Zuck specifically answered questions covering shadow profiles during his inquisition. They exist and are used even if that user is not a Facebook user. It’s not an unknown.
Do you have a source for that? I watched the both hearings end to end and I only recall shadow profiles being mentioned once, and the answer was "I’m not familiar with that"...
It depends on what you mean by "profile". I've got a feeling you're using a very specific definition and we're not going to come to an agreement. For me, a shadow profile is a set of data that can be correlated with you personally after the fact if you do decide to sign up for an account.
I can agree with you on that definition and have yet to see evidence that they do what you say.
I think we need to distinguish what data collection means...just because you have a Facebook cookie in your browser which causes the browser to fire a request everytime there is a call to facebooks domains and therefore send meta information about OS, Browser, IP, etc (which is hard to turn off without reinventing the web) doesn’t mean FB (just like any other website that uses cookies) does anything with that meta data or stores it at all.
I think we need to be careful about judging what they technically do and what they actually do!
Many people in this debate default to assuming the worst...which is never a useful position to take. I would suggest assuming the good intent on FBs behalf and then reverse engineer from there
Why is assuming the worst not a useful position to take? In particular when it comes to a corporation that doesn't have my best interests as its primary concern (if at all)?
I'd argue that, in general, assuming the worst is probably the best starting point. Trust is earned, not the default.
Only if the personal data is necessary to provide the service. And "my business model makes it necessary" doesn't cut it. Otherwise you need consent, but you can't DoS if it's denied.
I'd phrase it the other way around: you can't impose certain clauses in the contract (in this case, an obligation to consent to certain kinds of processing of personal data). Laws forbidding certain contract clauses are nothing new.
So I’m required to develop a bad version of my product for the small subset who don’t consent?
Sounds a ton like the Windows Reduced Edition fiasco all over again but at a much more massive scale - forcing by law the development of a product almost no one wants.
You don't need consent for the cases when processing personal data is necessary to provide a feature for the user. For example, if you have a "find my friends near me" feature, you don't have to ask for consent to use the user's location for that purpose.
So there's never a reason why the product must be worse for any particular subset of users.
When you need to ask consent is when you're trying to use personal data in ways that aren't directly related to providing features for that user. Like, for example, ads.
And you can't develop a bad version to "punish" users who don't consent to those unrelated uses of their personal data, because then the consent wouldn't be freely given.
