Discussion in 'Article Discussion' started by bit-tech, 11 Jul 2018.
£500k fine? Rather like a flea bite to an elephant.
Is there a reason why Britain sets such comically low maximum fines? The government might as well just wag it's finger and say to these global mega corps "that was naughty, very naughty".
With GDPR now the maximum is £17 million or four percent of global annual turnover, whichever is greater - which for Facebook would be millions upon millions. 'course, when we final Brexit is Breakfast we'll probably go back to the old ways and the £500k ICO limit...
(Facebook was fined under the old limit, not GDPR, 'cos the abuse happened pre-GDPR.)
Think they will pay the fine as it could cost them more in hiring their own lawyers to fight the case than to pay the fine
Still not convinced this wasn't just user error...
Yes and no.
I think the real problem is the underlying issue that the average person lacks education on technology, which includes the simple fact that if you put your real life identity online it will with 100% certainty be used for purposes you do not agree with.
Of course on the flipside this lack of education allowed social media to grow from nothing into a multi billion industry and the philosophical debate over which one we should value more is unlikely to ever get settled.
I agree with that but I don't think it should be the platform where the data misuse occurred that should be blamed. If a shop was to collect and misuse your data you wouldn't blame the landlord for allowing them to operate.
If we're descending into metaphor - and you know I love to descend into metaphor - I'd say a better one is to decide whether or not you'd complain if your data was taken from the shop by a third party, when it turns out that the landlord had been taking money from third parties to allow them in the shop for the specific purpose of taking a peek at your personal data only this third party looked at more than he was supposed to while the landlord was counting his stacks of cash oh and the landlord and the shop are one and the same.
Or something like that, anyway.
The closest metaphor I can think of is:
- A shop offers to display notices you put in the window, or notices you put inside.
- The notices are signed by you.
- If you put a notice inside, you can tell them only to show it to a friend, or only to a friend of your friend.
- Your friend goes inside, fills out a survey from $Researcher, and says "$Researcher is my friend!"
- $Researcher goes in, reads the notices you wrote to your friend - that your friend told the shop they could read - and also reads all the ones you displayed in the window.
- $Researcher then gave their copies of the notices to $ShadyGuys, who sent out some questionably effective spam.
Everyone is now very angry at $ShadyGuys (and at $Researcher if they actually noticed who the questionnaire was written by), and at the shop, though everyone is angry for different reasons, not all of which make sense (for example, complaining that the notices they put in the windows have been looked at and copied down by everyone).
Except the Landlord provided the recording equipment, took a cut of the profits, then spent years trying to hide what was going on from the outside world and authorities, only to be caught when it had become so brazen even Average Joe in the street knew what was going on.
I think they'll 'negotiate' every step of the way, the cost of lawyers is insignificant against the implicaions of being convicted and/or getting regulated. Big companies care far more about keeping alleged infractions alleged than they do legal fees, it's hard to fight a lawsuit if you've already been convicted of the crime.
Remember that the data gathered by Facebook for targeted advertising (e.g. via web bugs etc) and the data provided by users to Facebook (e.g. posts, likes, uploaded photos) are basically two separate silos of data. The former remains tightly controlled within Facebook (the closest people have come to exfiltration is by submitting very highly targeted ads then using side channels to identify who has clicked on those ads, e.g. an advert that leads to a survey that requests your real name, and this has been mitigated by target fudging), and the latter is varying degrees of publicly accessible depending on your privacy settings. API access to the latter is free, but is effectively just webscraping without the hassle (i.e. you could gather the exact same data without any API access, API access just reduces the load on Facebook's servers), but there is no API access to the former whatsoever.
There was some rather overstated headlines recently over data access by Huawei, Lenovo, etc. In those cases, Huawei and Lenovo wrote their own clients for user's to access Facebook via, which out of necessity meant those applications needed to access data at the same level as the user logged into them in order to actually function (or you'd end up in the situation where you set your account to private, and then find your client can no longer display your own posts). They too did not have any access to the internal ad targeting dataset.
Separate names with a comma.