California Considering New Data Privacy Regulation

rgMekanic

[H]ard|News
Joined
May 13, 2013
Messages
5,401
In a report from NPR yesterday, following Europe's new privacy laws that went into effect on Friday, California is considering new legislation regarding online privacy. The California Consumer Privacy Act will likely be on the ballot in November, and will require business' to have a "clear and conspicuous link" on their homepage titled "Do Not Sell My Personal Information." The link would take users to a page where they can opt-out of having their personal data sold or shared. While the law would not prevent companies from collecting users' data in order to target ads, it would prevent that data from being shared or sold.

Sounds fantastic to me, and as the article states, hopefully if this law goes into effect in California, it will just be implimented nationally instead of websites trying to use IPs to know if the user is on the site from California. I look forward to hearing how anyone can argue that the option to opt out is a bad thing. Thanks to cageymaru for the story.

One of the initiative's biggest backers is Alastair Mactaggart, a San Francisco real estate developer. Mactaggart recalls the moment about four years ago that turned him into a privacy advocate. He asked a Google engineer at a cocktail party whether he should be worried about his privacy. "He said, 'Oh if you just knew how much we knew about you, you'd be really worried,' " recalls Mactaggart.
 

Delicieuxz

[H]ard|Gawd
Joined
May 11, 2016
Messages
1,247
Hopefully California will also require Microsoft to provide an opt-out (preferably opt-in) option that prevents Microsoft from selling any personal data that is collected through Windows 10 and integrated Microsoft services.
 

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
One of the initiative's biggest backers is Alastair Mactaggart, a San Francisco real estate developer. Mactaggart recalls the moment about four years ago that turned him into a privacy advocate. He asked a Google engineer at a cocktail party whether he should be worried about his privacy. "He said, 'Oh if you just knew how much we knew about you, you'd be really worried,' " recalls Mactaggart.
And people are worried about Microsoft? HA! Don't make me laugh. Google is so much more of a threat to your privacy than Microsoft is. Microsoft isn't even a blip on the privacy radar when compared to the threat that is Google.
 

Delicieuxz

[H]ard|Gawd
Joined
May 11, 2016
Messages
1,247
And people are worried about Microsoft? HA! Don't make me laugh. Google is so much more of a threat to your privacy than Microsoft is. Microsoft isn't even a blip on the privacy radar when compared to the threat that is Google.

Nope. It's actually the reverse. Google tracks your online activities, but Microsoft tracks your online AND offline activities. And at the very lowest (Basic) data-collection setting in Windows 10 Home and Pro, Microsoft is harvesting data from over 3,500 individual data points. And that doesn't even include integrated MS services like Microsoft Store, Edge, Bing (Cortana), and others.

Google was in the business first, but Microsoft is now in it at a much more direct and all-encompassing level via people's offline OS usage and non browser-based OS services.
 
  • Like
Reactions: DPI
like this

risc

Handle with Kid Gloves
Joined
May 18, 2017
Messages
188
Next they'll raise taxes to pay for regulation and enforcement. CArrupt.
 

gamerk2

[H]ard|Gawd
Joined
Jul 9, 2012
Messages
1,836
Not constitutional.

Go home, Kalifornistan. You're drunk.

And how, exactly, would this be not constitutional?

Next they'll raise taxes to pay for regulation and enforcement. CArrupt.

Nah, California already has state level agencies that oversee this type of thing, and the money they get via penalties/fines more then offsets what it would cover to pay for this.
 

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
Nope. It's actually the reverse. Google tracks your online activities, but Microsoft tracks your online AND offline activities. And at the very lowest (Basic) data-collection setting in Windows 10 Home and Pro, Microsoft is harvesting data from over 3,500 individual data points. And that doesn't even include integrated MS services like Microsoft Store, Edge, Bing (Cortana), and others.

Google was in the business first, but Microsoft is now in it at a much more direct and all-encompassing level via people's offline OS usage and non browser-based OS services.
I disagree. Microsoft has only the desktop, Google owns the mobile phone market with Android and what device do you have with you on your person more than anything else? Your phone. Google knows where you've eaten lunch, what stores you shop at, where you live, etc. I would go so far as to say that physical information about a person is far more valuable than digital information.
 

