Meta announced that starting next Wednesday, some Facebook and Instagram users in the European Union will for the first time be able to opt out of sharing first-party data used to serve highly personalized ads, The Wall Street Journal reported. The move marks a big change from Meta’s current business model, where every video and piece of content clicked on its platforms provides a data point for its online advertisers.
People “familiar with the matter” told the Journal that Facebook and Instagram users will soon be able to access a form that can be submitted to Meta to object to sweeping data collection. If those requests are approved, those users will only allow Meta to target ads based on broader categories of data collection, like age range or general location.
This immediately feels like something that shouldn’t be legal. Why on earth do I have to convince Facebook to respect my privacy? I should not have to provide any justification to them whatsoever – if I want them to respect my privacy, they should just damn do so, no questions asked.
It seems I’m not alone:
Other privacy activists have criticized Meta’s plan to provide an objection form to end sweeping data collection. Fight for the Future Director Evan Greer told Ars that Meta’s plan provides “privacy in name only” because users who might opt out if given a “yes/no” option may be less likely to fill out the objection form that requires them to justify their decision.
“No one should have to provide a justification for why they don’t want to be surveilled and manipulated,” Greer told Ars.
Exactly.
FB users have nothing to hide anyway.
Unfortunately this war was lost a decade or two back. As for the new generation. They are OK with the cards they were dealt with. If you ask them what about your privacy. They look at you as some sort of a weirdo.
And that’s not surprising in any way. They’ve grown and are growing up in a society that surveils them, everywhere, all the time. Privacy largely doesn’t exist in their frame-of-reference so how can they be expected to value a foreign concept? I’ve discussed privacy with younger people and their response is overwhelmingly “who cares?” It’s bizarre to me that a generation of people with that opinion and who are seemingly emotionally fragile, are so eager to put their lives online in full display for the whole world to criticize.
Interestingly that’s not my experience at all: when I speak to people under the age of 25, they often seem more privacy-savvy and privacy-conscious than others. I’m sure there must be good research that’s looked at this though, in case anyone knows of any?
When you speak to them on TikTok?
Haha No; obviously I’m way too privacy conscious to be using TikTok.
That i guess is another problem. Privacy conscious people wouldn’t touch it with a stick. Hence actual users of TikTok are never really confronted with such views.
Here’s an interesting study on the topic that suggests it’s all quite nuanced.
https://cyberpsychology.eu/article/download/6182/5531
I’m not in a position to judge the research, but the authors conclude:
Here’s a bit more detail. They split users into three age groups (18-40; 40-65; 65+) and conclude:
1. Older age groups spend less time on social networking, have smaller networks and are less motivated to use it for self-disclosure.
2. Younger users are more likely to use privacy protection.
3. Greater use of privacy protection wasn’t due to increased privacy literacy, but rather correlated with information disclosure.
4. There were no significant differences between age groups in terms of considering privacy as a right or being concerned about own privacy.
5. Older adults were more likely to be conscious about the co-dependency of privacy and to value privacy of others.
Edit: I appreciate 18-40 probably isn’t what people here mean by the new generation, but maybe there are other studies out there to look at for this.
The thing is that when someone says “privacy protection on Facebook”. Good luck with that. Basically that is ignorance.
flypig,
I do wonder the extent to which opt-in versus opt-out changes things. I find that when I work with older generations, they are unlikely to be aware of the settings. I think social media companies sometimes take advantage of this. The fact that someone hasn’t enabled a privacy protection doesn’t automatically mean we can conclude they agreement to share their data.
No kidding, that range is so granular that I have to question why the authors did it this way. Why would they be inclined to throw away so much resolution for the study? There are probably legal reasons they didn’t want to include 17- in the research, but that would have been pretty valuable for spotting trends.
Thom Holwerda,
Obviously, as privacy advocates, sure you want to have control.
However, for websites that properly disclose that they’re going to use & share your data before you provide it, and then you go on and provide your data anyways, and then they go on to use your data as indicated, it’s harder to make the case that the website is guilty of misusing personal data.
Obviously users should be allowed to reject terms and forgo the service. Google has been caught a few times collecting personal data without explicit permission, which is very bad and I believe they’ve been fined for it. However on the other hand when a service is actually transparent and the user explicitly agrees to hand over their data for it to be used by the company, then what’s wrong with that?
Personally, I disagree with what companies do with our information, so I take steps to avoid data brokers & minders where ever possible. However for users who are informed, disagree with the terms, and yet continue to use a services anyways, I kind of feel that’s on them. How could you argue otherwise?
