Facebook aren't stupid while the EU probably is, it's not he transfer of data in question, as it is probably as secure as it can get, its when it gets stored on US Of A$$ servers is when your data becomes a free for all slurpfest and good luck getting EU laws upheld
Ireland unfriends Facebook: Oh Zucky Boy, the pipes, the pipes are closing…from glen to US, and through the EU-side
Facebook has been reportedly asked to stop sending data from Ireland to the US, on orders from the EU. This is according to a report from the Wall Street Journal, which said that Irish eyes won't be smiling come this Fall after a preliminary order to suspend data transfers to the US about its users was sent to Mark Zuckerberg' …
COMMENTS
-
-
-
Thursday 10th September 2020 15:31 GMT Woodnag
FB are pretending FISA 702 don't apply to them. It's called lying
EU data cannot be stored in US servers due to GDPR if the US gov can access it without any due process under 50 USC §1881a (FISA 702). Which is true for FB. So SCCs can't be used in this case either, because, again, the US gov can access it freely regardless.
https://noyb.eu/en/next-steps-users-faqs
-
Thursday 10th September 2020 17:52 GMT Woodnag
Ireland DPC
It's also interesting that the R. of I.'s DPC has been working closely with FB to avoid enforcing GDPR on FB. Even after this second judgement. Lots of detail on https://noyb.eu/en
Here's the letter from NOYB to Irish DPC after the DPC's recent prevarication:
https://noyb.eu/sites/default/files/2020-09/Letter%20to%20DPC_bk.pdf
-
Friday 11th September 2020 15:56 GMT JCitizen
Re: FB are pretending FISA 702 don't apply to them. It's called lying
I'm more worried about Google than FB; and I have one eye on the way MS has starting acting like Google too. However FB needs security settings that are tailored to EU rules so the individuals can select them, and it should be simple to do and transparent. For those that refuse to set privacy levels on FB, then who cares what happens to their data - they sure don't!
I also believe that FB should allow all users to set up under EU guide lines; that way if users feel they are getting better protection that way, then they can get it. I see no reason why FB couldn't still make enough money off their site that way. I see more ads than ever before they way they have it set up now. I've noticed they aren't as cagey as Google/AWS though - those two get deep in your knickers!
-
-
-
-
-
Thursday 10th September 2020 12:02 GMT Anonymous Coward
"does this prevent people accessing it from the US? "
Oh well, under the CLOUD Act a US judge can still ask access to those data.
The main difference if for Facebook itself. As long as the data are in EU, it's far easier for EU to enforce its rules like GDPR. When data are transferred outside, it would become much more difficult.
Data "published" by the users themselves for other to see can be obviously accessed.
-
-
-
Thursday 10th September 2020 17:00 GMT et tu, brute?
Re: "does this prevent people accessing it from the US? "
http://purl.org/nxg/note/singular-data
Bit of a read, but do yourself a favour and read it all...
Best argument is that you won't ask "How many data do you have?" (indicating plural) but you would ask "How much data do you have?" (indicating singular, i.e. a collective)
And let the down-votes roll in...
-
Friday 11th September 2020 09:05 GMT T. F. M. Reader
Re: "does this prevent people accessing it from the US? "
do yourself a favour and read it all
I did. I don't know who the author of that blog post is or whether he (is Norman the name?) is a world-renowned authority on linguistics, but I find many of the arguments there unconvincing. No downvotes for you, though - thanks for the link, even as I disagree with it.
It seems to me that the writer has his mind set on the non-scientific and non-technical use of the word data as generic "information" (mass singular noun - by the way, his usage of "massive singular" makes me doubt he is a linguistics expert). He is very far from thinking in terms of discrete measurements or data points - contexts where the notion of datum as singular and data as plural are common and standard. That's the only charitable explanation of "there's no such thing as 'datum'" and other unsupported statements that I can offer.
Maybe I am biased by my Ph.D. thesis on intergalactic medium, but to me that mass singular noun is further from the contemporary use of the corresponding plural in expressions like "mass media" or 'mainstream media" or "print media" than "datum" (that naturally corresponds to a data point, a result of measurement or observation) is from "data". It is natural to me to say or write "data were collected" in an academic paper or a technical report, but I won't be put off by a mainstream media article where a journalist will write "a lot of data was collected" - for the journalist this is equivalent to "a lot of information became available", only a bit more scientific-looking. The journalist or his readership won't care about individual recorded measurements, but the audience of a technical publication or document will. Members of the Commentariat often do, I suspect.
