Meta/Facebook’s approach to GDPR compliance is largely insufficient, according to a new ruling by the Court of Justice of the European Union.
“Meta cannot simply bypass the GDPR with some paragraphs in its legal documents. This will mean that Meta has to seek proper consent and cannot use its dominant position to force people to agree to things they don’t want.”
Yep that app is definitely not a privacy nightmare. No.
Meta: “Oh no, anyway… Here’s Instagram Threads.”
It’s a good time to be European - if they truly commit to Activitypub, being locked out of this service won’t even matter to the people who might want to be on it.
Man I hate undefined acronyms
Sorry about that - GDPR is short for General Data Protection Regulation, and it’s basically an EU regulation determining what businesses are allowed to do with the data of their users.
What businesses are allowed to do with user data boils down to pretty much nothing without consent: Individuals need to have control over their data and have it removed if they feel like it, you can’t just ship user data out of the EU just like that, you can’t store user data without explicit consent, etc. It caused a huge shock in European industry when it was first passed, as basically not a single company was meeting the standards of what we now refer to as being GDPR compliant. I had a friend working in some random flower shop who got a bunch of extra work because their repeat customer programme was suddenly becoming illegal.
The case before the CJEU - the Court of Justice of the European Union - revolved around the terms and conditions of Facebook. Meta did not want to conventionally comply with GDPR because it turns out users will generally refuse to give consent if you go ahead and ask them. Insted they came up with a dumb loophole: the ads were framed as part of their service, and their terms of service obliged Facebook to serve people ads that would otherwise have been in breach with GDPR.
Predictably, the European court was not convinced by their “loophole”, and basically ruled that Meta has to comply with GDPR like anyone else.
I hope that clarified a little! :)
The real question though is, how compatible they are with CCPA? Will CA’s SCOCA be also as harsh as EU’s CJEU?
Do you think there’s any chance?
I know next to nothing about California law, but it seems like this would be extremely aggressive towards what’s essentially a huge industry in California. Privacy concerns also seem to me to be less important in the US - if anything there might be a preference for the storage of data due to stuff like the Patriot Act?
Then again, California has the capability to surprise.