Trimlock

[H]F Junkie
Joined
Sep 23, 2005
Messages
15,228
I disagree. Microsoft has only the desktop, Google owns the mobile phone market with Android and what device do you have with you on your person more than anything else? Your phone. Google knows where you've eaten lunch, what stores you shop at, where you live, etc. I would go so far as to say that physical information about a person is far more valuable than digital information.
MS has also said in the past it doesn’t sell your information so this opt out option would be stupid.
 

Delicieuxz

[H]ard|Gawd
Joined
May 11, 2016
Messages
1,247
MS has also said in the past it doesn’t sell your information so this opt out option would be stupid.

Though Microsoft have a history of lying, deceiving, manipulating, conniving, etc, Microsoft have actually stated that they do sell the data that is collected from people. Why do you think Microsoft is collecting all that data in the first place? Harvesting and selling user data is a pillar of Microsoft's new business model, and is precisely what Windows 10 is designed around and why Microsoft was giving away "free upgrades" to Win 10: To get as many people as possible plugged into Microsoft's data farm, which is a perpetual money-generating machine for MS.


Proof that Microsoft is selling people's data? They say so. And that's the whole business strategy of Windows 10 and why it was given for "free" - to get more people connected to their massive data-harvesting network, to give them more data to sell. That's also why Microsoft deliberately resets Windows owners' Windows 10 settings with major updates: To re-enable any personal customization that might limit Microsoft's data harvesting.

Microsoft, Facebook, Google, Twitter, are all in the same business: Collect data and sell it, and use it to generate targeted ads.

https://blogs.technet.microsoft.com...ows-10-telemetry-updates-diagnostic-tracking/

"The Microsoft Data Management Service routes information to internal cloud storage, where it's compiled into business reports for analysis and research."

"The privacy governance team permits access only to people with a valid business justification."

"However, we do share business reports with partners that include aggregated, anonymous telemetry information."


Microsoft isn't its own partner. A partner means a 3rd-party. A business agreement with a 3rd-party means a profitable transaction. What Microsoft is saying, in a sterilized PR manner, is that they sell the data they collect through Windows 10 to whoever has the money to pay for it - just like Facebook does.



Also, the Dutch DPA has debunked Microsoft's claims of its data being anonymous as being a lie, confirming that all the data which Microsoft collects is personally-identifiable:

"In our full report (only available in Dutch unfortunately), we deal extensively with the points of forced install. We also explain why all the telemetry data collected by Microsoft are indeed personal data, and certainly not anonymous, regardless of the view of MS that they would only relate to the system/be 'mere' technical data."

Dutch DPA: Microsoft breaches data protection law with Windows 10

Dutch DPA's use of Microsoft's Data Viewer Tool reveals that no Windows 10 telemetry is anonymous

https://ncmedia.azureedge.net/ncmedia/2017/10/Dutch-DPA-Windows-10-Home_Pro_Investigation_Mi.pdf

"It turns out that Microsoft’s operating system follows about every step you take on your computer. That results in an intrusive profile of yourself”, according to Wilbert Tomesen, vice-chairman of the Dutch DPA. “What does that mean? Do people know about this, do they want this? Microsoft needs to give users a fair opportunity to decide about this themselves."


You can bet that Microsoft is nervous as heck right now over how far the fallout over the Facebook and Cambridge Analytica scandal will go, as it has the potential to spoil Microsoft's business model with Windows 10 and other MS services.


The outrage over the Facebook and Cambridge Analytica scandal proves that, contrary to what some apologists on forums argue, the public understands that what Microsoft is doing with Windows 10 is not OK, and is certainly a violation of personal rights - but the general public is simply that it is going on with Windows 10, and that that very same exploitation of their personal behaviour and data is the whole point of Windows 10 for Microsoft. Using Windows 10 is the same thing as being active on Facebook constantly: One is feeding Facebook data vaults, the other is feeding Microsoft data vaults.
 
Last edited:

BSmith

[H]ard|Gawd
Joined
Nov 9, 2017
Messages
1,323
Dormant commerce clause.

