Legal experts on data processing and transparency rights are increasingly in the news to call out Facebook as a criminal business model (gathering other people’s data and using it without real consent)
Today’s GDPR complaints from BEUC argue that Meta’s pay-or-consent model breaches data protection principles of the law, including the principles of purpose limitation, data minimisation, fair processing and transparency, with said processing enabling the company to “infer private details about the consumer.”
The group also claim Meta has no valid legal basis under the GDPR for its data processing for advertising because it relies on consent. It also claims Meta cannot “account for the lawfulness of its processing for content personalisation” because the social media giant doesn’t make it clear that its purpose is necessary for the relevant contract or that the “profiling” is consistent with the principle of data minimisation. Lastly, the Euro groups are claiming in their complaints that the model is inherently unfair because of a “lack of transparency, unexpected processing, [the] use of its dominant position to force consent, and switching of legal bases in ways which frustrate the exercise of data subject rights.”
My, how time flies.
On the 18th of August, 2011 ULD presented a technical and legal analysis of the use of fanpages and social plug-ins. We stated that fanpages and social plug-ins implement long-persisting cookies not only on the devices of Facebook members, but also of non-members. Some of those cookies are used to provide data for an analytics tool called Insights that give fanpage and website owners feedback on users and their behaviour. As we couldn’t see any legal justification for those cookies and the processing of personal traffic data in the US, we had to denounce the operating of those fanpages and social plug-ins by controllers in Schleswig-Holstein as illegal. There is no valid informed consent of the user, there is even no possibility to opt out.
Certainly, more than a decade of arguments about consent and human rights aren’t going to resonate with a CEO who has boldly declared, “I don’t care if people like me,” when imposing his own wishes on others, even when it blatantly disregards the law.
The beginnings of Facebook involve a controversial incident at Harvard, where Mark Zuckerberg used “Facemash” in 2003 to attack women who refused to date him. Zuckerberg fell under scrutiny after women of color reported consent violations — clear and severe privacy breaches, gathering unauthorized photos of women to solicit abuse of them if they refused his demands. Despite a brief investigation of breach of security, violating copyrights, and violating individual privacy, Harvard dumped the charges to instead become an early investor in a platform for misogynist attacks and political destabilization.
…FaceMash website began with a love-scorned Zuckerberg in 2003, who began to drink and write in his blog about an idea to hack university servers and download photos of students without permission… The Kirkland [dorm] facebook is open on my desktop and some of these people have pretty horrendous facebook pics,” he wrote that night. “I almost want to put some of these faces next to pictures of farm animals and have people vote on which is more attractive.”
This is all a good reminder that on this blog in 2011 I called out very concerning Russian influence and interference in Facebook, yet the CEO even five years later in the hot seat still tried to claim ignorance of what was never a secret.
…private company ruled by a man funded by Russians without any transparency that most likely hopes to profit from your loss (of privacy)
Makes you wonder what might have happened if regulators had done the right thing and shut down Facebook back then. Of course it is a criminal business model in 2024. We know so much more about harms due to hindsight, because it has always been a criminal business model.