back to article Facebook puts 1.5bn users on a boat from Ireland to California

Facebook is quietly changing its terms of service to shift 1.5 billion users away from Europe to the US while continuing to claim it wants to offer greater privacy protections. The change covers 70 per cent of its users – based in Africa, Asia, Australasia and Latin/South America – and effectively removes legal protections …

  1. Anonymous Coward
    Anonymous Coward

    It goes from bad to worse.

    I think this move should be tested in the courts.

    Never had anything to do with FB so I'm out but there could be one hell of a class action law suit that will (I hope) name Zuck personally.

    I hope that FB gets well and truly shafted by this move.

    1. Ken Hagan Gold badge

      Re: It goes from bad to worse.

      If I'm reading the article correctly, neither US nor EU users are affected by the move, so it is difficult for me to see who would actually be suing and in which jurisdiction they think they'd have any kind of standing.

      1. veti Silver badge

        Re: It goes from bad to worse.

        @Ken Hagan: An Australian Facebook user would be having their data moved, and they could try making their case against Facebook Ireland.

        Not sure how far they'd get, but I don't see why they shouldn't have standing.

        1. big_D Silver badge

          Re: It goes from bad to worse.

          @veti

          on what grounds? If he is Australian, he doesn't fall under GDPR anyway, so it should be "irrelevant", where his data is stored.

          1. Anonymous Coward
            Anonymous Coward

            Re: It goes from bad to worse.

            And if he is an Australian living in Europe?

      2. fuzzie

        Re: It goes from bad to worse.

        Sadly the "rest of the world" tends to be ignored by these multinationals. South Africa its own Protection of Personal Information Act. The right to Privacy is in the constitution's Bill of Rights. In some aspects POPI is more comprehensive than GDPR. I bet facebook will be wiping themselves off it.

        Typically, the local offices are carefully at arm's length from the mothership so they're tricky to bring to book. We desperately need a more universal/coordinated approach to dealing with these super multinationals. Only the truly large markets, i.e. US, EU, CN, today have the clout (any some don't have the political will) to take them on

        An FYI on POPI: https://www.miltons.law.za/a-summary-of-popi-the-protection-of-personal-information-act-act-no-4-of-2013/

    2. This post has been deleted by its author

      1. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble?

        Re: It goes from bad to worse.

        @Shadmeister

        "Facebook have shown their true colours that they do not actually care about the peoples privacy.

        Whilst I agree with your point in principal, I have to take issue with this. Facebook very much do care, in the same way a pig farmer cares about bacon. If the EU told farmers that they were allowed to keep pigs but couldn't kill and butcher them, pig farmers would desperately trying to find ways to protect their investment, while issuing statements about how much they care for pigs and their right to keep their skin on. This is exactly what Facebook are doing.

        PS: Yes, I'm likening Facebook users to farm animals

        PPS: No, I'm not vegetarian. Bacon is awesome.

        PPPS: Zuckerberg is an unscrupulous lying shyster who would sell his own mother for a buck.

        1. The Boojum

          Re: It goes from bad to worse.

          To properly complete your PPPS:

          ... organ by organ. To the Butcher.

          Correction. Did sell.

          Credit : Andy Hamilton, 'Old Harry's Game'.

      2. MachDiamond Silver badge

        Re: It goes from bad to worse.

        "No one should be surprised at this move. It is just like a tax evasion strategy."

        You are confusing tax "evasion" with tax "avoidance". The latter is perfectly legal and proper for a publicly traded corporation. If you don't think that companies are paying a fair tax in your country, you need to petition your elected representatives to change the laws so they have to.

    3. Anonymous Coward
      Anonymous Coward

      'I think this move should be tested in the courts.'

      Wake up Neo! We haven't even had a definitive ruling on all the ongoing past Schrems cases yet... By the time this is tested, everyone everywhere will have been slurped to death! Its not like Big-Data ever forgets either! Part of the problem is Ireland is deeply complicit. Its been acting as a buffer between US tech giants for years. Its an open secret, Irish politicians are in on it:

      https://www.irishtimes.com/business/technology/privacy-rights-it-s-natural-facebook-would-choose-ireland-1.3400531

      https://qz.com/993995/how-facebooks-fb-sheryl-sandberg-personally-lobbied-irish-prime-minister-enda-kenny-as-shown-by-2014-emails-published-in-the-irish-independent/

    4. big_D Silver badge

      Re: It goes from bad to worse.

      And even their excuses for moving the data.