There is no conflict over a federal law here. What federal law provides for user data to be collected and/or sold?

Some might argue this is an extension of the 9th Amendment of the Bill of Rights.
 

gamerk2

[H]ard|Gawd
Joined
Jul 9, 2012
Messages
1,836
Dormant commerce clause.

The DCC only applies to state laws that unfairly benefit that state at the expense of out-of-state commerce.

The Dormant Commerce Clause, or Negative Commerce Clause, in American constitutional law, is a legal doctrine that courts in the United States have inferred from the Commerce Clause in Article I of the US Constitution. The Dormant Commerce Clause is used to prohibit state legislation that discriminates against interstate or international commerce.

For example, it is lawful for Michigan to require food labels that specifically identify certain animal parts, if they are present in the product, because the state law applies to food produced in Michigan as well as food imported from other states and foreign countries; the state law would violate the Commerce Clause if it applied only to imported food or if it was otherwise found to favor domestic over imported products. Likewise, California law requires milk sold to contain a certain percentage of milk solids that federal law does not require, which is allowed under the Dormant Commerce Clause doctrine because California's stricter requirements apply equally to California-produced milk and imported milk so it does not discriminate against or inappropriately burden interstate commerce.

As the proposed rule applies equally to all businesses, the DCC doesn't apply. Same logic to CAFE standards; so long as the standards apply equally to all business regardless of origin, there is no conflict with the DCC.

The point of the DCC is to ensure states don't pass protectionist economic measures that would hurt the nation as a whole.

EDIT

Look at it this way: The Commerce Clause states that the Federal Government has the power to regulate interstate commerce. The Dormant Commerce Clause is derived from the Commerce Clause, and is taken to mean that in the absence of Federal regulation the states have the right to regulate commerce in a way that does not negatively impact commerce from out of state sources to the benefit of the state passing the regulation.
 
Last edited:

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
To get as many people as possible plugged into Microsoft's data farm, which is a perpetual money-generating machine for MS.
Microsoft has other forms of revenue like their server licenses, Microsoft Azure, Microsoft Office, etc. all of which makes Microsoft a metric fuck ton of money; they don't need us regular users to make money. Google however has no other form of revenue other than selling and otherwise monetizing your personal data and Android is the Trojan horse by which they do that very task.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,841
I like that this conversation is now happening in the U.S., but I worry that having a patchwork of state-based laws could be a problem. California may want one kind of link on the site, others may want a different type of link, this could quickly get out of hand.

And how would it even be enforced? People visit websites across state borders. Would the California law apply only to websites hosted in California? Al that would do is move hosting to New Mexico or some other place nearby. Would the California law apply nationwide? Is it really OK for aone state to dictate what happens to the entire country?

I think w desperately need online privacy legislation, but it should probably happen at the federal level.


Personally I would rather have data to be sold/shared to be opt-in only.

If my data is to be sold I at least want a cut.


Some might argue that the cut you are getting is the free service you are using that is collecting that data. Of course, some of those services provide more value than others, and some you get no utility out of at all.
 

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
For most young people today Microsoft represents the "old platform", the platform that their parents and grandparents used. Anyone who's young, hip, and cool are embracing other platforms and I can tell you that it's not Microsoft. Why do you think Microsoft is pushing their whole "mobile first, cloud first" mentality along with development tools that allow you to build both Android and iOS apps in Visual Studio thanks to Xamarin? Because they know that the traditional platforms are dying.

Google represents the future of computing. A lot of us laughed (including myself) when Google brought out ChromeOS and said "Why would people buy a device that's just a web browser?" Well if you look at ChromeOS today you can run Android apps in a window complete with the Google Play Store to get apps in. Sound familiar? Oh yeah... that's a desktop. ChromeOS has all of the makings of a platform to replace Windows on both the tablet but the traditional desktop as well.

And here's the thing, this has been Google's plan from the very beginning. A lot of us that remember Microsoft from years ago will recall something called "embrace, extend, and extinguish". Well Google has done just that... except that they took out the "extend" part and went straight to "extinguish" and they are extinguishing the desktop market better than anyone else.

