this post was submitted on 04 Jul 2023
119 points (100.0% liked)

Technology

29 readers
2 users here now

This magazine is dedicated to discussions on the latest developments, trends, and innovations in the world of technology. Whether you are a tech enthusiast, a developer, or simply curious about the latest gadgets and software, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as artificial intelligence, robotics, cloud computing, cybersecurity, and more. From the impact of technology on society to the ethical considerations of new technologies, this category covers a wide range of topics related to technology. Join the conversation and let's explore the ever-evolving world of technology together!

founded 2 years ago
 

Meta/Facebook's approach to GDPR compliance is largely insufficient, according to a new ruling by the Court of Justice of the European Union.

"Meta cannot simply bypass the GDPR with some paragraphs in its legal documents. This will mean that Meta has to seek proper consent and cannot use its dominant position to force people to agree to things they don't want."

you are viewing a single comment's thread
view the rest of the comments
[–] sab@kbin.social 8 points 1 year ago* (last edited 1 year ago)

Sorry about that - GDPR is short for General Data Protection Regulation, and it's basically an EU regulation determining what businesses are allowed to do with the data of their users.

What businesses are allowed to do with user data boils down to pretty much nothing without consent: Individuals need to have control over their data and have it removed if they feel like it, you can't just ship user data out of the EU just like that, you can't store user data without explicit consent, etc. It caused a huge shock in European industry when it was first passed, as basically not a single company was meeting the standards of what we now refer to as being GDPR compliant. I had a friend working in some random flower shop who got a bunch of extra work because their repeat customer programme was suddenly becoming illegal.

The case before the CJEU - the Court of Justice of the European Union - revolved around the terms and conditions of Facebook. Meta did not want to conventionally comply with GDPR because it turns out users will generally refuse to give consent if you go ahead and ask them. Insted they came up with a dumb loophole: the ads were framed as part of their service, and their terms of service obliged Facebook to serve people ads that would otherwise have been in breach with GDPR.

Predictably, the European court was not convinced by their "loophole", and basically ruled that Meta has to comply with GDPR like anyone else.

I hope that clarified a little! :)