      It is irrelevant, where the data is stored (for non-European citizens). If the data is held on servers in the EU or the USA, it is the user's local data protection laws that are in effect. A user in China or Africa cannot claim EU GDPR rules, just because their data is held in Europe.

      Likewise, a European user doesn't lose his GDPR rights, just because the data is held off-shore. In fact, if the EU user's data is moved to a country with a lower level of data protection, he has the right to sue. The USA sort of has Privacy Shield, which is currently being tested by Schrems, as to whether it has any legal substance.

      1. Pseu Donyme

        Re: It goes from bad to worse.

        >A user in China or Africa cannot claim EU GDPR rules, just because their data is held in Europe.

        Actually, I'm not sure of that: as long as the 'processing' in the sense of GDPR (including merely storing it) physically happens in EU it would seem that an EU country has jurisdiction, while the user's country outside the EU would have jurisdiction as well as there in an effect on a user in their jurisdiction - these are not mutually exclusive, but Facebook must abide by both legal regimes. Usually this means going by what is more restrictive for Facebook. If, however, there is no way operate in two jurisdictions without breaking the law in one, then it would seem that Facebook needs to make a choice as to where it wants to do business.

        Moreover, regardless where the data is 'processed', the users outside the EU who currently have a contract with Facebook Ireland would seem to have a right to be treated in a way compliant with the GDPR (or the pre-existing data EU data protection regime) on the basis of Facebook Ireland being an legal entity within the EU. Actually, since this effectively means moving vast amounts of data from the EU I'm not so sure this legal as moving data outside of the EU is restricted under the current rules. As the data is going to the US I suppose Facebook could point to Privacy Shield for now, but then it would seem that this will eventually unravel as it is not substantially better than Safe Harbour was.

    5. Anonymous Coward
      Anonymous Coward

      Very entertaining : )

      LOL!!! I knew he would try to slip and slide like the snake. (no offense to the snakes) I have been following his lies through congress and everywhere. It is almost like as Facebook Turns, the Soap Opera of the Mark Zuckerberg slime ball! : ) (No offense to any free roaming slime out there and no offense to balls)

      Once in a while fakebook locks someone out just to get their driver's license or their Social. A guy I know got locked out and he said they can keep it.

      Seriously, why people do it? I just don't get it. Are the masses that weak minded? I know tons of people and most of them don't have facebook or tweeter.

      I don't blame him at all. I was expecting the next chess move. If he don't have data to sell, Facebook sinks. Every man, woman and child is that man's crispy fry bacon. If you want facebook stop fighting the man, be aware you are the commodity. Without your private info, Facebook will not exist.

      Is like watching one of those cartoons weasels trying to work its magic. ::sits back:: grabs popcorn::

    6. MachDiamond Silver badge

      Re: It goes from bad to worse.

      Isn't there something in the Terms of Service that obligates users to use arbitration and foreswear class action suits?

  2. ma1010

    Maybe true

    It's almost as if the company is worried that if it was completely honest about what it does with its users information they would leave the service in droves.

    If most people bothered to LOOK at the information that's out there - really, we all pretty much know what F*book does with people's data - sell anything they can get or infer about you to anyone at all with bugger all limits. I'm not on F*book myself, but I think anyone who can think critically and hasn't been living in a sealed bunker for the last couple of months is, at a minimum, looking into locking down whatever they can to keep their information private OR realizing that the "free" service F*book offers isn't worth its cost in lost privacy.

    However, of the overall population of F*book users, how many think critically in the first place? I don't know, but I somehow doubt that Zuckerberg will be losing all that many suckers, even among those outside Europe's GDPR protection zone who should be afraid - very afraid - of what is happening to their data.

    1. Anonymous Coward
      Anonymous Coward

      'I'm not on F*book myself,'

      Unless you're from China / Amazonian tribe, you're probably on there! They may not know your name but just using association / location, they can tokenise you into a 'Lookalikes group'.

      Anyone whose ever been at a busy Tourist site, or even just in the background at a birthday party, has probably had their image uploaded to Facebook already. Its just a question of, has Facebook managed to connect-the-dots with its other data-sets.

      Consider this: Firms upload their entire CRM data to FB. Ever got a car quote? Bam! Credit card / loan, or cross paths with credit-data-broker? Bam! Supermarket / Cinema loyalty card? Bam!

      Facebook also slurped users Android messages and texts, and it actively dupes users into uploading phonebooks with contact numbers / emails. So you can't be remotely sure you're not on there. The next question is, how exposed are you really?