And why is Google doing all of this? Simple. Google's grand plan is to replace the entire computing ecosystem with Google; Android is the mobile OS and ChromeOS is the desktop OS. And once that happens well... they'll be making money hand over fist on our personal data. That is Google's ultimate end game scenario. The scary part is, there's nobody to stop this from happening. Google is too big to fail.
 

jamesv

Weaksauce
Joined
Mar 12, 2016
Messages
113
I’d prefer that Google charge everybody for their “service” and thus avoid legislators “helping” the oppressed.
Everyone knows that Google and FakeBook tell legislators what to do.
To think these legislators somehow grew a brain is a laugh.
 

Flatrock19

n00b
Joined
Jun 6, 2017
Messages
30
Sec 2 H.
"You should also be able to control the use of your, and your children's, personal information, and be able to stop businesses from selling your information. Your decision to request information from a business about its collection and sale of your personal information or to tell a business to stop selling your personal information should not affect the price, quality, or level of the goods or services you receive. It is possible for businesses both to respect your privacy and provide a high level of quality and service and a fair price."

So you should be able to refuse to allow targeted advertising, yet get the same product as someone who allows targeted advertising?

Untargeted advertising has a lot less value to advertisers. That means a lot less revenue for ad supported products. That means a lot fewer ad supported products and a lot lower quality for the ad supported products that survive. If you suck the profits out of the market, the market won't stay the same.

Consumers should have control over how data that personally identifies them is used, but in most cases that involves making sure they are informed, and allowing them to choose to use the service or not. They need to be able to make an informed choice. I support the idea of some clearer reporting requirements.

Sec 3 A.
"A. Giving California consumers the right to know what categories of personal information a business has collected about them and their children."

A privacy policy and notification of it being changes should sufficiently fulfill this.

Sec 3 B.
"Giving California consumers the right to know whether a business has sold this personal information, or disclosed it for a business purpose, and to whom."

A privacy policy should fulfill this in a general sense. But tracking how each person's data is individually shared, to which partners, and when is going to add considerable overhead. It's likely going to be too burdensome for small companies.

Also what data is considered private? Companies often sell data where they remove the personally identifying data. But that doesn't mean that in some cases the purchaser can't combine that data with data from other sources to identify the individual if they know enough about them from other sources. Knowing someone's location at a number of specific times may enable you to identify them, or at least learn where they live which is considered personally identifying information. Even without location information there might be enough unique things to identify someone in their browsing history. Probably not most people, but certainly some people. But how does the company sharing or selling the data know if their partner is able to identify someone especially when that identification might be done by combining data from multiple sources? Is the company that collected the data liable if their partner pieces together and discovers personal information that wasn't directly provided to them?

Sec 3 C.

"Requiring a business to disclose to a California consumer if it sells any of the consumer's personal information and allowing a consumer to tell the business to stop selling the consumer's personal information."

I agree with it but it needs to be more specific regarding what information is private. If names, addresses, and IP addresses have been stripped out, can they continue to sell your browsing habits or do they need to purge their database of any information that was collected. What about information that has already been sold and they no longer have direct control over?

Sec 3 D.
"Preventing a business from denying, changing, or charging more for a service if a California consumer requests information about the business's collection or sale of the consumer's personal information, or refuses to allow the business to sell the consumer's personal information.

I have to disagree. Your personal information has value. When using these services you are bartering the use of that information in return for the product or service. Customers should be able to make an informed decision, but the business shouldn't be required to provide goods and services if the consumer doesn't want to either pay money for them, or exchange their personal information for them.

Sec 3 E.
"Requiring businesses to safeguard California consumers' personal information and holding them accountable if such information is compromised as a result of a security breach arising from the business's failure to take reasonable steps to protect the security of consumers' sensitive information."

