I had absolutely no issue getting my family members to pay for an account at diasp.eu when google+ shut down.

They were rather happy to do so since one of its selling points is that they do not track users for advertising. Do not underestimate the general publics tracking/advertising fatigue.

Forgive me but doesn't that mean they were actually using google+ in the first place? Which seems.... unlikely? Or at least incredible outliers.

You won't get the majority of people on Facebook to pay for the service after you've been giving it to them for "free" for 10 years, you'd maybe convert 10% if that, at which point what use is facebook with most of the users gone?

It's difficult to ask for users to pay for a service that was always free, indeed, furthermore facebook is not growing its user base anymore.

But a competitor can emerge by providing an alternative service, for a fee, marketing it as "the service that doesn't spy on you".

Now, sure, that will be a niche service, and social networks can't be niche services. The protonmail of facebook or twitter will probably never emerge.

We were all using google+ to share images. Some of them are on facebook (my mother and sister in particular), but the rest of my extended family is not there. But we were all on G+, I told them if they wanted to see baby pictures you have to sign up.

I couldn't care less about anyone outside my family, if they want to contact me they can email or call me by phone.

For semi-private file sharing (ie family-wide, not worldwide), paying services are great. If you want as big of a circle of "friends" as possible, you are in a "winner-takes-all" situation, and being free helps to be the winner.

My understanding of the GDPR (did a course on it for work) is that it allows data sharing for advertising to named companies, but holds you and the advertiser responsible for ensuring that no-one else gets your data without permission and for letting you know if any such data breach occurs.

But I agree with you on the principle that bureaucracy very seldom does only the things I want.

> I'm pretty sure that if you asked people whether they would prefer to pay for Facebook and Google with cash or by sharing data for ad targeting, most would choose the latter. The GDPR specifically forbids that option.

Do you have a source for that?

Article 7 and Recital 43 of GDPR.

Permission must be freely given in order to be valid. It is not freely given, if access to a service requires the permission and that permission is not strictly necessary for the service.

However I believe it is good that such option is forbidden, after all the years of abuse of user data at the hands of Google, Facebook and other advertisement companies. Note that ads can still be shown without all the creepy targeting, and ads could still be used to pay for the service, without stealing user data (yes, I call it stealing, because these companies go to great lengths to trick the user into giving the permission). It remains to be shown if ads without tracking could be sustainable to keep services free.

That's not quite accurate. The law allows you to legitimately ask for permission to share the data for advertising purposes, but you have to be transparent with the details, and the advertiser has to have the same safeguards on the data as your company (they aren't allowed to re-sell it without the original company's knowledge, for example).

That's not fully accurate either. All that you wrote is true, but user's permission must be freely given - this means access to the service cannot be restricted if user refuses to give permission (as long as that permission isn't strictly required to provide the service itself, but then probably permission is not the right basis for processing data).

Agreed.

I used the word prerequisite for a reason - you can ask for permission, but you can't try to force permission by withholding the service.

The question was if there is a source on the claim that most people would prefer intrusive ads to paying for a service.

Sorry, I had assumed the question was for a source on "The GDPR specifically forbids that option.", I didn't give the source, but an argument why it follows from the rules of the GDPR.

A service could offer an ad-free version for a fee.

If you provide a free service which is only accessible after you give permission to data processing, then that permission is not freely given and thus invalid (as long as such processing is not strictly necessary to provide the service) - see Article 7 and Recital 43.

> I'm pretty sure that if you asked people whether they would prefer to pay for Facebook and Google with cash or by sharing data for ad targeting, most would choose the latter. The GDPR specifically forbids that option.

First, it's important to distinguish between the types of lawful bases with which you are processing data. For example, if you were to provide a service of targeting ads to people, you do not need consent to collect the data you need to target your ads: because you are simply fulfilling the contract. One of the problems with the current Facebooks and Googles of the world is that they assume you don't want targeted ads. I think this is an enormous mistake. Sign me up for targeted ads! I want them! I will freely give you information so that I can get targeted ads! In reality, the Faebooks of and Googles of the world are not offering targeted ads. They are offering indiscriminate ads and also selling your data. This is incredibly important to understand.