      There's no way to know that, because Facebook never added a Download-Data option for Non-Users. Even if you use Adblockers, Data-Sharing still goes on Server-Side... Often occurs during flight / hotel bookings. Nice clean accurate data!

    2. Anonymous Coward
      Anonymous Coward

      Re: Maybe true

      "we all pretty much know what F*book does with people's data"

      Quite. I'm not sure why people pour their data into a service, then complains that the service is storing and/or using their data.

      But to be honest, I don't think it's Facebook users complaining about it.

  3. Anonymous Coward
    Anonymous Coward

    GDPR is a 'pretend firewall' and is probably unworkable.

    What's the odds millions of Europeans find out in 5-10 years that a mistake was made? - Did Zuck offer to add a special icon to the Activity Log icon that confirms GDPR rules apply? Google had to abandon Gmail slurp because of this kind of ambiguity. It was hurting cloud sales, as Corporate customers didn't trust the sociopaths at Google to not spy on them.

    One month to go....Zero clarification...Where is the answer to this:

    If you travel overseas for work, or log-in on holiday, what happens to your Facebook data then? (What even ties a user to Europe and GDPR etc)...

    What criteria is used by Facebook to decide whether EU / non-EU data-rape rules apply: The location you set in your profile.. The Geo-IP location where the account was originally opened.. The location where the account was principally accessed in the past 12 months.. The location of the majority of your friends etc.. One-month to GDPR, how will this work?

    One thing is certain, the Irish DPC (OPDC) is too busy being complicit to answer any of these questions. If you ask, Helen's Dixon's office will just refer you back to Facebook. Jobs for the lads in Ireland and artificial GDP numbers, mean Politicians always look the other way. Wake up EU leaders!

    1. Anonymous Coward
      Anonymous Coward

      Plus if you use Tor / VPN to access Facebook...

      What Privacy Rules apply then?

    2. Anonymous Coward
      Anonymous Coward

      Who 100% trusts American Firms to know which countries are European?

      Sorry, but historically Americans don't have a stellar record of knowing which countries are where. It can even be confusing for Europeans. So lets wait for the empty apology from Zuk: 'Sorry we slurped you, because we didn't know The-EU was Europe':

      Slovenia, Slovakia, and the constant confusion between the two

      http://www.bbc.co.uk/news/world-europe-43419675

      1. veti Silver badge

        Re: Who 100% trusts American Firms to know which countries are European?

        Since Slovenia and Slovakia are both in the EU, it doesn't much matter...

        I've never opened a Facebook account, but I assume it asks you what country you're living in (if not your whole street address). And I would also assume that's a lookup table thingy, you can't just type "the Moon" or something. So further looking up who is and isn't in the EU can't be all that hard.

        1. Anonymous Coward
          Anonymous Coward

          'I've never opened a Facebook account, but I assume'

          Assumption is the mother of all fuckups! Facebook didn't force an address or country when I signed up, although it will pester you to complete the profile... However, there needs to be a GDPR icon or something, because while we know those countries are in the EU, a conniving marketer like Zuk may pretend he doesn't! But he'll say sorry later for slurping, so that's ok, right???

          1. MachDiamond Silver badge

            Re: 'I've never opened a Facebook account, but I assume'

            "What criteria is used by Facebook to decide whether EU / non-EU data-rape rules apply:"

            If you think that FB doesn't have your address, phone number(s) and underwear size (and if you regularly wear any), you are deluded. Getting you to give them as much data as possible just makes their life a tiny bit easier and might avoid some errors, but they'll have you taped shortly anyway.

            There is a great story from an attorney that regularly appears on 2600's "Off the Hook" radio program. He doesn't maintain a FB account, but creates a fake one from time to time with a disposable email account to look up information for a case. The creepy thing is that as soon as the account is active, FB suggests "friends" he might know and a fair number of them are indeed people that he knows. Chances may be good that FB has sprinkled some magic pixie dust on the computer he uses so they'll know who he is if he ever creates an account.

            Be afraid.

    3. MachDiamond Silver badge

      Re: GDPR is a 'pretend firewall' and is probably unworkable.

      "What criteria is used by Facebook to decide whether EU / non-EU data-rape rules apply:"

      Your home address. If you are in Europe, you are logging in with the account you created and accessing the data center that stores and process data about you. Some information may be accessed from the center in another country or region, but you are subject to the guidelines in your home country. I expect that FB transferring non-EU customer data out of Ireland to add a layer of protection from them having to comply with EU law over accounts of non-EU citizens. They will still have an administrative presence in Ireland so they can continue to shift profits there to avoid higher taxes in the US and elsewhere.