I agree with this, but there needs to be some reasonable standard set up for "reasonable steps to protect the security...", and a cap on damages to prevent lawyers from submitting a never ending series of class action lawsuits from lawyers playing the lawsuit lottery and hoping to gain a large share of a huge settlement where the damages to individual consumers aren't really significant. Without caps and restrictions they have no disincentive to not just file lawsuit after lawsuit even if there is no real evidence of negligence, and we could end up putting a lot of companies providing useful services out of business for things that are mostly out of their control.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,841
I've given this some thought over the years, and came up with the below that I ahve posted on here before. We need regulation along these lines, not some stupid link on webpages. Something that is more comprehensive:

1.) No organization shall collect, store, monetize or use user data without the explicit consent of the user, and when the users consent is given it must be for a specific purpose, and only for this specific purpose, no blanket permissions.

2.) Data may only be used for the exact purpose which it was collected or shared, even if posted publicly. This includes any and all data harvesting or mining.

3.) It must be made illegal to withhold or alter services if a user decides not to provide consent.

4.) If you offer a service for free that collects data on its users, you must also offer the identidal service including all the same features for free to those who elect not to consent to shared data. Same if you offer a paid service, this service must be offered at the same price including all features regardless of whether users opt in or not.

5.) All data sharing options must default to decline sharing.

6.) Some services require user data in order to function. In this case the data may be collected, but may not be used or monetized for any other purpose than directly providing the service unless the user explicitly opts in, as in #1

7.) You may ask your users to support you, by voluntarily agreeing to share their data, but if they decline you may not spam them with requests. If they decline, you must wait one year before asking again.

8.) All previous user data collected, not in compliance with the above must be permanently erased.

9.) Context based advertising based entirely on what is currently on screen, and does not store any user data is not prohibited by these rules.

10.) The rules above apply to all organizations operating on U.S. soil or with any presence in the U.S. regardless of the nationality of the users, AND to organizations operating anywhere in the word with users located in the U.S.

11.) Minimum fines of $1,000 per database record per day to be assessed for any non-compliance

12.) If the offending organization cannot be fined (due to bankruptcy or location outside of jurisdiction) any subsidiary or parent organization inside U.S. jurisdiction will be assessed in their place.

13.) Exemption: Credit agencies are exempted from these regulations, however, credit agency data may only be used to check credit history in support of a loan application, and then only after an end user has requested a line of credit. The data may not be shared or used for marketing purposes. The credit agency data may not be monetized in any other way except by charging a fee to a financial institution looking to assess the risk of a loan provided to a person.

14.) Exemption: Background checks. Similarly Background checks are exempted from these rules, but may only be used to establish the civil infraction and criminal backgrounds of any person, and only by prospective employers (private persons or companies) Background check data may not be monetized in any other way except a fee to the requesting company or person.
 

Flatrock19

n00b
Joined
Jun 6, 2017
Messages
30
Would California have any authority to enforce this on a company with no substantial physical presence in California?
I've given this some thought over the years, and came up with the below that I ahve posted on here before. We need regulation along these lines, not some stupid link on webpages. Something that is more comprehensive:

1.) No organization shall collect, store, monetize or use user data without the explicit consent of the user, and when the users consent is given it must be for a specific purpose, and only for this specific purpose, no blanket permissions.

2.) Data may only be used for the exact purpose which it was collected or shared, even if posted publicly. This includes any and all data harvesting or mining.

3.) It must be made illegal to withhold or alter services if a user decides not to provide consent.

4.) If you offer a service for free that collects data on its users, you must also offer the identidal service including all the same features for free to those who elect not to consent to shared data. Same if you offer a paid service, this service must be offered at the same price including all features regardless of whether users opt in or not.

5.) All data sharing options must default to decline sharing.

6.) Some services require user data in order to function. In this case the data may be collected, but may not be used or monetized for any other purpose than directly providing the service unless the user explicitly opts in, as in #1

7.) You may ask your users to support you, by voluntarily agreeing to share their data, but if they decline you may not spam them with requests. If they decline, you must wait one year before asking again.

8.) All previous user data collected, not in compliance with the above must be permanently erased.

9.) Context based advertising based entirely on what is currently on screen, and does not store any user data is not prohibited by these rules.

10.) The rules above apply to all organizations operating on U.S. soil or with any presence in the U.S. regardless of the nationality of the users, AND to organizations operating anywhere in the word with users located in the U.S.