Major dictionaries (that should be regarded as sources of expert opinion on language), including Oxford, Cambridge, and Merriam-Webster, disagree with the blogger on all major counts. They all have entries for datum, they all list data as plural for datum, and they all say that both plural and mass singular usage of data are common and standard.
The Oxford's Lexico page (see link above) makes the same distinction between scientific and non-scientific use of data and I did above, while Merriam-Webster (again, see the link above) makes another relevant point:
"The plural construction is more common in print, evidently because the house style of several publishers mandates it."
-
-
Sunday 13th September 2020 23:27 GMT the Jim bloke
Re: "does this prevent people accessing it from the US? "
I work in an industry where "datum" is in common and regular use, whereas the Guardian and its style guide is about as relevant as pre-Assyrian religious practices.
The problem with the internet is that it expands the reach and influence of stupid people.
-
-
-
This post has been deleted by its author
-
-
Thursday 10th September 2020 21:23 GMT Strahd Ivarius
Re: is remote access allowed?
As long as Facebook is a US based company it is compelled under the CLOUD act to give access to any data it controls.
The location of the data is irrelevant.
To comply with the GDPR, US companies should be subsidiaries of a company legally based outside of the USA that has another subsidiary managing European users data.
-
-
-
Thursday 10th September 2020 12:42 GMT tiggity
Re: About time too
That assumes you socialise with people on FB ....
None of my close friends on FB.
I know people who are, difficult to avoid knowing some FB users with high levels of FB usage around, but the FB users are more distant friends who do not know minutiae of my life (none of the FB users even know where I live as people I only meet meet socially, outside the home) - and with COVID restrictions the FB users know nothing about what I have been doing the last few months as been unable to meet with them).
-
Thursday 10th September 2020 12:55 GMT Peter Gathercole
Re: About time too
I was particularly annoyed when the umbrella company I use outsourced the authentication of their web portal to Facebook.
What this means is that I have another Facebook account (besides the bare account I keep to allow me to access services from companies that think FB is the only way to interact with their customers on the Internet) that I know very little about. I don't know exactly what is stored under it. I'm also a little uncertain about how outsourcing the authentication to a third party actually fits in to GPDR, and I don't remember explicitly agreeing to have the data transferred to FB, and I normally read the T&Cs (difficult when they're so long and boring) when I'm asked to. Maybe I should put a data protection request in to see.
-
Thursday 10th September 2020 13:57 GMT iron
Re: About time too
Companies who think Facebook is the only way to interact with their customers on the Internet do not recieve my business. I do not open accounts on sites that insist on Facebook login and I close them if a site announces they will change to Facebook login (or I would if it happened, never seen it so far).
Undoubtedly Facebook have the usual shadow profile for me but there isn't much you can do about that apart from block their cookies, tracking code and "like" tracking buttons, which I have always done.
-
Friday 11th September 2020 06:09 GMT AK565
Re: About time too
At this point I don't think I actively refuse to engage with entities that insist on FB log-in. I suspect I just ignore them without the FB log-in consciously registering as the reason.
Mozilla have come out with a FB "bucket" that supposedly markedly reduces the amount of data FB can slurp without your permission. I haven't had the chance to check it out but wonder if there's any truth to the claim.
-
-
-
-
Friday 11th September 2020 11:20 GMT Outski
Re: About time too
When I was contracting back in 2014 (how TF does 2014 now merit a 'back in', FFS?), I went with an umbrella rather than my own, because I neededverified income statements for MrsO's visa application, and for self-employed, that required 18 months of accounts. I wasn't prepared to wait that long.
-
Tuesday 15th September 2020 11:47 GMT Peter Gathercole
Re: About time too @Doctor Syntax
I'm a good IT contractor. I'm a lousy company administrator and director, as was proved by the 10+ years of trying and getting fined regularly by the Revenue and previously Customs for filing my returns late (I know, you can now find big panel accountants who will do most of the work, but that hasn't always been the case).