I do have some sympathy for anyone whose felt coerced to use a service because it’s a monopoly (I’ve been pressured myself by employers and others). These monopolies are a serious problem in the tech industry, but I feel that monopolies need to be addressed in their own right (and with much more urgency than we’re currently tacking them).
Sure, there’s always an argument that says “companies should be allowed to put whatever they want in their contracts, if people agree to them, that’s their choice”. But unless you believe this should apply in general (I don’t), you have to go down to specifics. Since It’s almost impossible to use online services without being surveilled, this isn’t just about personal choices.
In this particular case Meta was claiming users were agreeing to a contract, and then using the “necessary to comply with contract” argument under the GDPR to process their data. But this is pretending that contractual obligation is the same as consent, which it’s not. Under the GDPR consent can be revoked at any time. This seems to be the legal argument that Meta just lost [1]. Meta has now been fined EUR1.077 billion for at least 4 GDPR contraventions [2], so it might be reasonable for users to be suspicious of Meta as a trustworthy data guardian.
But I’d go further and say that there should be a separation between data collection to provide a service to the user, and data collection for other purposes (e.g. advertising). As a user, it should be my right to be able to consent to the former without consenting to the latter (and paying for the service in some other way if necessary). There doesn’t seem to be a commercial incentive for this right now, so I think it should be a right protected by society.
And the reason is because of the potential impact and irreversibility of handing over personal data, while at the same time access to the Web is necessary to be part of modern society.
There’s a simplicity and purity to your argument that’s really compelling. But I think the GDPR has it right that contract and consent should be kept separate when it comes to personal data.
[1] https://dataprotection.ie/en/news-media/data-protection-commission-announces-conclusion-two-inquiries-meta-ireland
[2] https://www.enforcementtracker.com/ (type “Meta Platforms” into the search field).
flypig,
I actually don’t believe that either, however I think it’s a bit futile to expect companies to value privacy over profits. Privacy is incompatible with the business models that many of these tech giants are running on.
I absolutely don’t trust facebook/meta as a trustworthy guardian, but then their practices aren’t the exception, they are the norm. I’m very disappointed with the practices of the banking industry, credit industry, employers, and heck even grocery stores, etc. IMHO the main problem in the US is that private data gets used without explicit permission. Nothing short of explicit and transparent opt in is ethical at a minimum. I’d agree with you about the ability to opt-out again after opting in.
The side effect of regulating this monetization of personal data is that it kills off business models that depend on it including facebook, google and many other leading companies to varying degrees. Maybe this is what you want, but I think we need to be up-front about the real long term changes. I have to play a bit of devil’s advocate here, but the fact is a lot of these companies became so successful because users preferred free services with little privacy over paid services. They made the choices that wiped out paid services. Many free services will die off with advertisers unable to target personal data. On the one hand I’d welcome this because small businesses like mine could benefit if free services were to go away, but on the other hand is that really what users want when they are the ones responsible for killing off paid services in favor of those that monetize private data?
Surveillance capitalism is much better understood by users now than it was two decades ago, so I don’t think it’s fair to hold users responsible, when at the time, it wasn’t an informed choice. If things had happened in a different order, then I’d be more inclined to agree with what you say.
I get that you’re playing devils advocate, and I don’t think our actual positions are far apart (if at all) But even if what you (as advocate) are saying is true, then there shouldn’t really be any danger from companies offering a privacy-preserving paid-for alternative. Most users would simply not take up the alternative, right?
flypig,
I am curious how this would work in practice? Would the GDPR popups we have now be amended to include links to a paywall version of the site that doesn’t monetize user data? I remain skeptical that paid services would gain much popularity even if users are given the explicit choice.
I know there’s no way to accomplish this, but for me ideally there wouldn’t be any unwanted ads. These pollute everything in both physical and virtual spaces and moreover they hurt our wallets with inflated costs. I really wish the world would do away with advertising budgets and just sell cheaper products instead.
This isn’t to say there’s no need for directories of commercial products and services, those have a place and are genuinely valuable for consumers seeking them out. But having companies increase product prices so they can bid against one another to place ads that interrupt and annoy us seems like a mostly bad system for society. As much as I wish things were different, it’s hard (for me) to believe in change. There are too many strong incumbents to change.
For the US/Canada, you can use “opt out”. For the EU though, you have to use “opt in” – opt out is not legal. I am sure their legal department will let them know.
“`
This immediately feels like something that shouldn’t be legal. Why on earth do I have to convince Facebook to respect my privacy? I should not have to provide any justification to them whatsoever – if I want them to respect my privacy, they should just damn do so, no questions asked.
“`
This is not only embarrassing but now it’s insulting Tom: https://ibb.co/Q6DBvx2
Stop complaining about privacy issues and fix your own website