11.) Minimum fines of $1,000 per database record per day to be assessed for any non-compliance

12.) If the offending organization cannot be fined (due to bankruptcy or location outside of jurisdiction) any subsidiary or parent organization inside U.S. jurisdiction will be assessed in their place.

13.) Exemption: Credit agencies are exempted from these regulations, however, credit agency data may only be used to check credit history in support of a loan application, and then only after an end user has requested a line of credit. The data may not be shared or used for marketing purposes. The credit agency data may not be monetized in any other way except by charging a fee to a financial institution looking to assess the risk of a loan provided to a person.

14.) Exemption: Background checks. Similarly Background checks are exempted from these rules, but may only be used to establish the civil infraction and criminal backgrounds of any person, and only by prospective employers (private persons or companies) Background check data may not be monetized in any other way except a fee to the requesting company or person.

With #4 you would essentially be banning the business model that has brought the vast majority of the growth by internet businesses.

Pretty much all of Google, social media, even all the apps and games funded by advertising would cease to exist unless their customers decide to donate their personal data without receiving anything in return that they can't get without doing so. That's pretty much guaranteed to cause nationwide if not worldwide economic disaster, but at least we wouldn't be at risk of those companies using our personal data in the ways they are currently disclosing and their customers have decided is acceptable in return for the use of their products.

Minimum fines of $1000 per database record per day. So Facebook has around 2.2 billion users. So a single mistake even if momentary that effects all users even if accidental or the act of one disgruntled employee would result in a MINIMUM of a $2.2 trillion fine. So the options are absolute perfection, or utter destruction of the company, any parent company, and any subsidiaries. They wouldn't even have an money left to pad damages to any actual victims.
That's reasonable and proportional to the harm cause. Let's destroy companies put tens of thousands of people out of work and likely devastate our economy as well over the most trivial of infractions.

Regarding #13 & #14, these should be unnecessary. If you post something publicly, then it's public. If you post it privately, then it's private. If it's public then you have no reasonable expectation of privacy nor a right to keep credit or background companies from accessing it. If it's private neither type of company should have access to it without your explicit permission.

#8 might be unconstitutional. Unless the data was collected fraudulently or without consent, it's the property of those companies, or the property of the shareholders of those companies since you seem like one of those people that would argue that companies don't have rights while missing the point that their owners do.

The government is prohibited from taking property without fair compensation.

There is also the issue that people actually use and benefit from a lot of services that make use of data that we have explicitly allowed them to collect over time. Many of those customers would be very unhappy to have that data which they chose to have collected, erased.

What about collecting personal information of sales for various reasons including warranties and to facilitate return policies?

What about products and services that more or less require that you provide data. How do you sell the same products regardless of if data is allowed to be collected in the insurance industry? Are you just going to handle such things on a case by case basis with $1000 per record, per day fine applied after the fact if their best effort to interpret the law to that situation is found lacking?
 

Delicieuxz

[H]ard|Gawd
Joined
May 11, 2016
Messages
1,247
Microsoft has other forms of revenue like their server licenses, Microsoft Azure, Microsoft Office, etc. all of which makes Microsoft a metric fuck ton of money; they don't need us regular users to make money. Google however has no other form of revenue other than selling and otherwise monetizing your personal data and Android is the Trojan horse by which they do that very task.

Microsoft isn't in the habit of saying 'we're making lots of money from all these things, so we don't need to be making boatloads of more money from this one thing'. And the personal user data Microsoft collects from Windows 10 makes them boatloads of money, just like Apple said it would make them if they collected it, and just like it makes Google, Facebook, and Twitter boatloads of money.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,841
Would California have any authority to enforce this on a company with no substantial physical presence in California?


With #4 you would essentially be banning the business model that has brought the vast majority of the growth by internet businesses.

Pretty much all of Google, social media, even all the apps and games funded by advertising would cease to exist unless their customers decide to donate their personal data without receiving anything in return that they can't get without doing so. That's pretty much guaranteed to cause nationwide if not worldwide economic disaster, but at least we wouldn't be at risk of those companies using our personal data in the ways they are currently disclosing and their customers have decided is acceptable in return for the use of their products.

