Facebook, Google face first GDPR complaints over forced consent

After two years coming down the pipe at tech giants, Europe’s new privacy framework, the General Data Protection Regulation( GDPR ), is now being applied — and long time Facebook privacy critic, Max Schrems, has wasted no time in filing four grievances relating to( certain) companies” take it or leave it’ posture when it comes to consent.

The complaints have been filed on behalf of( unnamed) individual users — with one filed against Facebook; one against Facebook-owned Instagram; one against Facebook-owned WhatsApp; and one against Google’s Android.

Schrems argues that the companies are using a strategy of” forced consent” to continue processing the individuals’ personal data — when in fact the law requires that users be given a free choice unless a consent is strictly necessary for provision of the service.( And, well, Facebook claims its core product is social networking — rather than farming people’s personal data for ad targeting .)

” It’s simple: Anything strictly necessary for a service does not require consent boxes anymore. For everything else users must have a real option to tell’ yes’ or’ no’ ,” Schrems writes in a statement.

” Facebook has even blocked accounts of users who have not given consent ,” he adds.” In the end users merely had the choice to delete the account or hit the “agree”-button — that’s not a free choice, it more reminds of a North Korean election process .”

We’ve reached out to all the companies involved for comment and will update this story with any response. Update: Facebook has now sent the following statement, attributed to its chief privacy policeman, Erin Egan:” We have prepared for the past 18 months to ensure we gratify the requirements of the GDPR. We have induced our policies clearer, our privacy decideds easier to find and introduced better tools for people to access, download, and delete their datum. Our work to improve people’s privacy doesn’t stop on May 25 th. For example, we’re building Clear History: a way for everyone to see the websites and apps that send us datum when you use them, clear this information from your account, and turn off our ability to store it associated with your account going forward .”

Schrems most recently founded a not-for-profit digital rights organization to focus on strategic litigation around the bloc’s updated privacy framework, and the complaints have been filed via this crowdfunded NGO — which is called noyb( aka’ none of your business ‘).

As we pointed out in our GDPR explainer, the provision in the regulation may be required for collective enforcement of individuals’ data rights is an important one, with the health risks to strengthen the implementation of the law by enabling non-profit organisations such as noyb to file complaints on behalf of individuals — thereby helping to redress the power imbalance between corporate giants and consumer rights.

That told, the GDPR’s collective redress provision is a component that Member Country can choose to derogate from, which helps explain why the first four complaints have been filed with data protection bureaux in Austria, Belgium, France and Hamburg in Germany — regions that also have data protection agencies with a strong record of defending privacy rights.

Given that the Facebook companies involved in these complaints have their European headquarters in Ireland it’s likely the Irish data protection bureau will get involved too. And it’s fair to say that, within Europe, Ireland does not have a strong reputation as a data protection rights champion.

But the GDPR allows for DPAs in different jurisdictions to work together in instances where they have joint subjects of concern and where a service crosses perimeters — so noyb’s action seems are aiming to exam this element of the new framework too.

Under the penalty structure of GDPR, major violations of the law can attract penalties as large as 4% of a company’s global revenue which, in the case of Facebook or Google, connotes they could be on the hook for more than a billion euros apiece — if they are deemed to have violated the law, as the complaints argue.

That told, devoted how freshly fixed in place the regulation is, some EU regulators may well tread softly on the enforcement front — at least in the first instances, to give companies some benefit of the doubt and/ or a chance to make amends to come into compliance if they are deemed to be falling short of the new standards.

However, in instances where companies themselves appear to be attempting to deform the law with a willfully self-serving interpretation of the rules, regulators may feel they need to act swiftly to nip any disingenuousness in the bud.

” We likely will not immediately have billions of penalty payments, but the corporations have intentionally contravened the GDPR, so we expect a corresponding penalty under GDPR ,” writes Schrems.

Only yesterday, for example, Facebook founder Mark Zuckerberg — speaking in an on stage interview at the VivaTech conference in Paris — claimed his company hasn’t had to make any radical changes to comply with GDPR, and further claimed that a “vast majority” of Facebook users are willingly opting in to targeted advertising via its new permission flow.

” We’ve been rolling out the GDPR flows for a number of weeks now in order to make sure that we were doing this in a good way and that we could take into account everyone’s feedback before the May 25 deadline. And one of the things that I’ve found interesting is that the great majority of people choose to opt in to make it so that we can use the data from other apps and websites that they’re using to make ads better. Because the reality is if you’re willing to see ads in a service you want them to be relevant and good ads ,” said Zuckerberg.

He did not mention that the dominant social network does not offer people a free choice on accepting or declining targeted advertising. The new permission flow Facebook uncovered ahead of GDPR only offers the’ choice’ of ceasing Facebook solely if a person does not want to accept targeting advertising. Which, well, isn’t much of a option dedicated how powerful the network is.( Additionally, it’s worth pointing out that Facebook continues tracking non-users — so even deleting a Facebook account does not guarantee that Facebook will stop processing your personal data .)

Asked about how Facebook’s business model will be affected by the new rules, Zuckerberg essentially claimed nothing significant will change –” because dedicating people control of how their data is employed has been a core principle of Facebook since the beginning “.

