#Meta is having a very bad year. The latest decision (issued by the #CJEU yesterday in Meta Platforms Inc, et al., v. Bundeskartellamt, C-C252/21) adds to their woes, but more importantly, I anticipate it will force us all to re-evaluate #processing, #lawful bases, special category data, and #inferences derived from that data.
In my article, I explore the case in detail, as well as some hypotheses on the impact of this decision broadly to #BigTech, with examples.
But I'm curious to hear your thoughts and observations. Am I being a Cassandra? Overly pessimistic? Completely overthinking this? What implications am I missing?
I'll note here (even though I didn't mention it in the article) that this may also portend the effective death of the One Stop Shop mechanism, which is already on shaky ground after the whole spat between the #DPC and other regulators. Who needs Ireland if competition authorities can also raise issues under the GDPR?
CJEU case: curia.europa.eu/juris/document…
Substack: careylening.substack.com/p/met…
Meta's Wakeup Call, and Big Tech's New Reality?
I unpack the far-reaching Impact of the CJEU's landmark ruling in Meta Platforms v Bundeskartellant and what it means for Big Tech, consent, and inferred data.Carey Lening (Chronicles of the Constantly Curious)
modulux
in reply to Carey Lening :blobcatverified: • • •In my opinion, we all knew that the overly wide reading of legitimate interest and performance of a contract as basis for processing were a racket. So that part is, to me, unsurprising and inevitable, if the data protection regime was to mean anything much at all. Same thing for making data manifest: isn't the entire point of the informational self-determination paradigm that you get to control how your personal data gets used, and just because it's known to some people it doesn't mean it can be spread indiscriminately?
You make interesting points regarding the issue of special categories of data, but overall I don't find it a pessimistic thing. I think it's good that these data are strongly protected, and the general disregard for law and antisocial habitus of data processors means that any reading of the law which lets them process these data so long as they maintain plausible deniability (we didn't mean it, it just happened) is one which is likely to make the protections too worthless, or at least much too weak. So, it's worth thinking of how to provide useful information without processing special categories of data, and I think the law already gives us good ideas: data minimisation, privacy by design, and so on. If you don't collect who looks for gay bars, you just give gay bar information out to an API request, you don't have to worry about data processing.