  4. ade328

    Time to change the model... 18 months window before decline sets in!

    Facebook have not understood the GDPR regulations 100%. Moving the 1.5B non EU users has absolutely no impact - GDPR only enforces compliance on information held by EU 'data subjects'. Assuming the remaining 700 Million or so remaining (2.2B user base 2017) users are covered by the new rules - Facebook is obliged to delete or modify personal data on request - the terms of use are not perpetual!

    So the next question, will a large majority of EU based 'Data Subjects' request personal data be deleted ? Will all the non Facebook users request all 'ghost profile' data be deleted? The second set of users is likely to dwarf the 700M regular accounts... What affect will that have on Facebook advert revenues?

    Change to a subscription model Facebook, protect users data, broker consensual sharing or even selling of data - adopt a new model to survive.

    1. JohnFen

      Re: Time to change the model... 18 months window before decline sets in!

      "Change to a subscription model Facebook"

      Changing to a subscription model won't fix a thing. Even with such a model, there's no way Facebook would stop with it's spying ways.

  5. The Nazz

    Just out of interest ..

    how frequently can/should /will Faecesbook be fined this 4%?

    Anyone care to guess what, say 200m Europeans at 4% each amounts to?

    And presumably, any other party making use of such illicit info, say the ad agencies, will also be fined 4% of their own turnover?

  6. Mark 85
    Holmes

    It's almost as if the company is worried that if it was completely honest about what it does with its users information they would leave the service in droves.

    One might hope that is true (See icon...) but there are too many users who just don't seem to care. Hopefully, there's a wake-up call coming.

    1. Pseu Donyme

      > ... too many users who just don't seem to care.

      Because they have no idea there is an issue, never mind knowing what it might be (?).

  7. Anonymous Coward
    Anonymous Coward

    The thing's hollow...

    "... it goes on forever, and, oh my god! it's full of SHIT!"

  8. KSM-AZ

    Bunch of Crap... GDPR bah.

    GDPR is vague shitty cruft. A hammer on a thumbtack. Facebook the company did not post pictures of your house, car, dog, cat, kids, and all your recent photos, trip itenerary, when you are not going to be home so it can be robbed. Your diatribe against bank that bounced your check, your wonderful investments with Schwab, or ...

    But darnit if someone figures out from your posts that your bank account is vulnerable and uses that information to steal it, we are going to throw Mr Z in jail and take all his money damnit!.....

    No wait, the lawyers get the money, but that's fine as long as he gets the shaft!

    Uh huh, totally sane.

    1. JohnFen

      Re: Bunch of Crap... GDPR bah.

      Since you clearly don't view the GDPR as being helpful to protect people against abuse, do you have any ideas of what a proper solution would look like? Because, right now, the GDPR -- for all its flaws -- appears to be the only one in the offing. We desperately need something like that here in the US.

  9. KSM-AZ

    GDPR / Litigation

    But never fear. *ALL* lawyers including the ones doing our audit are complaining about it all the way to bank as they cash each check. Oh yes we are "protecting" all these people! That was 10 more hours, $4000 please.

  10. JeffyPoooh
    Pint

    Multinational RAID 5

    Smear the data across a dozen jurisdictions. Hash it up so that even 80% of it is still unintelligible.

    Until that final warrant from the King of eSwatini comes through, it's just not readable.

  11. Joe Werner Silver badge

    Opt-out vs. opt-in

    My understanding (mostly form ElReg articles, to be honest) is that under GDPR you actively have to opt in. A pre-checked box is not ok, and the wading-through-settings shite (as with the google "privacy" settings, which I seem to have to click though once per month) is at least against the intent of the law. Hope this gets tried, but I'm not holding my breath. Shooting down "privacy shield" is probably more worthwile...

    And "privacy shield" is a bit like "democratic people's republic"...

    (old joke: what's the difference between a democratic republic and republic? Same as straightjacket and jacket.)

    1. Chloe Cresswell Silver badge

      Re: Opt-out vs. opt-in

      Instantly thought of...

      Sir Humphrey Appleby:

      East Yemen, isn't that a democracy?

      Sir Richard Wharton:

      Its full name is the Peoples' Democratic Republic of East Yemen.

      Sir Humphrey Appleby:

      Ah I see, so it's a communist dictatorship.