” The GDPR adds some new controls and then there’s some areas that we need to comply with but overall it isn’t such a massive departure from how we’ve approached this in the past ,” he claimed.” I mean I don’t want to downplay it — there are strong new rules that we’ve needed to set a bunch of work into making sure that we complied with — but as a whole the philosophy behind this is not completely different from how we’ve approached things.

” In order to be able to give people the tools to connect in all the ways they want and build community a lot of doctrine that is encoded in a regulation like GDPR is really how we’ve was just thinking about all this stuff for a long time. So I don’t want to understate the areas where there are new rules that we’ve had to go and enforce but I also don’t want to make it seem like this is a massive deviation in how we’ve was just thinking about this stuff .”

Zuckerberg faced a range of tough questions on these points from the EU parliament earlier this week. But he avoided answering them in any meaningful detail.

So EU regulators are essentially facing a first exam of their mettle — i.e. whether they are willing to step up and defend the line of the law against big tech’s attempts to reshape it in their business model’s image.

Privacy statutes are nothing new in Europe but robust enforcement of them would certainly be a breath of fresh air. And now at the least, thanks to GDPR, there’s a penalties structure in place to provide incentives as well as teeth, and spin up a market around strategic litigation — with Schrems and noyb in the vanguard.

Schrems also stimulates the point that small startups and local companies are less likely to be able to use the kind of strong-arm’ take it or leave it’ tactics on users that big tech is able to unilaterally apply and extract’ consent’ as a consequence of the reach and power of their platforms — arguing there’s an underlying competition concern that GDPR has the potential to help to redress.

” The fight against forced consent ensures that the corporations cannot force users to consent ,” he writes.” This is especially important so that monopolies have no advantage over small and medium-sized companies .”

Make sure to visit: CapGeneration.com


UK parliaments call for Zuckerberg to testify goes next level

The UK parliament has issued an impressive ultimatum to Facebook in a last-ditch attempt to get Mark Zuckerberg to take its questions: Come and give evidence voluntarily or next time you fly to the UK you’ll get a formal summons to appear.

” Following reports that he will be giving evidence to the European Parliament in May, we would like Mr Zuckerberg to come to London during the course of its European journey. We would like the session here to place by 24 May ,” the committee writes in its latest letter to the company, signed by its chair, Conservative MP Damian Collins.

” It is important to recognize that, while Mr Zuckerberg does not usually go under the jurisdiction of the UK Parliament, he will do so the next time he enters the country ,” he adds.” We hope that he will respond positively to our request, but if not the Committee will resolve to issue a formal summons for him to appear when he is next in the UK .”

Facebook has repeatedly ignored the DCMS committee‘s requests that its CEO and founder appear before it — preferring to send various minions to answer questions related to its enquiry into online disinformation and the role of social media in politics and democracy.

The most recent Zuckerberg alternative to appear before it was also the most senior: Facebook’s CTO, Mike Schroepfer, who claimed he had personally volunteered to make the trip-up to London to give evidence.

However for all Schroepfer’s sweating drudgery to try to stand in for the company’s chief exec, his answers failed to impress UK parliamentarians. And immediately following the hearing the committee issued a press release repeating their call for Zuckerberg to testify , noting that Schroepfer had failed to provide adequate answers to as many of 40 of its questions.

Schroepfer did sit through around five hours of grilling on a wide range of topics with the Cambridge Analytica data misuse scandal front and center — the tale having morphed into a major global scandal for the company after fresh revelations were published by the Guardian in March( although the newspaper actually published its first tale about Facebook data misuse by the company all the style back in December 2015) — though in last week’s hearing Schroepfer often fell back on claiming he didn’t know the answer and would have to “follow up”.

Yet the committee has been asking Facebook for straight answers for months. So you can see why it’s really mad now.

We reached out to Facebook to ask whether its CEO will now agree to personally testify in front of the committee by May 24, per its request, but the company declined to provide a public statement on the issue.

A company spokesperson did say it would be following up with the committee to answer any outstanding questions it had after Schroepfer’s session.

It’s fair to say Facebook has handled this issue exceptionally badly — leaving Collins to express public frustration about the lack of co-operation when, for example, he had asked it for help and information related to the UK’s Brexit referendum — turning what could have been a somewhat easy to manage process into a major media circus-cum-PR nightmare.

Last week Schroepfer was on the sharp objective of lots of awkward questions from visibly outraged committee members, with Collins pointing to what he dubbed a” pattern of behavior” by Facebook that he told suggested an” unwillingness to engage, and a desire to hold onto information and not disclose it “.

Committee members also interrogated Schroepfer about why another Facebook employee who appeared before it in February had not disclosed an existing agreement between Facebook and Cambridge Analytica.

” I remain to be convinced that your company has integrity ,” he was told bluntly at one point during the hearing.

If Zuckerberg does agree to testify he’ll be in for an even bumpier ride. And, well, if he doesn’t it looks pretty clear the Facebook CEO won’t be making any personal journeys to the UK for a while.

