Norway Fining Meta $98,500 per Day for User Privacy Breach

Norway Fining Meta $98,500 per Day for User Privacy Breach(twipla.com)

111 points by VisitorAnalyt 2 years ago | 91 comments

jsnell 2 years ago |

Discussed multiple times in the last couple of months. There seems to be nothing new in this submission, it's just somebody churning away at the content marketing mill.

https://news.ycombinator.com/item?id=37403583

https://news.ycombinator.com/item?id=37173344

https://news.ycombinator.com/item?id=37045185

https://news.ycombinator.com/item?id=36756101

https://news.ycombinator.com/item?id=37403633

VisitorAnalyt 2 years ago |

Big tech - and Meta's approach to user data security - has long felt too powerful for Europe's data protection authorities to control. Given this, Norway's success is showing other European countries the way, and this points to a significant improvement in EU citizen personal data protection in the coming years.

bettercallsalad 2 years ago | |

> EU citizen personal data protection

Sadly, there is no personal data protection. EU has recently agreed to allow data transfer to US [1]

[1] https://arstechnica.com/tech-policy/2023/07/big-tech-can-tra...

MaKey 2 years ago | | |

That's now the EU's third attempt to allow data transfer to the US. Fundamentally not much has changed, so hopefully we'll see Schrems III.

Y_Y 2 years ago | |

Worth nothing that Norway is not in the EU yet, though the statement remains true.

Semaphor 2 years ago | | |

They are half-way in the EU, though ;) Most EU regulations apply IIRC.

drooopy 2 years ago | |

What has less value than pocket change? Because that's what this fine is to Meta or Big Tech in general. And how exactly is Norway pointing the way when other EU states such as Italy, Ireland, France etc have imposed similar fines to Alphabet and/or Meta in the past?

jonplackett 2 years ago | |

Is it actually changing anything though, or are Meta just paying the fine and continuing their merry way?

jve 2 years ago |

I want to ask here: Is there any study/experiment about what way say offline in proximity of our Android mobile devices leads to ads in Google?

My collegue made an experiment with his wife. Put their phones down, talk about different kinds of CRMs and DID NOT SEARCH for that stuff. Lo and behold, ads about different kinds of CRMs start popping up.

I'm skeptical to these things and initially didn't believe. Then people I ask confirm - hey, yeah, I was only talking about it, now I get those ads! He said he was talking non-English, however CRM software names are english.

Coincidance?

I would love to hear some experiment results in this direction.

Kollided 2 years ago | |

"A widespread myth regarding online advertising is that Google and Facebook are listening to us speak and showing ads on this basis. This is not true, even if it often seems to be. There is a good explanation for this misconception. All of us have probably been part of a discussion on a specific topic—only to see online ads on the same topic immediately afterward. This is not a case of Google recording your speech and using it to target advertising. The most common reason is that people take keener note of matters that they have just discussed. If your phone is showing you ads for holidays in Maui, you probably ignore them. However, if you have just spent time with your cousin in a café, discussing places to visit in Maui during your holiday, the same ad will grab you in a different way. Another explanation is that your friend has been browsing for Internet content relevant to your discussion, even if you haven't. So, if you discussed haggis with your colleagues during your coffee break and you see a Facebook ad for delicious haggis in the afternoon, there is no conspiracy. Inspired by your discussion, your colleague has gone online for a genuine haggis recipe, from the same address space as your workstation. Sometimes, the most peculiar things have perfectly logical explanations."

*If It's Smart, It's Vulnerable", Mikko Hyppönen

gausswho 2 years ago | | |

I daresay that's a very Finnish style of explanation.

sneak 2 years ago | |

I am so tired of these memes. The network traffic out of common social media mobile apps is fully studied and understood. You can even inspect it yourself if you like, using an access point, an http reverse proxy, a self-generated CA (manually installed on device), and some netfilter rules. AFAIK the social media apps aren't doing cert pinning, but even if they are you can find the pins in the apk and patch your own in over top.

It would be obvious if they were exfiltrating audio data. They are not.

spiderfarmer 2 years ago | | |

While I agree with you I think it's pretty easy to do the processing on device, encrypt the relevant topics and communicate them in innocent looking calls?

mu53 2 years ago | | |

Do you have a link to any of these studies? It sounds interesting, but I couldn't find anything with my searches

filleokus 2 years ago | |

I think no hard evidence has ever come from theories like this. And like the sibling comment said, considering how much scrutiny major social media apps (and the Android OS) is under from security researchers - surely someone would have noticed by know.

But. I also think this shows how spookily good the surveillance ad tech really is, and to what extent the major players (Alphabet, Meta etc) keep track of people. Non-techy people attribute it to microphones and dictation, while in reality it is just enormous amount of old school digital behaviour tracking.

(And a dash or two of frequency illusion bias of course, people tend to ignore the "hot single moms in your area" or super general ads with less impressive targeting)

ajsnigrutin 2 years ago | | |

Plus some psychology.