But around 10 years ago, I found that I could forego the marginal tax and NI savings (I was actually opposed to tax avoidance measures anyway, which is why my accountants didn't like me), and found it was just easier to be the employee of an umbrella. I'm a cop-out contractor, I know. My decision.
And now, with IR35 looming again, I'm smiling inwardly at the predicament of all of the contractors I know whose anxiety is ramping up again pending next April. I've already seen many friends leave contracts that they could have extended because they're so worried about what the Revenue will do, and the way that the IR35 change was crassly delayed last March was a joke.
-
-
-
-
Thursday 10th September 2020 13:20 GMT Wellyboot
Re: About time too
Creating third party personal profiles from the data trawled from existing account holders is illegal under GDPR unless I've misunderstood some of the 'allowed' reasons for holding information.
On the other hand, generating a detailed profile from the slurped contact list as soon as an account is created can be completed before the newby user has finished filling in actual details.
-
-
-
-
Thursday 10th September 2020 13:35 GMT Anonymous Coward
I sometimes wonder if the "solution" for companies like Facebook/Google/etc wrt EU regulation would be for them to announce that as they have no desire to breach EU law then they will be temporarily be suspend all access from the EU while they review their ability to work in the EU "under the current regulations" ... I'm sure that after a few days (probably more likely hours or minutes) of the general population being deprived of their
bread and circusesFB/IG/WhatsApp/etc fixes there'd be huge demands for politicians to "sort it out so we get our FB back". (Note that I as a long time FB-refusenik would care)-
Thursday 10th September 2020 13:40 GMT theOtherJT
I really hope that actually happens. I'd enjoy the few days of peace where I don't have to check the thing in case someone has decided that for some reason it's better to message me through that abomination than just fucking call or text me and ask if I want to get a beer tonight.
I really want rid of the thing, but it's almost the only way a large number of people I know chose to communicate for some reason.
-
Thursday 10th September 2020 17:11 GMT Doctor Syntax
"I really want rid of the thing, but it's almost the only way a large number of people I know chose to communicate for some reason."
Just do it. Tell your "friends" our phone number and/or email address as you prefer. That way you find out who your friends rally are and those who aren't can be dumped along with FB.
-
-
Saturday 12th September 2020 00:39 GMT John Brown (no body)
Re: @AC
"It worked with google news and a couple of EU countries who tried to make google pay the news providers. Situation going back to before when the news sites rapidly lost viewings."
That was a deliberate policy of de-listing by Google et al to make a point and try to stop a precedent being set. It was blackmail by Google et al. "Nice news site you have there. It'd be a shame if no one could find it"
-
Saturday 12th September 2020 17:17 GMT codejunky
Re: @AC
@John Brown (no body)
"That was a deliberate policy of de-listing by Google et al to make a point and try to stop a precedent being set"
Yes. Google did the right thing. Web crawlers read the robots.txt to read the instructions of where to index. The news providers got greedy and made demands of payment while also expecting google to shove readers their way. Google was in the right.
"It was blackmail by Google et al"
Kind of. If it is blackmail for Google to only provide its service to those who want it.
-
-
-
Thursday 10th September 2020 15:18 GMT Len
The problem is that that is not a very attractive proposition for those companies. Europe is easily the largest wealthy market in the world. Quite a few US tech firms make more money in Europe than in their domestic market. Even the poorest country in the EU has a considerably higher average salary than China. Blocking European users would have tremendous implications for their revenues.
On top of that they run the risk (just like blocking the use of Android by Huawei) that it could form the catalyst for a European homegrown alternative to make inroads. Facebook is big and unavoidable but so was MySpace until they went from insurmountable to irrelevant within perhaps 18 months.
-
Friday 11th September 2020 06:21 GMT AK565
Frankly, I'm curious as to how so many people have the discretionary time and energy to spend on FB. Since Covid19 hit 90% of my time has been spent on keeping afloat financially. It literally took until a few hour's ago to sort that all out. I anticipate having some discretionary time in the very near future and I'll certainly not be spending it on FB.
-
Tuesday 15th September 2020 12:06 GMT Anonymous Coward
@AK565
It depends on what you do.
A significant number of people have been twiddling their thumbs (with the proviso of educating/entertaining their kids) on paid furlough in the UK over the last 5 months. These people are fortunate to have had much of this time to do what they wanted.