Make sure to visit: CapGeneration.com

Instagram says youre all caught up in first time-well-spent feature

Without a chronological feed, it can be tough to tell if you’ve seen all the posts Instagram will show you. That can lead to more of the compulsive, passive, zombie browsing that research suggests is unhealthy as users endlessly scroll through stale content hoping for a hit of dopamine-inducing novelty.

But with Instagram’s newest feature, at least users know when they’ve seen everything and can stop scrolling without FOMO. Instagram is showing some users a mid-feed alert after a bunch of browsing that says “You’re All Caught Up – You’ve seen all new post from the past 48 hours.” When asked about it, Instagram confirmed to TechCrunch that it’s testing this feature. It declined to give details about how it works, including whether the announcement means you’ve seen literally every post from people you follow from the last two days, or just the best ones that the algorithm has decided are worth showing you.

The feature could help out Instagram completists who want to be sure they never miss a selfie, sunset or supper pic. Before Instagram rolled out its algorithm in the summer of 2016, they could just scroll to the last post they’d seen or when they knew they’d last visited. Warning them they’ve seen everything could quiet some of the backlash to the algorithm, which has centered around people missing content they wanted to see because the algorithm mixed up the chronology.

But perhaps more importantly, it’s one of the app’s first publicly tested features that’s clearly designed with the “time well spent” movement in mind. Facebook CEO Mark Zuckerberg has been vocal about prioritizing well-being over profits, to the point that the network reduced the prevalence of viral videos in the feed so much that that app lost 1 million users in the U.S. and Canada in Q4 2017. “I expect the time people spend on Facebook and some measures of engagement will go down . . . If we do the right thing, I believe that will be good for our community and our business over the long term too,” he wrote.

But Instagram’s leadership had been quiet on the issue until last week, when TechCrunch broke news that buried inside Instagram was an unlaunched “Usage Insights” feature that would show users their “time spent.” That prompted Instagram CEO Kevin Systrom to tweet our article, noting “It’s true . . . We’re building tools that will help the IG community know more about the time they spend on Instagram – any time should be positive and intentional . . . Understanding how time online impacts people is important, and it’s the responsibility of all companies to be honest about this. We want to be part of the solution. I take that responsibility seriously.”

Instagram is preparing a “Usage Insights” feature that will show how long you spend in the app. Image via Jane Manchun Wong

It’s reassuring to hear that one of the world’s most popular, but also overused, social media apps is going to put user health over engagement and revenue. Usage Insights has yet to launch. But the “You’re All Caught Up” alerts show Instagram is being earnest about its commitment. Those warnings almost surely prompt people to close the app and therefore see fewer ads, hurting Instagram’s bottom line.

Perhaps it’s a product of Facebook and Instagram’s dominance that they can afford to trade short-term engagement for long-term sustainability of the product. Some companies like Twitter have been criticized for not doing more to kick abusers off their platforms because it could hurt their user count.

But with Android now offering time management tools and many urging Apple to do the same, the time-well-spent reckoning may be dawning upon the mobile app ecosystem. Apps that continue to exploit users by doing whatever it takes to maximize total time spent may find themselves labeled the enemy, plus may actually be burning out their most loyal users. Urging them to scroll responsibly could not only win their favor, but keep them browsing in shorter, healthier sessions for years to come.

Make sure to visit: CapGeneration.com

These schools graduate the most funded startup CEOs

There is no degree required to be a CEO of a venture-backed company. But it likely helps to alumnu from Harvard, Stanford or one of about a dozen other prominent universities that churn out a high number of top startup executives.

That is the central conclusion from our latest graduation season data crunch. For this exercise, Crunchbase News took a look at top U.S. university affiliations for CEOs of startups that created$ 1 million or more in the past year.

In many ways, the findings weren’t too different from what we unearthed almost a year ago, looking at the university backgrounds of funded startup founders. However, there were a few spins. Here are some key findings 😛 TAGEND

Harvard fares better in its rivalry with Stanford when it comes to training future CEOs than founders. The two universities essentially tied for first place in the CEO alum ranking.( Stanford was well ahead for founders .)

Business schools are big. While MBA programs may be seeing fewer applicants, different degrees remains quite popular among startup CEOs. At Harvard and the University of Pennsylvania, more than half of the CEOs on our listing graduated as business school alum.

University affiliation is influential but not determinative for CEOs. The 20 schools featured on our listing graduated CEOs of more than 800 global startups that created$ 1M or more in approximately the past year, a minority of the total.
Below, we flesh out the conclusions contained in more detail.

Where startup CEOs went to school

First, let’s start with school rankings. There aren’t many big amazes here. Harvard and Stanford far outpace any other institutions on the CEO list. Each counts close to 150 known alum among chief executives of startups that created$ 1 million or more over the past year.

MIT, University of Pennsylvania, and Columbia round out the five largest. Ivy League schools and big research universities constitute most of the remaining institutions on our list of about twenty with a strong track record for graduating CEOs. The numbers are to be laid down in the chart below 😛 TAGEND

Traditional MBA popular with startup CEOs

Yes, Bill Gates and Mark Zuckerberg fell out of Harvard. And Steve Jobs trenched college after a semester. But they are the exceptions in CEO-land.

