When Ireland’s Data Protection Commission recently ruled Meta’s ad practices illegal under EU law, they disrupted the dominant ad model, which has been fuelling the internet since its commercialisation at the beginning of this century. With pressure from the European Data Protection Board, EDPB, the commission demanded that Meta pay a huge fine but also, more importantly, change its practices, so users will have to opt into Facebook’s personalisation model.
Exactly on 25th March 2018 at midnight, when the GDPR entered into force, Meta changed its legal terms for users being on Facebook. Instead of complying with the law and asking for users’ for consent to use their data for personalisation, this condition became part of Meta’s Terms of Conditions, TOS, and thus an inevitability, if you wanted to be on Facebook. The Austrian organisation Noyb.eu complained about this to the Irish Data Protection Commission. Meta has its European headquarter in Ireland, which has traditionally had both lenient tax laws and lenient enforcement of personal data laws. However, the Irish commission allowed Meta’s behaviour, so Noyb.eu went to EDPB, which in December slapped the Irish Data Protection Commission in the face and declared Facebook’s invasive model illegal. (more details on the Noyb-website)
Meta, of course, does not agree on this ground-breaking decision, as the micro personalisation it stands for is the core of its lucrative business model. It has three months to comply with the decision, and their lawyers are now definitely working to find ways of this. The main reason for this is the opt-in model, which is the gist of GDPR – yet never really enforced until now – and data companies despise it.
Tracking-by-default or Private-by-default
Human internet users are very lazy and crave for convenience. Therefore, a tracking-by-default internet model has been thriving. You sign op to something and if you don’t want to be tracked you have to read the privacy policy or terms of conditions and opt-out. Most are too lazy for this and just say yes and continue. What the Meta decision is saying is that you cannot have such invasive personalisation practises as Meta with out an active opt-in model. So, just as most users will not opt-out they won’t opt-in either. The majority will do nothing and therefor the default is so important. The EU and GDPR want it to be privacy-by-default.
Opt-in and Opt-out
An opt-in process requires the user to actively subscribe to a service. ‘Opt-in’ consent means you ask for someone’s consent or permission before using their data for marketing.
An opt-out process requires the user to take action to say no to a service. Opt-out is when you are tracked by default and given the option to say no.
The decision is likely to have started a process that can be the slow end of surveillance capitalim, as Wired reports.
Some envision an opt-in economy, writes Wired. “If everything becomes opt-in in the future, I think we have gained a lot because then we will actually have to understand what we’re opting into,” says Pernille Tranberg, cofounder of Danish think tank Data Ethics EU. Tranberg is not against personalized advertising, but she wants to choose which sites she gives her data to, depending on their reputation — she probably wouldn’t give her data to Facebook, she says, but she might give it to a newspaper or a bookstore.
The decision does not necessarily kill personalisation, and thus the free internet, as both Google and Meta argue. A lot of people will probably opt-in for personalisation, as long as they trust the company behind the service. And this is where maybe both Google and Facebook have a problem.
Photo: Eric Dungan, Unsplash.com