I'm actually quite jealous of these people in some ways. I've been stuck at home struggling to find ways to do my work remotely, working on a cramped desk with much poorer access to the systems I support, for the same hours as I did when I was actually at work. And all the time, finding that the family demands on my time have increased because I'm actually more available to them. Swings and roundabouts, I know, but being home all the time has had it's drawbacks.
I sympathize with people who cannot work from home and are not eligible for the income supporting measures rolled out by the governments. There have been huge cracks in the system, particularly for the recently self-employed (I would have been there if where I work had decided I was not essential to keep me working), but there are people who have come out of this quite well, at least as far as spare time is concerned.
-
-
-
Thursday 10th September 2020 14:05 GMT big_D
SCCs
While last July's ruling did not strike down the Standard Contractual Clauses (SCCs) used as opt-outs by many companies, it seems likely that will come under the gaze of the courts before long.
As SCCs work on the same basis as Privacy Shield - the promise not to hand the data over to third parties, including the government, without a valid warrant (i.e. no FISA, Patriot Act or NSA letter interference), I don't see how SCCs have a leg to stand on.
-
-
Thursday 10th September 2020 17:21 GMT Yet Another Anonymous coward
Re: SCCs
>without a valid warrant (i.e. no FISA, Patriot Act or NSA letter interference),
Until the men in suits with dark glasses tell you that the super security act letter is a valid warrant.
Since you have total trust in your own governments legality and the supreme court and attorney-general you believe them and hand over the data.
-
-
Friday 11th September 2020 16:23 GMT Doctor Syntax
Re: SCCs
It's a valid warrant in the US. That makes it impossible for US-based FB to be able to perform the SCCs. That makes the SCCs worthless in the EU. If they want to comply with GDPR they need to ensure any PII is held securely outside the grasp or the USl. If they don't want to do that then it's time to start fining them. Actions speak louder than words; no amount of waffle about how much they want to makes any difference at al
-
-
-
-
-
Friday 11th September 2020 01:21 GMT Woodnag
NSLs
Nope. Nothing to do with NSLs, because they are an individualised legal warrant. Abused, sure...
From https://noyb.eu/en/next-steps-users-faqs :
...companies that fall under a US “mass surveillance” law can no longer use the SCCs . This is because the SCCs cannot override US law.
Transfers to US companies that fall under a US “mass surveillance” law like FISA 702 (also called 50 USC §1881a) are usually illegal. The companies that cannot rely on them are the so-called “electronic communication service providers”. This is a broad term under US law and covers most IT and cloud providers.
Examples of these providers include AT&T, Amazon (AWS), Apple, Cloudflare, Dropbox, Facebook, Google, Microsoft, Verizon Media (known as Oath & Yahoo) or Verizon. The links of each of the companies will take you to their transparency reports that tell you how often they were subject to US government data access requests.
-
-
-
-
-
Thursday 10th September 2020 14:58 GMT codejunky
Re: Wouldn’t it be better if the US adopted GDPR?
@A random security guy
"Wouldn’t it be better if the US adopted GDPR?"
Not really. There is a reason the EU is an attempt to create a federalised system, and their GPS desires, and their EU military dreams, and their envy that the US can make globally successful tech companies.
The US shouldnt try to become what the copycat is. Better to be the VW golf than something that tries to be (VW golf advert in the UK).
-
Friday 11th September 2020 06:10 GMT DF118
Re: Wouldn’t it be better if the US adopted GDPR?
I do love it when foam-mouthed Brexiters throw up that "EU armed forces" bollocks.
Even if it did happen I'd have welcomed it. Not because it'd be any less infested with corrupt, venal arms dealers than the UK has now, but because it'd at least give our home grown shysters, tax vampires, pocket-dwelling politicians and regime-enablers a good hard poke right up the jacksie.
-
Friday 11th September 2020 11:52 GMT codejunky
Re: Wouldn’t it be better if the US adopted GDPR?
@DF118
"I do love it when foam-mouthed Brexiters throw up that "EU armed forces" bollocks."
Oh no. Please dont tell me your one of those people who support the EU but havnt a clue? At what point do you think it is bollocks? You didnt miss them trying to explain it would be to complement NATO instead of a replacement while Trump was trying to get Europe to pay for some of its security?