The typical route for the leader of a venture-backed company is somewhat more staid. Degrees from prestigious universities abound. And MBA degrees, particularly from top-ranked programs, are a pretty popular credential.

Top business schools enroll only a small percentage of students at their respective universities. However, these institutions make a disproportionately large share of CEOs. Wharton School of Business degrees, for example, accounted for the majority of CEO alumnus from the University of Pennsylvania. Harvard Business School also graduated more than half of the Harvard-affiliated CEOs. And at Northwestern’s Kellogg School of Management, the share was nearly half.

CEO graduates background is truly quite varied

While the educational backgrounds of startup CEOs do present a lot of overlap, there is also plenty of room for variance. About 3,000 U.S. startups and nearly 5,000 global startups with listed CEOs created$ 1 million or more since last May. In both cases, those startups were largely led by people who didn’t attend a school on the list above.

Admittedly, the math for this is a bit fuzzy. A big chunk of CEO profiles in Crunchbase( probably more than a third) don’t include colleges and universities affiliation. Even taking this into account, however, it looks like more than half of the U.S. CEOs were not graduates of schools on the short list. Meanwhile, for non-U.S. CEOs, only a small number attended a school on the list.

So, with that, some words of inspiration for graduates: If your goal is to be a money startup CEO, the surest route is likely to launch a startup. Degrees matter, but they’re not determinative.

Make sure to visit: CapGeneration.com

Facebook faces fresh criticism over ad targeting of sensitive interests

Is Facebook trampling over laws that govern the processing of sensitive categories of personal data by failing to ask people for their explicit permission before it induces sensitive inferences about their sex life, religion or political notions? Or is the company merely treading uncomfortably and unethically close to the line of the law?

An investigation by the Guardian and the Danish Broadcasting Corporation has found that Facebook’s platform lets advertisers to target users based on interests related to political notions, sexuality and religion — all categories that are marked out as sensitive datum under current European data protection law.

And indeed under the incoming GDPR, which will apply across the bloc from May 25.

The joint investigation discovered Facebook’s platform had built sensitive inferences about users — letting advertisers to target people based on inferred interests including communism, social democrats, Hinduism and Christianity. All of which would be classed as sensitive personal data under EU rules.

And while the platform offers some constraints on how advertisers can target people against sensitive interests — not letting advertisers to exclude users based on a specific sensitive interest, for example( Facebook having previously run into trouble in the US for enabling discrimination via ethnic affinity-based targeting) — such controls are beside the point if you take the view that Facebook is legally required to ask for a user’s explicit consent to processing this kind of sensitive data up front, before making any inferences about a person.

Indeed, it’s very unlikely that any ad platform can put people into pails with sensitive labels like’ interested in social democrat issues’ or’ likes communist pages’ or’ attends gay events’ without asking them to let it do so first.

And Facebook is not asking first.

Facebook argues otherwise, of course — claiming that the information it meets about people’s affinities/ interests, even when they necessitate sensitive categories of information such as sexuality and religion, is not personal data.

In a reply statement to the media investigation, a Facebook spokesperson told us 😛 TAGEND

Like other Internet companies, Facebook depicts ads based on topics we suppose people might be interested in, but without utilizing sensitive personal data. This means that someone could have an ad interest listed as’ Gay Pride’ because they have liked a Pride associated Page or clicked a Pride ad, but it does not reflect any personal characteristics such as gender or sexuality. People are able to manage their Ad Preference tool, which clearly explains how advertising works on Facebook and provides a route to tell us if you want to see ads based on specific interests or not. When interests are removed, we show people the list of removed interests so that they have a record they can access, but these interests are no longer used for ads. Our advertising conducted in accordance with relevant EU law and, like other companies, we are preparing for the GDPR to ensure we are compliant when it comes into force.

Expect Facebook’s argument to be tested in the courts — likely in the very near future.

As we’ve said before, the GDPR suits are coming for the company, thanks to beefed up enforcement of EU privacy regulations, with the regulation providing for penalties as large as 4% of a company’s global turnover.

Facebook is not the only online people profiler, of course, but it’s a prime target for strategic litigation both because of its massive size and reaching( and the resulting power over web users flowing from a dominant position in an attention-dominating category ), but also on account of its nose-thumbing posture to compliance with EU regulations thus far.

The company has faced a number of challenges and sanctions under existing EU privacy law — though for its operations outside the US it typically refuses to recognize any legal jurisdiction except corporate-friendly Ireland, where its international HQ is based.

And, from what we’ve seen in so far, Facebook’s response to GDPR’ conformity’ is no new leaf. Rather it looks like privacy-hostile business as usual; a continued attempt to leveraging its size and power to force a self-serving interpretation of the law — bending rules to fit its existing business procedures, rather than reconfiguring those processes to comply with the law.

The GDPR is one of the reasons why Facebook’s ad microtargeting empire is facing greater scrutiny now, with only weeks to go before civil society organizations are able to take advantage of fresh a chance for strategic litigation allowed by the regulation.

