But I cannot help but wonder if we, the public, are really focusing on the right thing here?
Is "companies are using your reading history to target ads" really the same level of dangerous as "your government wants to read all your messages"?
Why is the EU regulating privacy topics to the point were we no longer have access to certain social media products, while they are also pushing for backdoors into private messengers?
I think that we should focus on the latter - privacy of private encrypted chats from Government scanning.
And not spend so much of our time worrying about Facebook targeting me with ads for iPhones, because they know I am in the markt for an iPhone. That's pretty meh.
I think that the "ad targeting privacy" discussion is a borderline red herring that is focusing the debate away from what matters. Giving the public a feeling that they achieved something, while violating privacy through the backdoor.
Keep in mind that this is also:
* "Companies are using your reading history to build a profile of you, including political stance, age, gender, location, religion, group affiliations, network of people you know" and a host of other things.
This data is then used to target ads and campains. This is no big deal if it's trying to push you to buy a bit more Mountain Dew, or to figure out that you can better the dental healt in Jefferson County, Idaho by showing up there in a van handing out free samples of toothpaste.
It is however a bigger deal when it's used to sway your opinions on political, legal and social matters by feeding you lies.
It's a deal when it's used by one country to target individuals in the neighbouring country to leak government secrets by pinpointing local groups and geographic areas where you have a good chance of recruiting such agents.
That's why certain countries, in this case Norway don't want this data under contrl of other governments, the U.S. in this case. (While Meta/Facebook owns this data, it's in effect under control of the U.S. government judicially)
... to then sell that profile to your government, legally.
The problem is that companies tracking your every move for the purpose of ad targeting means all that data is concentrated in a single place where the government (or another bad actor) can search through.
... And why do you immediately navigate to this dichotomy? What purpose does it serve? Does bifurcating the issue serve any purpose?
I can't read minds so I don't know why you in particular are doing it, but the general answer to that is that private interests have waged a decades-long propaganda campaign with the message that everything that the government does is automatically suspect and nefarious, while everything some private interest group is completely okay.
But this is a false choice: just say no to both groups violating your privacy.
It's used for political campaigns, and social manipulation. Governments can also compel the private company to reveal information they have about people.
This is the big deal.
Private companies collect data at volumes, and at levels of detail, that governments would never be allowed to do.
It's easier and cheaper to let the private folks do it, then buy it from them.
They are already doing this.
Would you trust the government with your voting preferences? Meta can know that with extremely high confidence based on the articles you read, people you follow etc. And while I'm not particularly trusting of the government, I'm even less trusting of zero-accountability, billionaire-led, Meta.
Imagine the potential for abuse if this data is in practice usable by large interest groups that want to strongly influence your behavior. Oh, wait a min! This data is usable today by these groups for ads targeting!
Yes. Because the line between companies and government is very thin. (government has access to those companie's data, more or less legaly).
Backdoors are from national governments (Macron in France, Sunak in UK). Privacy stuff is usually from the EU parliament, elected by people proportionally but cannot propose laws, only vote on them.
"""
The CLOUD Act primarily amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil
"""
Governments increasingly rely on the vast amounts of data stored by private companies to target specific people or groups of people.
This is politically incompetent. A politically competent person uses The System to fight The System.
You lobby your government to heavily fine companies for spying. You lobby companies for E2E encryption to stop government spying.
--- start quote ---
A surprising number (56%) also say they can share your information with the government or law enforcement in response to a “request.” Not a high bar court order, but something as easy as an “informal request.” Yikes -- that’s a very low bar!
...
Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.”
--- end quote ---
Let me reverse the question, why anyone is able to target me without me asking for it? why anyone is using my data to do anything without me getting any benefit from it?
If your issue is "I don't want to be on a government list" one part of the solution would be making sure there's no data to populate the list, and the other part is restricting anyone from assembling such a list. The former is what Norway is doing, but pretending only the latter needs to be addressed is ignoring human nature. "If you aggregate it, they will come".
Also they actually put tracking pixels everywhere following people even when they don't have an account on facebook, how I am supposed to protect myself from this scummy company if even when I don't have an account they profile me? Should I leave internet?
So, in other words, Meta is complaining that Datatilsynet moved fast and broke things. Interesting.
The GDPR became enforceable 5 years ago, and this is their core business. This does not concern some ambiguous edge case, it's essentially the fundamental reason the law exists. Either they've been willfully breaking the law for 5 years and the fact that they haven't been fined out of existence should be considered a blessing, or the company is so incompetent that its continued existence is an unacceptable risk to the world.
Global Consensus on these laws or a scanner app letting the startup owner know what you have unwillingly violated is highly wanted.
It only gets very complicated when you start forwarding that data to 3rd parties, intensively tracking + storing user behaviour and engineering patterns aimed at deceiving how you use the data.
If you're that worried about keeping up to date on these types of rules, you can subscribe to the EU data protection newsletter, which will be a fairly decent overview on what's going on: https://edps.europa.eu/press-publications/publications/newsl...
You don't have to worry about data laws unless you're trying to walk that line - and you should not. If you act reasonably and don't even attempt to track people unless they explicitly ask you to (which is what opt-in informed consent means) then you don't need to bother with the nuances. Megacorps are hiring privacy lawyers primarily because they want the lawyers to answer "what can we add/change to somehow keep doing this prohibited thing" instead of just stopping it.
When I hear from "unwillingly violated", most of the time it somehow comes from an organization blatantly and willingly violating the principles; indiscriminately harvesting data and basing their business model on that. Even for a startup, getting a quick 30 minute consultation on data privacy isn't a big deal, and compliance is trivial if you're willing to abandon prohibited ideas - GDPR compliance is primarily tricky for those who want to see what is the maximum amount of evil that is still legally permitted.