-
Saturday 12th September 2020 18:01 GMT Anonymous Coward
Re: Wouldn’t it be better if the US adopted GDPR?
You must be a troll. Why else would you be so brazen as to accuse *remainers* of not having a clue about how the EU works?!
Why are you so scared of an EU army? That's the bollocks being talked about.
Even when we were in the EU, there would have been no requirement to join in. We've always had 100% control of our armed forces. There was never anything the EU could do to make us join such an army, or alter our armed services in any way.
Anyway, with NATO on dodgy ground, it may be a good idea - better than loads of small individual forces.
Why are you so scared of an EU army? Surely you don't believe the bollocks about it printed in the tabloids?
By the way, as someone so scared, you should have wanted to remain within the EU. Now there will be nothing stopping those pesky foreigners from coming here and stealing our cheddar!
-
Saturday 12th September 2020 19:07 GMT codejunky
Re: Wouldn’t it be better if the US adopted GDPR?
@AC
"You must be a troll. Why else would you be so brazen as to accuse *remainers* of not having a clue about how the EU works?!"
I didnt. I asked if he is one of those remainers who doesnt have a clue. Not having a clue being a subset of the group not a general statement of remainers. And thats why I asked which bit about an EU army he considered bollocks. Because some people dont seem to realise the EU is and has been strongly considering creating it.
"Why are you so scared of an EU army? That's the bollocks being talked about."
Are you DF118? If so why the AC? Of not then who are you to tell me what he thinks? Hopefully he does know of the EU's desire to make an army and considers something specific to be bollocks. But until he explains what he thinks is bollocks I can only assume the usual 'the EU army idea isnt real'.
"Even when we were in the EU, there would have been no requirement to join in. We've always had 100% control of our armed forces."
I didnt even think we would. It would be our money funding it as one of the few net contributors.
"Anyway, with NATO on dodgy ground, it may be a good idea - better than loads of small individual forces."
And that is just wrong. NATO isnt an army, its an agreement that an attack on one is an attack on all. Who will the EU army be loyal to? How will it be directed (majority member votes? With veto?)? What happens when the army has to be deployed against a member country or if member countries disagree with a course of action?
Things get much more complicated when its an actual army instead of a joint defensive agreement.
"By the way, as someone so scared, you should have wanted to remain within the EU. Now there will be nothing stopping those pesky foreigners from coming here and stealing our cheddar!"
You mention scared a few times. Not sure why. Thinking its a dumb idea is different to being scared. As I already mentioned, a lot of these European countries struggle to meet NATO spending on their forces. Now they want to make another money hole.
-
-
-
-
-
Thursday 10th September 2020 14:43 GMT msknight
Ummm...
"Facebook has been working hard to follow the steps set out by the Court to ensure that we can continue to transfer data in a safe and secure way,""
From what I read... it isn't down to the safety and security of the data they're transfering... it's the fact that they're transferring it in the first place.
... at least, that's how I read it.
-
Thursday 10th September 2020 16:04 GMT Tom 38
Re: Ummm...
I think you've misunderstood what he's saying (or perhaps Clegg has inadvertently said what he means) - they aren't worried about the safety of the data being transferred, they are worried about the safety of their money whilst they transfer data. "we're going to keep transferring data, and we're working on legal arguments so we can't be fined for doing so".
-
-
Thursday 10th September 2020 16:31 GMT Pascal Monett
"Facebook has been working hard"
Somehow, that sentence does not sound credible. The only thing FaceBook works hard at is hoovering every snippet of data it can about anybody who is so much as mentioned on its pages.
For the rest, FaceBook has lawyers who's only job is to pretend to care about user privacy to make things look good in the public eye.
-
Thursday 10th September 2020 17:05 GMT fidodogbreath
ensuring that we have robust safeguards in place, such as industry standard encryption and security measures
That's fine for protecting data from hackers. The only ways to protect your data from Facebook itself and its advertising customers are (a) don't use FB, and (b) run ad blockers on all devices to filter out all FB-related cookies and domains.
-
Friday 11th September 2020 00:07 GMT MarkSitkowski
Why is this different...?
"Like many other businesses, Facebook relies on SCCs to transfer data to countries outside the EU, including to the United States..."
For 'EU' read 'United States' and for 'United States', read 'China'.
Am I missing something, or shouldn't Trump be calling this 'spying'?