” I’m a big fan of the GDPR. I genuinely believe that it gives us — as the court in Strasbourg would say — effective and practical redress ,” statute prof Mireille Hildebrandt tells us.” If we go and do it, of course. So we need a lot of public litigation, a lot of court cases to induce the GDPR work but … I think there are more people moving into this.

” The GDPR made a market for these sort of law firms — and I think that’s excellent .”

But it’s not the only reason. Another reason why Facebook’s handling of personal data is attracting attention is the result of tenacious press investigations into how one controversial political consultancy, Cambridge Analytica, was able to gain such freewheeling access to Facebook users’ data — as a result of Facebook’s lax platform policies around data access — for, in that instance, political ad targeting purposes.

All of which eventually blew up into a major global privacy cyclone, this March, though criticism of Facebook’s privacy-hostile platform policies dates back more than a decade at this stage.

The Cambridge Analytica scandal at least brought Facebook CEO and founder Mark Zuckerberg in front of US lawmakers, facing questions about the extent of the personal information it gatherings; what controls it offers users over their data; and how he thinks Internet companies should be regulated, to name a few.( Pro tip for politicians: You don’t need to ask companies how they’d like to be regulated .)

The Facebook founder has also ultimately agreed to meet EU lawmakers — though UK lawmakers’ calls have been dismissed.

Zuckerberg should expect to be questioned very closely in Brussels about how his platform is impacting European’s fundamental rights.

Sensitive personal data wants explicit consent

Facebook deduces affinities linked to individual users by collecting and processing interest signals their web activity generates, such as likes on Facebook Pages or what people look at when they’re browsing outside Facebook — off-site intel it meets via an extensive network of social plug-ins and tracking pixels embedded on third party websites.( According to datum released by Facebook to the UK parliament the coming week, during merely one week of April this year its Like button appeared on 8.4 M websites; the Share button appeared on 931,000 websites; and its tracking Pixels were running on 2.2 M websites .)

But here’s the thing: Both the current and the incoming EU legal framework for data protection situates the bar for consent to processing so-called special category data equally high — at “explicit” consent.

What that entails in practice is Facebook needs to seek and protected separate permissions from users( such as via a dedicated pop-up) for collecting and processing this type of sensitive data.

The alternative is for it to rely on another special condition for processing this type of sensitive data. However the other conditions are pretty tightly drawn — relating to things like the public interest; or the vital interests of a data subject; or for purposes of” preventive or occupational medication “.

None of which would appear to apply if, as Facebook is, you’re processing people’s sensitive personal information merely to target them with ads.

Ahead of GDPR, Facebook has started asking users who have chosen to display political opinions and/ or sexuality information on their profiles to explicitly consent to that data being public.

Though even there its any measures were problematic, as it offers users a take it or leave it style’ option’ — saying they either remove the info solely or leave it and therefore agree that Facebook can use it to target them with ads.

Yet EU law also requires that permission be freely given. It cannot be conditional on the provision of a service.

So Facebook’s bundling of service provisions and permission will also likely face legal challenges, as we’ve written before.

” They’ve tangled the use of their network for socialising with the profiling of users for advertising. Those are separate purposes. You can’t tangle them like they are doing in the GDPR ,” says Michael Veale, a technology policy researcher at University College London, emphasizing that GDPR allows for a third option that Facebook isn’t offering users: Letting them to keep sensitive data on their profile but that data not be used for targeted advertising.

” Facebook, I believe, is quite afraid of this third alternative ,” he continues.” It goes back to the Congressional hearing: Zuckerberg said a lot that you can choose which of your friends every post can be shared with, through a little in-line button. But there’s no option there that tells’ do not share this with Facebook for the purposes of analysis ‘.”

Returning to how the company synthesizes sensitive personal affinities from Facebook users’ Likes and wider webs browsing activity, Veale highlights the fact that EU law also does not recognise the kind of distinction Facebook is seeking to draw — i.e. between inferred affinities and personal data — and thus to try to redraw the law in its favor.

” Facebook say that the data is not correct, or self-declared, and therefore these provisions do not apply. Data does not have to be correct or accurate to be personal data under European law, and trigger increased protection. Indeed, that’s why there is a’ right to rectification’ — because incorrect data is not the exception but the norm ,” he tells us.

” At the crux of Facebook’s challenge is that they are inferring what is arguably “special category” data( Article 9, GDPR) from non-special category data. In European statute, this data includes race, sexuality, data related to health, biometric the necessary data for the purposes of identification, and political opinions. One of the first things to note is that European law does not govern collect and use as distinct activities: Both are considered processing.

” The pan-European group of data protection regulators have recently confirmed in guidance that when you deduce special category data, it is as if you collected it. For this to be lawful, this is necessary a special reason, which for most companies is restricted to separate, explicit permission. This will be often different than the lawful basis for processing the personal data you used for inference, which might well be’ legitimate interests ‘, which didn’t necessitate permission. That’s ruled out if you’re processing one of these special categories .”

” The regulators even specifically dedicate Facebook like inference as an example of extrapolating special category data, so there is little wiggle room here ,” he adds, pointing to an example used by regulators of a study that combined Facebook Like data with” restriction survey information” — and from which it was found that researchers could accurately predict a male user’s sexual orientation 88% of the time; a user’s ethnic origin 95% of the time; and whether a user was Christian or Muslim 82% of the time.