Next, even if we decide to offer a service and ask for consent for collection of non-related information, there is nothing stopping us from paying for that collection (as far as I can tell). The law states that consent must be "freely given", however this "freely given" means that you can't threaten consequences for non-consent. There is no provision for thanking your customers.

In other words, I'm pretty sure you can charge $5 a month for a service and then give $5 a month worth of credit as a thank you for being able to use your data. (Note: I tried to find some kind of verification of this, but was unable to find a discussion of it either way. I would be grateful for some evidence even if it contradicts my thesis ;-) )

However, there are massive caveats. First you must inform the customers what you are doing with their data and who your are sending it to. Second you must allow them to withdraw their consent. If they withdraw their consent then you must also do everything in your power to notify the downstream data processors to also stop using that data.

And I think that's the real reason you don't see the Facebooks and Googles of the world trying this. They don't want to work with the data in a trackable way. They want to do whatever the heck they want with your data forever. They don't want to inform you that they've sent your data to an organisation that you might disapprove of. They don't want to allow you to cancel your consent without cancelling your service and also do whatever is necessary to stop the downstream processor from using your data if you object.

There is usually a lot of vitriol here when we discuss GDPR however usually this is a result of distilling the argument down to an either/or situation. Either the company is an abusive monster or the law is trying to remove a legitimate business model. It overlooks the idea that there are serious problems with the way this business model works right now and the law attempts to improve that situation in ways that are both useful and frustrating.

Edit: At the risk of bringing the wrath of the EU down upon my employer, I just realised that we offer a 25 GBP voucher for agreeing to sign up to our newsletter. So, there is at least 1 company who does this and I really don't think there is anything wrong with it.

> Sign me up for targeted ads! I want them! I will freely give you information so that I can get targeted ads!

The same I was getting at here: https://news.ycombinator.com/item?id=18805856

in fact I think I used to get more relevant ads some years ago.

Dudeo, people are just going to sign up, get their money back for their data, then ask you to delete the data right away. You have to still provide the service, just now for free.

The gdpr doesn't prevent such thing. It just requires consent, care and empowerment.

The GDPR does not allow you to block people who do not consent.

Well, it's never gone to court yet, so I guess you can't say for sure. But that's how it's widely interpreted.

Consent is meaningless if it is forced. Also, if the law allowed that, you would simply get a large banner saying

"To access this website you agree to all our privacy invasion and to sell us your soul. We are not asking you, just informing you."

Except you do have the choice not to view the site. If hackernews said give consent or leave, you could just close the tab.

Well consumers can still give information to google if they want to, gdpr does not disallow it.

What is now forbidden is to gather identifiable data about people without consent and ability to remove it.

> I'm pretty sure that if you asked people whether they would prefer to pay for Facebook and Google with cash or by sharing data for ad targeting, most would choose the latter. The GDPR specifically forbids that option.

Yes, in the same way (as an exaggerated example) it forbids people selling their organs for profit or jobs with no salary etc

But the parent is right, this is not only about companies, this has a direct impact on users and freedom of expression

> I'm pretty sure that if you asked people whether they would prefer to pay for Facebook and Google with cash or by sharing data for ad targeting

They would chose not to have Google and Facebook. The basic principals of capitalism that products are something people want or need. Surveillance capitalism gets around this by exploiting the fact that an average citizen does know nothing about data collection and its scale and the implications for their privacy. GDPR is trying to fix this and also the fuck all attitude to security that most companies have.

> ... pay for Facebook and Google... by sharing data for ad targeting... The GDPR specifically forbids that option.

All I can say is that this is not my lived experience of Google and Facebook in the EU. This is also not those companies’ interpretation of that law (nor a common one).

There are real arguments against the burden the GDPR puts on companies who hold/process significant PII (which I am sympathetic to), but this is not one of them.

> ... powerful bureaucracy that does only the things that you want.

The same could be said of any democracy. My point is that there is no democratic basis for Article 13. It’s only getting support because IP law is too boring and abstract for most people to get worked up about.