Minimum fines of $1000 per database record per day. So Facebook has around 2.2 billion users. So a single mistake even if momentary that effects all users even if accidental or the act of one disgruntled employee would result in a MINIMUM of a $2.2 trillion fine. So the options are absolute perfection, or utter destruction of the company, any parent company, and any subsidiaries. They wouldn't even have an money left to pad damages to any actual victims.
That's reasonable and proportional to the harm cause. Let's destroy companies put tens of thousands of people out of work and likely devastate our economy as well over the most trivial of infractions.

I'm perfectly fine with all of silicon valley being destroyed, if it means we get our privacy back. Privacy is just that important.
 

Flatrock19

n00b
Joined
Jun 6, 2017
Messages
30
Not far enough. Data selling should be opt-in only, with the mandate that it must be a separate form and not lumped in as item #547 on a 62 page service agreement.

The service agreements keep getting longer and longer due to more and more consumer protection regulations as well as more lawsuits.

So "important" protections are getting buried.

If the solution is to put such agreements in a separate document that must be agreed to individually, how long will it be before we end up with a long list of individual items that must all be explicitly agreed to individually. And of course agreed to again if anything changes. And to keep consumers aware of what they have agreed to they should be forced to agree to them over again periodically. Maybe annually... How long before users click all the boxes without reading the individual items any more than they did the original service agreement?

I just don't see the requirement adding actual additional value.
 

Flatrock19

n00b
Joined
Jun 6, 2017
Messages
30
I'm perfectly fine with all of silicon valley being destroyed, if it means we get our privacy back. Privacy is just that important.

We have gone through round after round of strengthening privacy protections based on the argument that consumers shouldn't be tricked into giving up their privacy in return for good and services. Each time the allegation that consumers were being tricked into the choice became less and less credible. Consumers still overwhelmingly chose to make the exchange in return for services they value more than what they consider a small and incidental loss of privacy.

Privacy advocates keep arguing louder and louder that consumers are being abused, when in reality almost all if not all are making an informed choice, it just happens to be one you disagree with.

I'm an adult. I can make my own decision if I want to allow a company to target me with advertising in exchange for a fun game on my phone. I don't need someone to take that option away from me under the guise of protecting me.

I can also decide if I want to allow Google to track my location so it can give me updates on traffic conditions on my commute. I can decide if I want to allow Google to allow my wife to see my location so I don't have to respond when she wonders how soon I will be home from work and would otherwise call me or text me while I'm driving. I can choose if I want to use Alexa in my home. I can choose if I want a Facebook account. I'm able to understand the implications of such choices and decide to accept them or not.

I certainly support your right to privacy. I don't support your apparent desire to force what you think is the appropriate level of privacy onto me regardless of the effects of doing so.
 

gamerk2

[H]ard|Gawd
Joined
Jul 9, 2012
Messages
1,836
I certainly support your right to privacy. I don't support your apparent desire to force what you think is the appropriate level of privacy onto me regardless of the effects of doing so.

Uhhh...the proposed law does nothing to you if you do nothing, so what are you even complaining about? Under the proposed law, you control how much (if any) information can be sold, rather then implicitly giving it all up by default as a requirement for using a given website. I fail to see how this law affects you in any way.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,841
#8 might be unconstitutional. Unless the data was collected fraudulently or without consent, it's the property of those companies, or the property of the shareholders of those companies since you seem like one of those people that would argue that companies don't have rights while missing the point that their owners do.

I am a complete supporter of property rights, bbu other than that I completely disagree with what you are saying here.

My personal data should not ever be allowed to become the property of any other person or entity.

No matter what I sign, no matter what I agree to, and no matter what I do the full rights to any data pertaining to me should always belong to me and only to me.

I can grant others permission to use it, but retain the right to revoke that privelege at any time for any reason, and I shouldn't have to play guessing games as to what faceless entity has my data. It should be clearly summarized for me who has it and exactly what they are using it for so I can - at any time and without consequences to me - revoke my permission and force its deletion.

This should be a basic human right.
 
Top