Which underlines why these rules exist — given the clear risk of violates to human rights if big data platforms can merely suck up sensitive personal data automatically, as a background process.

The overarching aim of GDPR is to give consumers greater control over their personal data not only to help people defend their rights but to promote greater trust in online services — and for that trust to be a mechanism for greasing the wheels of digital business. Which is pretty much the opposite approach to sucking up everything in the background and hoping your users don’t realize what you’re doing.

Veale also points out that under current EU law even an opinion on someone is their personal data …( per this Article 29 Working Party guidance, emphasis ours ):

From the point of view of the nature of the information, the concept of personal data includes any sort of statements about a person. It covers “objective” datum, such as the presence of a certain substance in one’s blood. It also includes “subjective” datum, sentiments or appraisals . This latter sort of statements make up a significant share of personal data processing in sectors such as banking, for the assessment of the reliability of borrowers (” Titius is a dependable borrower “), in insurance (” Titius is not expected to die soon “) or in employment (” Titius is a good worker and merits promotion “).

We set that specific point to Facebook — but at the time of writing we’re still waiting for a answer.( Nor would Facebook offer a public response to several other questions we asked around what it’s doing here, preferring to limit its comment to the statement at the top of this post .)

Veale adds that the WP29 guidance has been upheld in recent CJEU suits such as Nowak — which he tells emphasized that, for example, annotations on the side of an exam script are personal data.

He’s clear about what Facebook should be doing to comply with the law:” They should be asking for individuals’ explicit, separate consent for them to extrapolate data including race, sexuality, health or political sentiments. If people say no, they should be able to continue using Facebook as normal without these inferences being built on the back-end .”

” They need to tell individuals about what they are doing clearly and in plain language ,” he adds.” Political opinions are just as protected here, and this is perhaps more interesting than race or sexuality .”

” They certainly should face legal challenges for the purposes of the GDPR ,” concurs Paul Bernal, senior lecturer in law at the University of East Anglia, who is also critical of how Facebook is processing sensitive personal information.” The affinity notion seems to be a fairly transparent attempt to avoid legal challenges, and one that ought to fail. The topic is whether the regulators have the intestines to build the point: It undermines a quite significant part of Facebook’s approach .”

” I suppose the reason they’re pushing this is that they think they’ll get away with it, partly because they think they’ve persuaded people that the problem is Cambridge Analytica, as rogues, rather than Facebook, as enablers and advocates. We need to be very clear about this: Cambridge Analytica are the symptom, Facebook is the disease ,” he adds.

” I should also say, I guess the differences between’ targeting’ being OK and’ excluding’ not being OK is also mostly Facebook playing games, and trying to have their cake and eat it. It simply invites gaming of the systems really .”

Facebook claims its core product is social media, rather than data-mining people to operate a highly lucrative microtargeted ad platform.

But if that’s true why then is it tangling its core social functions with its ad-targeting apparatus — and telling people they can’t have a social service unless they agree to interest-based advertising?

It could support a service with other types of advertising, which don’t depend on background surveillance that erodes users’ fundamental rights. But it’s opting not to offer that. All you can’ select’ is all or nothing. Not much of a choice.

Facebook telling people that if they want to opt out of its ad targeting they must delete their account is neither a road to obtain meaningful( and therefore lawful) permission — nor a very compelling approach to counter criticism that its real business is farming people.

The issues at stake here for Facebook, and for the shadowy background data-mining and brokering of the online ad targeting industry as a whole, are clearly much greater than any one data misuse scandal or any one category of sensitive data. But Facebook’s decision to retain people’s sensitive personal data for ad targeting without asking for consent up-front is a telling sign of something gone very wrong indeed.

If Facebook doesn’t feel confident asking its users whether what it’s doing with their personal data is okay or not, maybe it shouldn’t be doing it in the first place.

At very least it’s a failing of ethics. Even if the final judgement on Facebook’s self-serving interpretation of EU privacy rules will have to wait for the courts to decide.

Make sure to visit: CapGeneration.com

Zuckerberg tells Congress Facebook is not listening to you through your phone

Facebook CEO Mark Zuckerberg officially shot down the conspiracy hypothesi that the social network has some route of maintaining tabs on its users by tapping into the mics on people’s smartphones. During Zuckerberg’s testimony before the Senate this afternoon, Senator Gary Peters had asked the CEO if the social network is mining audio from mobile devices — something his constituents have been asking him about, he said.

Zuckerberg denied this sort of audio data collection was taking place.

The fact that so many people believe that Facebook is “listening” to their private conversations is representative of how mistrustful users have grown of the company and its data privacy practices, the Senator noted.

” I think it’s safe to say very simply that Facebook is losing the trust of an awful lot of Americans as a result of this incident ,” told Peters, tying his constituents’ questions about mobile data mining to their outrage over the Cambridge Analyticascandal.

Questions about Facebook’s mobile data collection practises aren’t anything new, however.

In fact, Facebook went on record back in 2016 to nation — full stop — that it does not use your phone’s microphone to inform ads or News Feed stories.