An average user with an adblock gets hundreds, maybe even thousands of ads every day, for new cars, clutch replacements, diapers, washing detergent, shadow raid vpn, local political party, mcdowells, kentucky fried pizza, sex toys, 1:9 baluns, cisco console cables... and they don't even notice most of them.

And then something happens, your washing machine fails, you talk about it, open google, get ads for tampax, ignore them, find service, fix it and forget about everything. Then you watch stranger things, google the reviews, get an ad for yard fences, ignore that and forget about that too. Then you talk with your wife how you're out of detergent, turn on youtube and get a detergent ad... "wait, we were just talking about that? how did they know?! microphones, spying, conspiracy!".

InfamousRece 2 years ago | |

This could be some variation of Baader-Meinhof phenomenon: https://en.m.wikipedia.org/wiki/Frequency_illusion

mda 2 years ago | |

It doesn't. Maybe try with something more obscure. It is a phenomenon called frequency bias (it has different names)

kornhole 2 years ago | |

I often hear different variations of this story, but I have never seen it well documented. I have not seen an online ad in over three years since I switched to Graphene OS without any adware on my devices.

yard2010 2 years ago |

Facebook is a $815 Billion company. This is merely a slap on the wrist. Honest question, why not 100x? They can and will pay, and other governments can follow and end this lizard way of doing business

ekianjo 2 years ago | |

Revenue is not the same as net income. And market cap is utterly meaningless

ta1243 2 years ago | | |

Revenue is 120b/year, or $330m a day. This is 1/3,300th of their global revenue.

It's the equivelent of being less than one parking ticket per year - and that's for someone on an SV income.

Zetobal 2 years ago |

Just make it an even 1% of revenue per day going up 1% every other day.

guidedlight 2 years ago |

They should double it every month.

ed_blackburn 2 years ago |

It's when these matters start moving from civil to criminal and directors fear criminal proceedings that enforcement is taken seriously by organisations that apply every decision through the lens of is the fine the cost of doing business?

charcircuit 2 years ago |

This isn't a user privacy breach. Recommending posts is a core functionality of social media. People understand that the site learns your interest. It's not a privacy breach if TikTok learns you like watching piano videos. Nor is it a privacy breach if X learns you like to see posts from artists.

awesomeMilou 2 years ago | |

The issue at hand isn't their recommender system for content, it's that they use the same recommender system for ads, which is apparently illegal in Norway.

As I understand it, it's legal to offer recommender systems for personalized content suggestions, but you cannot do the same for personalized ads.

troupo 2 years ago | | |

> which is apparently illegal in Norway.

In EU and areas that conform with the EU laws: EEA (which Norway is part of), Switzerland etc.

gremlinunderway 2 years ago | |

Just because its been imposed as a "standard" for so long before anyone objected doesn't make it a core functionality of social media. Sites don't need to learn my interest by profiling me like the Stasi.

s17n 2 years ago | | |

Just because you don’t like it doesn’t mean it’s not the core functionality. If you don’t want a personalized feed why are you using Facebook in the first place? They don’t really do anything else.

madsbuch 2 years ago |

maybe this could be the next way to pad their sovereign wealth fund, when the oil is gone.

imjonse 2 years ago |

When reporting fines for large companies in media, these should also be expressed as percentage of daily/yearly profits or revenues, to highlight the fact that most of the time they won't have any effect.

zgs 2 years ago |

$30 million per annum wouldn't even represent a bump against their revenue. Until the fines are revenue based, it's not going to matter.

gnfargbl 2 years ago |

If we boldly link market cap and individual net worth, then this is like someone with a net worth of $1m being fined 12 cents per day. From Meta's point of view, what makes this more than just an additional tax?

jncfhnb 2 years ago | |

Well we shouldn’t do that because thats a deeply naive way to think about market values, people don’t really think about wealth taxes, and you’re confusing taxes with fines.

What you should compare it to is the net income derived from Norway.

MontgomeryPi2 2 years ago | |

Indeed. How many centuries would Meta need to pay this fine before it starts to begin to hurt/be noticed I wonder.

imglorp 2 years ago | |

The fine should double every day of continued violation, if you want to get their attention.

Denvercoder9 2 years ago | |

Generally regulators increase fines like this over time if the violation is not resolved. GDPR allows a maximum fine of 4% of global turnover.

nonrandomstring 2 years ago |

I am curious. How does this work?

Do big-tech companies actually pay these fines? In cash? By daily bank transfer? Direct debit?

And to whom? Margrethe, the Queen of Denmark? Or to some bank? Or are bank notes scattered to wind in Copenhagen square so the people can stuff them into their pockets?

Or do the governments of countries whose laws are broken have a nod-and-wink tacit agreement that "fines" are just numbers for the press to print and assuage our sense of outrage. Aren't we just starting to use numbers like this as abstract tokens of justice?

I'd like to see Zuck made to personally lug an enormous pirate's chest of treasure up to the gates of Copenhagen, or face blood-eagling at dawn.

fbn79 2 years ago |

META privacy breach are nothing when you have App like TEMU ---> https://grizzlyreports.com/we-believe-pdd-is-a-dying-fraudul...

oknotcool 2 years ago | |

What's up with the whataboutism, both can be bad.