This is quite something to read. The Irish data protection authority is where most GDPR complaints against US tech companies like Facebook end up, because the European activities of these companies are registered there. It has been quite clear in the past few years how enormously slow the Irish DPA has been in dealing with those complaints. Up to the point where the other DPA’s complained about it, and up to the point where the European DPA intervened in setting higher fine levels than the Irish DPA suggested when a decision finally was made. Now noyb publishes documents they obtained, that show how the Irish DPA tried to get the other national DPA’s to accept a general guideline they worked out with Facebook in advance. It would allow Facebook to contractually do away with informed consent by adding boiler plate consent to their TOS. This has been the FB defense until now, that there’s a contract between user and FB, which makes consent unnecessary. I’ve seen this elsewhere w.r.t. to transparency and open data in the past as well, where government entities tried to prevent transparency contractually. Contractually circumventing and doing away with general legal requirements isn’t admissable however, yet that is precisely what the Irish DPA attempted to make possible here through a EU DPA Guideline.
Reading this, the noticeable lack of progress by the Irish DPA seems not to be because of limited resources (as has been an issue in other MS), but because it has been actively working to undermine the intent and impact of the GDPR itself. Their response to realising that adtech is not workable under the GDPR seems to be to sabotage the GDPR.
The Irish DPA failed to get other DPA’s to accept a contractual consent bypass, and that is the right and expected outcome. That leaves us with what this says about the Irish DPA, that they attempted it in the first place, to replace their role as regulator with that of lobbyist:
True, Open Corporates does not seem to hold US companies from Chicago/Illinois, where this one says to originate. Searching for the Meta company name in Chicago does surface a local fintech company that had an angel investment round last year. They used a different domain, metacash.io (now for sale), and name a different founder. There is a Nick Stulic, who coded in python some years back it seems. The domain meta.company was registered in 2014.
But there is nothing about what the company actually does in the letter, nor is there anything but that letter on its website. The named legal offices exist but don’t pertain to the company, but to the suggested FB actions.
The ‘open letter’ precisely boosts a notion about FB that seems to fit perfectly, and that many will want to believe. But I’ll put this one in the stack marked fake.
Seeing that 2007 posting in my ‘on this blog today in…’ widget I was curious to see whatever happened to Open Social. After the launch in 2007, I don’t remember hearing much about it anymore.
Following the link to Google’s own page on Open Social now gets a 404 error message (which isn’t different from 2007 when I blogged it, because news leaked before the launch, so that page wasn’t active yet. In between today and today in 2007 it has been a working link for some years though as the Internet Archive can attest) Wikipedia has the story of the years in between in more detail. The Open Social standard saw it latest release in August 2013, and then development stopped.
Yet, the still remaining W3C Working Group page has a photo with a number of familiar faces: core members of the IndieWeb community. And the Working Group delivered in their 2014-2018 period of activity the W3C standard recommendations for all the major building blocks of the IndieWeb (Webmentions, Micropub, Microsub, Activitypub, IndieAuth). The W3C activity wound down and reduced to a single W3C IRC channel #social that sees little activity. The log files of #social are hosted on indieweb.org.
So here we are, thirteen years down the road. It’s not Google but IndieWeb-enabled websites like mine ‘ganging up on Facebook’ instead. 😉
Never issue a threat you’re not really willing to follow up on… FB says it might stop servicing EU citizens because it isn’t allowed to transfer their data to US servers over data protection concerns. To me it would seem good news if the FB data-kraken would withdraw its tentacles. It is also an open admission that they can’t provide their service if it is not tied to adtech and the rage-fed algorithmic timeline built on detailed data collection. Call it, I’d say.
Facebook has warned that it may pull out of Europe if the Irish data protection commissioner enforces a ban on sharing data with the US, after a landmark ruling by the European court of justice found in July that there were insufficient safeguards against snooping by US intelligence agencies.
He cannot hold on to such enormous power and avoid responsibility when things get tough.
Karen Swisher, in a NY Times column about the many troubling aspects of Facebook and Zuckerbergs centralised power, seeks a fitting metaphor for how he and FB behave regarding their responsibilities as a platform content distributor and editor and curator of that content. (FB should not be seen as a platform, until they have open API’s. That they removed FB apps and APIs over time is a sign they do not regard themselves as platform either, it’s just a convenient legal position to claim.)
She ends up with comparing Zuckerberg to a butcher disavowing responsibility for the meatproducts he sells, as most are made by others. Yes some meatproducts are rotten, but who is he to take people’s freedom to poison themselves, even he’d never eat it himself.
Jason Kottke lifts the metaphor out of Karen Swisher’s column and adds a very peculiar anecdote from 2011 when Zuckerberg only wanted to eat meat of animals killed by himself.