu/doc/2015/09/28… 48/
blogs.harvard.edu/doc/2015/09/28… 48/
And when a publisher *does* manage to display a targeted ad, they get *screwed*. The #Googbook #dupololy is crooked af. The two tech companies illegally colluding (via the #JediBlue conspiracy) to divert money from publishers to their own pockets:
techcrunch.com/2022/03/11/goo… 49/
techcrunch.com/2022/03/11/goo… 49/
Targeted ads are a cesspit of #AdFraud. 15% of all ad revenues are just *unaccounted for*:
The remaining funds aren't any more trustworthy. 50/
https://twitter.com/swodinsky/status/1511172472762163202
The remaining funds aren't any more trustworthy. 50/
Ad-tech is a #bezzle ("the magic interval when a confidence trickster knows he has the money he has appropriated but the victim does not yet understand that he has lost it"):
pluralistic.net/2021/01/04/how… 51/
pluralistic.net/2021/01/04/how… 51/
As @timhwang foretold in his essential *Subprime Attention Crisis*, the pretense that targeted ads are wildly effective has been slowly but surely losing ground to the wider awareness of the fraud behind the system, and a reckoning is at hand:
pluralistic.net/2020/10/05/flo… 52/
pluralistic.net/2020/10/05/flo… 52/
Experiments with #ContextualAds (ads based on the content of the page you're looking at, not on your behavior and demographics) have found them to about as effective in generated clicks and sales as surveillance ads.
pluralistic.net/2022/04/29/tak… 53/
pluralistic.net/2022/04/29/tak… 53/
But this is misleading. Contextual ads don't require consent opt-in (because they're not based on your data) and they don't drive users to install blockers the way creepy surveillance ads do, so *lots* more people will see a contextual ad than a surveillance one. 54/
Thus, even if contextual ads generate slightly less money per reader or viewer, they generate far more money overall, because they are aren't blocked.
Even better for publishers: contextual ads don't erode their own rate cards. 55/
Even better for publishers: contextual ads don't erode their own rate cards. 55/
Today, when you visit a high-quality publisher like the *Washington Post*, many ad brokers bid to show you an ad, but only one wins the auction. However, all the others have tagged you as a "*Washington Post* reader," and they can sell that to bottom-feeder junk sites. 56/
That is, they can collude with Tabooleh or its rivals to offer advertisers a chance to advertise to *Post* readers at a fraction of what the *Post* charges. Lather, rinse, repeat, and the *Post*'s own ad revenues are drained. 57/
This doesn't apply to context ads. Indeed, none of the tech giants' much-vaunted #DataAdvantage - the overstated value of knowing what you did online 10 or 20 years ago, a belief in which keeps new companies out of the market - applies to context ads:
pluralistic.net/2021/04/11/hal… 58/
pluralistic.net/2021/04/11/hal… 58/
The transformative power of banning surveillance advertising goes beyond merely protecting our privacy. It also largely answers the case for #LinkTaxes (pseudo-copyright systems that let giant media companies decide who can link to them and charge for the privilege). 59/
The underlying case for link taxes, snippet taxes, etc, is that Big Tech is stealing the news media's content (by letting their users talk about and quote the news), when the reality is that Big Tech is stealing their *money* (through ad-fraud):
doctorow.medium.com/big-tech-isnt-… 60/
doctorow.medium.com/big-tech-isnt-… 60/
Unrigging the ad-tech market is a much better policy than establishing a link-tax, like the Democrats are poised to do with their #JournalismCompetitionAndPreservationAct (#JCPA):
politico.com/newsletters/po… 61/
politico.com/newsletters/po… 61/
It's easy to understand why the monopoly/private-equity-dominated news industry wants JCPA, rather than a clean ad market. 62/
The JCPA just imposes a tax on the crooked ad-tech giants that is paid to the largest media companies, while a fair ad market would reward the media outlets that invested most in news (and thus in expensive, unionized news-gathering reporters). 63/
Indeed, the JCPA only works if the ad-tech market remains corrupt: the excess Big Tech rents that Big News wants to claim here are the product of a rigged system. Unrig the system and there won't be any money to pay the link tax with. 64/
Image:
Anthony Quintano (modified)
commons.wikimedia.org/wiki/File:Mark…
CC BY 2.0
creativecommons.org/licenses/by/2.… 65/
Anthony Quintano (modified)
commons.wikimedia.org/wiki/File:Mark…
CC BY 2.0
creativecommons.org/licenses/by/2.… 65/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
