Pretending that clicking 'accept' under a page of legalese constitutes consent in any meaningful way is disingenuous and as a society we need to grow past it.
[1] https://www.nytimes.com/2017/03/16/us/oxford-comma-lawsuit.h...
Do EU lawsuits require the plaintiff to pay the legal costs of the defendant if they lose? If so, I doubt we'll be seeing GDRP trolls unless those GDRP trolls are well financed and prepared to pay all of the legal costs.
I agree with the GDPR in principle, but the manner in which the enforcement was setup, and the way it didn't phase in the aspects over time, and the way the fines are subjective from painful to destructive without any clear guidance as to how they will be levied, and considering the regulations were written in such a way that people seem to have a very poor understanding of what the actual rules are unless they have legal teams giving them the answers leaves me with doubts that this isn't yet another European regulatory money grab at the same time that it's a much needed advancement on privacy reform.
What's even better is all the non-lawyers posting blog posts saying STOP FREAKING OUT!!! Stop interpreting the rules wrong!!!
When you create a system that could amount to a severe financial risk, in the way this was done, I can't exactly rest easy given the advice of Jon Q. Blogspam Esq attorney from Wordpress School of Law.
If GDPR were clearly and rationally written, if it had a explicit grace period and progressive fines rather than instant potential massive liability, if regulators had front loaded more of the official clarifications prior to it taking effect so that everyone wouldn't have to pay law firms to ask the same questions, etc then we wouldn't all be flooded with stupid emails and misfires by every company we do business with. And saying that anyone who is afraid of GDPR is doing something bad with user data is just unfounded slander.
I am extremely pro-privacy and what they're trying to do for privacy here is great. The execution could have been much better. And I highly doubt the apologists will be around to explain why they were wrong when people operating in good faith, trying their best to be compliant are fined for non-compliance in an audit.
Is that plain wrong, or am I missing something?
That's the problem, they took physical, real world products like Mortgage documents that were easy to understand, kept on paper and but had stipulations and they applied it to things like storing your information in some unknown company in some unknown country and relinquishing liability in the event your personal details ended up on the DarkWeb.
It's not nearly as simple as that.
The issue isn't (only) that ToCs are written in legalese (they are a contract, after all). The bigger issue is that users don't know what Facebook collects about them or how that can be used against them. And it's clear that Facebook gathers a significant amount of information on you even if you never "sign up" for an account.
In the ToCs, it is written in vagaries like "the information you submit to us", but in practical terms, Facebook has been caught doing things that users (even very technical users) didn't expect. When you type in the "comment" form but delete the comment, Facebook has actively analyzed what text was deleted. The first Facebook iOS app transferred the entire contents of my contacts list (it's possible that this was messaged previously, but I wasn't aware of this permission). It's pretty clear that LinkedIn pilfered my GMail contacts without my permission or even my knowledge.
It's not reasonable to assume that users know what Facebook 2018 might do with their data when they sign up in 2008. This counts 2x when it comes to M&A -- if a company is purchased, the new company can completely rewrite the ToCs and I, as a consumer, have no ability to withdraw my previously submitted data to them (without components of the GDPR).
GDPR's "Right to be Forgotten" is interesting to me because it's a foreign concept in US law. As an engineer, I find it difficult to deal with corner cases. As a consumer, I feel like the foundations of what we call "privacy" are only eroding without the GDPR. Congress is willing to defend the privacy of children under 13 (COPPA), medical patient records (HIPPA), some financial account records, but little else.
> Zuck isn't putting a gun to anyone's head and telling them to use to service.
This isn't about coercion (or the lack of it). It's about transparency of operations and information asymmetry.
And I don't mean to hate on Facebook. They have been the target of more reports, but there are precious few companies in the same industry which don't have many similar offenses.
As far as what FB is going to do to use it against me I am not sure what exactly they can do that will actually be a detriment to my life. Can they throw me in jail for a mean comment? No. As long as there is proper due process for government's access to my data (which GDRP to my knowledge doesn't address and is a whole 'nother legal issue imo) I'm not terribly concerned.
When prenuptial agreements are signed for example, if one party has an attorney, the other party should have an attorney if they expect the agreement to hold up later.
I believe the case law around shrink wrap licenses is nothing more than a pragmatic recognition of a business "need" (desire) to have complex legal terms to defend themselves against claims. I believe it falls short of what we should recognize as a valid contractual agreement as a society.
https://en.wikipedia.org/wiki/Meeting_of_the_minds
I also don't think "the right to pay me money and use my service" is really valid consideration.
But I'm not a lawyer and that's just my opinion about the way things should be, not how they actually are in today's varying jurisdictions.
I mean the service is incurring a cost to develop and maintain so if you want to use it the service/good should have the right to charge. Whether they exercise that right is a different question. They can choose not to charge or sell for a loss (i.e. free chips and salsa at tex-mex, fremium SASS). Also this is kinda how consensual economic transactions work.
As far as the "not a contract" part goes, no one is stopping you from hiring a lawyer to explain the T&S before signing up. Also signing up to me is a pretty explicit action that isn't carried out under the threat of violence. FB & other similar services aren't a right so government can't protect the user from facing undue costs of usage.
Idk this screams of people wanting government to change private enterprises business models instead of letting competition do it; A concept I am not a huge fan of. Also again to me seems to legalize free-riders which is just theft by government.
The fact that no one is stopping you from hiring a lawyer to explain the T&C doesn't somehow help the inferred assertion that we should consider this a valid and enforceable contract. Personal responsibility is valid and important, but I would assert that government recognition and enforcement of contracts is in fact a threat of violence in the indirect governmental sense. If I don't honor the contract you can secure a judgement against me in civil court and if I don't pay the judgement you can have the county sheriff come seize my property on your behalf. If I tried to stop the county sheriff from seizing my property, I would be on the losing end of violence.
Signing up for something doesn't imply that you understand what you're agreeing to. Contract law has historically idealized that all parties are of sound mind, that they are capable of understanding or receive the necessary help to reach that understanding, that they can read the language the contract is written in, or have a translation that's factually accurate, etc.
This isn't about competition or the free market, and fighting for libertarian principles. This is about business owners using the same governmental threat of violence that they reject with regards to regulations, to enforce one sided terms of a "contract" without any sort of meeting of the minds, consideration, or other traditional factors that go into agreements that governments are willing to enforce.
We seem to have a sliding standard of different types of contracts that have different requirements in order to be enforceable. A prenuptial agreement in many places requires that both sides have an attorney representing them, or that they at least have equal representation and equal footing. If I made a prenup in the form of a 100 page document that had no consideration for my fiancé, and had her sign it by clicking on "I agree" on a website she visited, that would be thrown out in seconds in a divorce proceeding and standard community property laws would apply.
If having a meeting of the minds, consideration for all parties, and understanding of the terms are important concepts for some kinds of contract law, why do we let business make up "business models" where they dictate all the terms, they claim you "signed" a contract through implicit actions like entering the premises or clicking "I agree", and where businesses can unilaterally update those terms at will with nothing more than notification of the other party. I mean there's really not even an effort to pretend there's an equitable relationship between the two parties of the contract.