How do you see the difference between Opt-in and Opt-out?
For example, I never asked for Google Streetview to photograph my property, so in that sense they might have violated my privacy.
But clicking a Like! button is like giving implicit approval to send some relevant data to Facebook.
If you were a German Facebook fan, would this law make it impossible to place a Like! button on your own site, when you and your visitors clearly want it?
Is it possible to voluntarily wave away the right to privacy or is it really an all-or-nothing deal?
Edit: It seems that you get logged without ever clicking the button, or lack a Facebook account...
The paper "Facebook Tracks and Traces Everyone: Like This!" mentions 3 valid privacy violations by Facebook.
informational self-determination: the individual should
be able to decide which data are disclosed to whom and
for what purpose.
contextual integrity: data has to be treated according to
the norms applicable to the context in which
the data was disclosed.
data transfer without consent: data should not be
transferred to another context without the individual's
consent
Abstract:
[the Like button] is also used to place cookies on the
user’s computer, regardless whether a user actually uses
the button when visiting a website. As an alternative
business model this allows Facebook to track and trace
users and to process their data. It appears that
non-Facebook members can also be traced via the Like
button.
It is legally possible to "wave away" your right to privacy. It is somewhat analogous to commercializing your "personality" by giving someone the right to advertise with your name.
However the European data protection standard demands "informed consent", the user needs to be able to understand the scope of his own decision:
Which data is captured and to what purpose? Do third parties get access, to what purpose? To which countries does data get sent and what are the risks associated with it? Will your data be possibly combined with data from other sources to build a more complete profile?
If it is impossible to answer these questions from the information given in the privacy policy etc., you do not have "informed consent" according to the European data protection standards. There also has to be a technical option present to "revoke" your consent for the future.
At the present moment, there is in fact no real solution to use the Facebook-Like button in Germany in a way that is compliant with data protection law. At least I couldn't finde one when I had to write a "memo" for a law firm. However it is somewhat possible to shield the owner of the website from liability.
I'm not sure if you were addressing me but I'll go ahead and respond anyways.
I don't think privacy should be an 'all-or-nothing' proposition; waving away your right to privacy should not be a decision an individual has to make. Ever.
I believe that what the majority of users want when interacting with internet platforms like Google, Facebook, etc. is a responsible use of their data; a reasonable balance between giving up information and receiving benefits in exchange.
From that perspective I would argue that Facebook collecting data from you simply by 'browsing-by' a like button is unacceptable. But I wouldn't go as far as to say that everything is fair after you've given alleged, implicit permission by clicking a button either. It's about a reasonable expectation the user has about what kind of terms he's entering into by 'like-ing' something. Is it okay for Facebook to have a look at what site your coming form? Associate your account with this like? Maybe. Would it be acceptable for Facebook to go through your history and look at the most recent porn sites you showed interest in? Probably not. That goes at the notion of contextual integrity you mentioned. The line is blurry but it certainly exists.
Another important consideration for me is who has access to the data that is collected. Larry Page famously answered to Paul Buchheit that there 'are no privacy issues' when faced with thousands of complaints concerning Gmail. I don't really mind machines going over the contents of my email in an effort to target ads at me. It's creppy to some but if you understand the underlying technology I would side with Larry and say that, really, there are no privacy violations. It's about the trust you have in a corporation when it comes to handling your data. Transparency goes a long way.
Give me your thoughts.
P.S: I don't think an individual or a corporation could successfully operate on the internet while strictly adhering to the three standards you mention. Getting explicit consent for every data transaction that occurs when using the internet would make that medium virtually unusable. We have to make certain, maybe gullible, assumptions about the companies and individuals we interact with to navigate everyday life; you do it every time you enter into a contract without studying the fine print.
A custom Facebook Share button sounds like a terrific idea, open-source it! :)
For example, I never asked for Google Streetview to photograph my property, so in that sense they might have violated my privacy.
But clicking a Like! button is like giving implicit approval to send some relevant data to Facebook.
If you were a German Facebook fan, would this law make it impossible to place a Like! button on your own site, when you and your visitors clearly want it?
Is it possible to voluntarily wave away the right to privacy or is it really an all-or-nothing deal?
Edit: It seems that you get logged without ever clicking the button, or lack a Facebook account...
The paper "Facebook Tracks and Traces Everyone: Like This!" mentions 3 valid privacy violations by Facebook.
Abstract: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1717563Ah, well. Back to a custom Facebook Share button for me.