    2. Herring`

      Re: Opt-out vs. opt-in

      My understanding (mostly form ElReg articles, to be honest) is that under GDPR you actively have to opt in. A pre-checked box is not ok,

      Yes, that's correct. Consent has to be freely given and what your data will be used for must be presented in a clear an unambiguous form. As it stands, Facebook are just lining themselves up for massive fines.

  12. Dodgy Geezer Silver badge

    Nonsense!

    ...It's almost as if the company is worried that if it was completely honest about what it does with its users information they would leave the service in droves.....

    Why should they? Just tell the sheep it's for their own good. Tell them anything - they'll believe you.

    If you really run into problems, fund politicians who won't rock teh boat so much...

  13. Anonymous Coward
    Anonymous Coward

    Farcebook

    is nothing more than a "fad".

    It will not last. People will get bored / wise and slowly it will implode.

    It may take a good few years whilst the sheeple wise up but it will happen.

    1. strum

      Re: Farcebook

      >is nothing more than a "fad".

      Don't kid yourself. Previous internet enterprises may have been passing fads, but that doesn't mean that FB will fade out.

      A combination of timing and scale means that FB will be in position to beat off any challenge (copy key functions or simply acquire the company). It may also be big enough to buy politicians, to avert any legislation it doesn't like.

      A lot of people thought the telephone was a fad. TV, too. And the WWW, I seem to remember.

      1. Pseu Donyme

        Re: Farcebook

        Also, Facebook is in a business, which is a natural monopoly due to the network effect i.e. a service like it is more valuable to its users the more users it has (like a telephone network where the one with more subscribers is the more useful one): there is a positive feedback loop luring more users (from other similar services) to the biggest one until there is no competition to speak of. This not only means that the first provider to get beyond some critical size is likely to become a de facto monopoly, but also that it is practically impossible to outcompete the monopolist after this. Also the monopolist, as in here, tends to be in a position to buy out or otherwise neutralize anyone who might try, just in case.

      2. JohnFen

        Re: Farcebook

        "A lot of people thought the telephone was a fad. TV, too."

        And MySpace.

        Oh, wait...

  14. walatam

    privacy protections

    "applies the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland."

    Yes, I am sure they do this. They are not saying that they will provide strong protections and they will continue to apply the protections that are right for Facebook. If the end user benefits then that is a side-effect, nothing more.

    1. really_adf

      Re: privacy protections

      Not just me who noticed that interpretation was perfectly valid, then.

  15. GrapeBunch

    Cheery heering

    So, if you're Australian and you want GDPR protection, do you just tell FB when you sign up that you're Danish? It's who you are, not your IP address at the moment that counts, right? FB would not know for sure which you are. If it does not accept your statement that you are Danish, and applies the looser Australian non-protections, it risks consequences from the EU authorities. Is that right?

  16. Anonymous Coward
    Anonymous Coward

    Which's more slippier?

    An eel or Fartbook?

  17. Anonymous Coward
    Paris Hilton

    $1.6bn

    $1.6bn - How many NHSweeks is that?

    1. tmz

      Re: $1.6bn

      About 3 days.

  18. That one over there
    Pirate

    Launch all the drones!

    So what happens when the Facebook drones start beaming down all the filtered internets to the great unwashed for 'free'. Where is the data ownership then?

    1. MachDiamond Silver badge

      Re: Launch all the drones!

      "So what happens when the Facebook drones start beaming down all the filtered internets to the great unwashed for 'free'. Where is the data ownership then?"

      That's what Elon wants to do. We'll have to see who gets all of their satellites/drones/balloons up first.

  19. Anonymous Coward
    Anonymous Coward

    Which jurisdiction for the bots?

    Nobody actually knows what fraction of FB members are merely bots. It's likely higher than 10% based on what I've seen first hand. I wonder if the bits are concerned about the privacy of their mythical data.

    There's also a large number of secondary accounts. Do the advertisers get a discount for this sort of factor?

  20. PTW
    Mushroom

    One step before the fine...

    IANAL But my understanding is that under GDPR a fine is issued at Level 4, but the step before, Level 3 your right to act as a Data Processor is removed within the EU meaning Facebork can't hold any EU citizen's data.

    Only way to deal with FB ------>

  21. JohnFen

    Uber levels

    Facebook is trying really hard to reach Uber-level evil, isn't it?

  22. Domquark
    Coat

    The bright side

    Ooh think of all those nice shiney servers, now no longer needed, that will appear on eBay!

    /coat

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like