Despite this, it’s something that keeps coming up, again and again. The Wall Street Journal even operated an explainer video about the conspiracy last month. And yet none of the reporting seem to be quash the rumor.

People simply refuse to believe it’s not happening. They’ll tell you of very specific times when something they swear they are uttered aloud speedily appeared in their Facebook News Feed.

Perhaps their inability to believe Facebook on the matter is more of an indication of how precise — and downright creepy — Facebook’s ad targeting capabilities have become over the years.

Peters took the opportunity today to ask Zuckerberg this question straight on today, during Zuckerberg’s testimony.

” Something that I’ve been hearing a lot from folks who have been coming up to me and talking about a kind of experience they’ve had where they’re having a conversation with friends — not on the phone, just talking. And then they watch ads popping up fairly quickly on their Facebook ,” Peters explained.” So I’ve heard constituents fear that Facebook is mining audio from their mobile devices for the purposes of ad targeting — which I suppose speaks to the lack of trust that we’re seeing here .”

He then asked Zuckerberg to country if this is something Facebook did.

” Yes or no: Does Facebook use audio obtained from mobile devices to enrich personal information about its users ?,” Peters asked.

Zuckerberg reacted simply: “No.”

The CEO then added that his answer meant “no” in terms of the conspiracy theory that keeps get passed around, but noted that the social network does allow users to record videos, which have an audio component. That was a bit of an unnecessary clarification, though, given that the issues to was about surreptitious recording , not something users were explicitly recording media to share.

” Hopefully that will dispel a lot of what I’ve been hearing ,” Peters told, after hearing Zuckerberg’s response.

We wouldn’t be too sure.

There have been a number of lengthy explanations of the technical limitations considering research projects of this scale, which have also pointed out how easy it would be to detect this practice, if it were true. But there are still those people out there who believe things to be true since they are feel true.

And at the end of the working day, the fact that this conspiracy refuses to die says something about how Facebook users view the company: as a stalker that sneaks on their privacy, and then can’t be believed when it tells you,” no, trust me, we don’t do that .”

Make sure to visit: CapGeneration.com

Everything Facebook launched at F8 and Why

Day 1 of Facebook’s F8 seminar was packed with proclamations and updates. Here are 10 big takeaways from Mark Zuckerberg’s keynote on Day 1. You can find full coverage and analysis of F8 here.

1. FaceDate

Facebook is launching a dating feature where you can volunteer to make a profile that’s only visible to non-friends who’ve also opted in to looking for love. Facebook will match you based on all its data, and messaging will happen in a dedicated inbox rather than Messenger.

Why: If Facebook wants to drive” meaningful connects ,” it doesn’t get more meaningful than introducing you to their own lives partner. Facebook will have to be careful to keep everything private, as people already think it’s creepies or uncool. But investors love it, considering Tinder parent company Match Group’s share price fell 22 percentage today.

2.” Clear History “

Facebook is constructing Clear History, a new privacy feature allowing users to delete data Facebook has collected from sites and apps that use its ads and analytics tool. This means you can scrubbing some of your browsing history from Facebook’s data store. Mark Zuckerberg likened this to deleting cookies from your browser history. It’s a nice gesture to the privacy-conscious, though it’ll attain your Facebook experience less personalized.

Why: Zuckerberg faced tons of questions from Congress about data it collects from around the web. Users were pissed to learn they had little control over it. Clear History could quiet some sobs for regulation.

3. Instagram video chat and anti-bullying

Instagram is launching video chat,which TechCrunch scooped in March when we spotted the feature buried in its Android app. Meanwhile, Instagram is also get a new filter to protect users from bullying remarks, plus an improved Explore tab.

Why: Instagram Direct messaging is super popular, but absence video chat … which is also super popular on Messenger and WhatsApp. Combined with anti-bullying features, Instagram could become a safer and sillier place for teens to hang out — which is just what Facebook wants to defeat Snapchat.

4. Facebook is reopening its app review process

Facebook will re-open its app review process following the pause it took after the Cambridge Analytica crisis — welcome news for developers.

Why: Facebook couldn’t danger another sketchy app slipping through and selling user data, but it also has to keep developers loyal to its platform so they keep constructing experiences that attract users. Facebook was wise to balance safety and privacy with new developer capabilities today.

5. Oculus Go goes on sale for $199

Oculus Go, Facebook’s cheap and capable standalone VR headset, is now on sale. It expenses $199 for the version with 32 GB of onboard storage, and $249 for the 64 GB variety.

Why: VR headsets where you have to stick your phone in are clumsy and prevent Facebook from controlling the whole experience. Instead of relying on the Samsung Gear headset shell and your iPhone or Android, Facebook gets to dictate everything about the perfect VR rig you can strap on first-timers.

6. Messenger simplifies and starts translation

Facebook is tiptoeing into translation of chat threads in Messenger, starting with English-Spanish convos in the U.S. within Marketplace. Meanwhile, Facebook is stripping out the camera and games tab to give Messenger a cleaner design.

