I mean dude you’re defending Meta, arguably the single worst company when it comes to respecting user data and privacy
That’s argumentum ad hominem. If the law means what you think it means, it applies whether we’re talking about EvilCorp or SaveTheWhaleChildrenBeeFluff.
Also recall the very first thing I said on this topic:
I’m all for GDPR and really enjoy its protections, but I don’t understand this one.
I’m playing devil’s advocate in order to gain insight, because I have no clue how this board reaches its conclusions.
I can’t find the word ‘unbiased’ in the GDPR. All it asks for is consent:
- Processing shall be lawful only if and to the extent that at least one of the following applies:
a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
In the case of facebook, the user gives consent for the purpose of being served targeted advertising in exchange for the provided service.
[Edit:] Found something:
When assessing whether consent is freely given, utmost account shall be taken of whether, […] the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. Article 7, paragraph 4 GDPR
So the question of whether the pay-or-consent model is legal hinges upon the question of whether payment (in any form) is “necessary for the performance of that contract“.
Are there any rights you think should supersede contracts? If so, how do you draw the line between rights that do and don’t?
(I’ll answer your question in a comment side-chain, just because you asked.)
Germans have the right to continued wage payments if they need to take care of family members (§616 BGB). However, that right can be voided in the employment contract.
(§618 BGB) essentially states that the work environment must be reasonably safe. This cannot be voided by contract, as is codified in (§619 BGB).
These are just instances. I do not know any general rules for the precedence of contracts over the law or vice versa.
Are there any rights you think should supersede contracts?
That is beside the point I’m making. Facebook acknowledges the right to privacy by giving you the choice to pay for the service rather than giving up your data. In my view, this should be completely acceptable by the GDPR. No-one is forcing you to sign up to facebook, so you do have a completely free choice to (1) either not give up your data and not use facebook; or (2) not give up your data and pay for the service; or (3) give up your data and pay for the service that way.
You have the right to not own a car. But if you do, you must have insurance for it (in Germany, at least). You cannot hide behind GDPR and say “I have a right to my data. I must not be asked to give it to any insurer without my consent.” You also need to have a driver’s license with your name and photo on it. GDPR doesn’t protect you there, either.
The bottom line is: Using a product may come with responsibilities or other concessions. You have the right to not use the product if the concessions aren’t worth it to you. You do not have the right to any product if you refuse the obligations that come with it.
This is, of course, my own opinion based on my understanding of how the world should work.
If I understand you correctly, you’re making the same argument as !snooggums@midwest.social above, so I’ll copy answer to them here:
That is a completely different issue. On the one hand, meta does collect data on people who do not have an account. This is simply illegal, since that collection is neither necessary nor consented to. The EU should finally put a stop to that.
On the other hand we have the voluntary relationship a user enters with facebook by creating an account. This is what the article is about and what I was referring to in my comment – the “binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising”
That is a completely different issue. On the one hand, meta does collect data on people who do not have an account. [Edit: Source: https://www.consumerreports.org/electronics-computers/privacy/how-facebook-tracks-you-even-when-youre-not-on-facebook-a7977954071/] This is simply illegal, since that collection is neither necessary nor consented to. The EU should finally put a stop to that.
On the other hand we have the voluntary relationship a user enters with facebook by creating an account. This is what the article is about and what I was referring to in my comment – the “binary choice between paying for a service and consenting to their personal data being used to provide targeted advertising”
I’m all for GDPR and really enjoy its protections, but I don’t understand this one. If facebook says they need €10/mo to provide their services and gives us the choice to either pay that or to pay with targeted ads, then how does that infringe upon our data [Edit: integrity autonomy]? The service seems to be worth something, so the EU cannot expect facebook to just give it out for less, can they? What’s the basis for this?
I’m not sure which meaning of ‘should be able to be voided’ you’re using. Do you mean ‘Why do think it’s legal to void it’ or ‘Why do you think it’s legitimate to be able to void it’?
In the first case: My employment contract does exactly this. It’s become kind of a default clause in contracts. Researching this you’ll find a lot of websites (in German) that say that the clause is ‘abdingbar’ (which I translated as ‘voidable’).
In the second case: I didn’t say I thought it legitimate, and I don’t have a strong opinion on this.