Why: Translation could deliver on the Facebook promise of bringing the world closer together by eradicating language obstacles and letting people realise how much they have in common. But Messenger was get route too bloated with so many new features, so the simplification should let the actually useful ones shine.

7. Introducing VR Memories and 3D photos

Facebook is bringing 3D illustrations and models to the News Feed.It’s also going to turn 2D photos into VR memories — 3D surroundings you can explore using a trippy phase cloud design.

Why: Facebook wants to stay ahead of the content trends and be the home of future formats. They might seem like a novelty today, but at the least they keep Facebook interesting.

8. WhatsApp reaches 450 million tales users

WhatsApp’s Snapchat Stories clone WhatsApp Status now has 450 million daily active users . That’s well over 2X the user count of Snapchat’s whole app. And WhatsApp is also adding stickers and group video calling.

Why: This is a big deal because Snapchat had a disastrous earnings call today where it sink to its slowest user growth rate ever, while WhatsApp Status continues its explosive growth. Snapchat forgot the international market at first, and now WhatsApp has beaten it to the punch worldwide.

9. Sharing to Facebook and Instagram Stories from other apps

Starting with Spotify, SoundCloud and GoPro, other apps can share photos and videos directly to Stories inside Facebook and Instagram.

Why: Facebook wants to make its Narratives more interesting than Snapchat’s. And this new wing of the platform could create a massive opportunity for music discovery, the likes of which we haven’t seen since Myspace.

10. Oculus Tv

Oculus wants you to watch TV inside its new Go headset. At first you’ll get Facebook Watch, but expect apps like Netflix and Hulu to arrive eventually.

Why: There only aren’t enough great VR experiences, but perhaps Facebook can get people spending more time in their headsets by creating a virtual big screen for 2D content.

For more of TechCrunch’s F8 coverage, check out all our narratives :

Make sure to visit: CapGeneration.com

Facebook demands ID verification for big Pages, issue ad buyers

Facebook is looking to self-police by implementing parts of the proposed Honest Ads Act before the government tries to regulate it. To oppose fake news and election interference, Facebook will require the admins of popular Facebook Pages and advertisers buying political or “issue” ads on” debated topics of national legislative importance” like education or abortion to verify their identity and place. Those that refuse, is considered to be fraudulent or are trying to influence foreign elections will have their Pages prevented from posting to the News Feed or their ads blocked.

Meanwhile, Facebook plans to use this information to append a” Political Ad” label and” Paid for by” information to all election, politics and issue ads. Users can report any ads they think are missing the label, and Facebook will show if a Page has changed its name to thwart misrepresentation. Facebook started the verification process the coming week; users in the U.S. will start considering the labels and purchaser info afterward this spring, and Facebook will expand the effort to ads around the world in the coming months.

This verification and name change revealing process could avoid tremendously popular Facebook Pages from being built up around benign content, then sold to cheats or trolls who switch to sharing scams or misinformation.

Overall, it’s a smart start that comes route too late. As soon as Facebook started heavily promoting its ability to run influential election ads, it should have voluntarily adopted similar verification and labeling regulations as traditional media. Instead, it was so focused on connecting people to politics, it disregarded how the connection could be debased to power mass disinformation and destabilization campaigns.


” These steps by themselves won’t stop all people trying to game the organizations of the system. But they will make it a lot harder for anyone to do what the Russians did during the 2016 election and use fake accounts and pages to operate ads ,” CEO Mark Zuckerberg wrote on Facebook .” Election interference is a problem that’s bigger than any one platform, and that’s why we support the Honest Ads Act. This will assist raise the bar for all political advertising online .” You can see his full post below.

The move follows Twitter’s November announcement that it too would label political ads and prove who purchased them.

Twitter’s mockup for its “Political” ad labels and” pay money by” information

Facebook also devoted a timeline for releasing both its tools for viewing all ads run by Pages and to create a Political Ad Archive. A searchable index of all ads with the “political” label, including their images, text, target demographics and how much was spent on them, will launch in June and keep ads visible for four years when they are run. Meanwhile, the View Ads tool that’s been testing in Canada will roll out globally in June so users can see any ad run by a Page , not just those targeted to them.

Facebook announced in October it would require documentation from election advertisers and label their ads, but now is applying those requirements to a much wider swath of ads that deal with big issues impacted by politics. That could protect users from disinformation and divisive content not only during elections, but any time bad actors are trying to drive wedges into society. Facebook wouldn’t reveal the threshold of followers that will trigger Pages needing verification, but confirmed it will not apply to small to medium-size businesses.

By self-regulating, Facebook may be able to take the wind out of calls for new laws that apply to online ads purchaser revealing rules on Tv and other traditional media ads. Zuckerberg will testify before the U.S. Senate Judiciary and Commerce committees on April 10, as well as the House Energy and Commerce Committee on April 11. Having today’s announcement to point to could give him more protection against criticism during the hearings, though Congress will surely want to know why these safeguards weren’t in place already.

With important elections coming up in the US, Mexico, Brazil, India, Pakistan and more countries in the next year, one…

Posted by Mark Zuckerberg on Friday, April 6, 2018

For more on Facebook’s recent troubles, check out our feature tales :

Make sure to visit: CapGeneration.com