[HN Gopher] American Data Privacy and Protection Act
___________________________________________________________________
American Data Privacy and Protection Act
Author : 1vuio0pswjnm7
Score : 346 points
Date : 2022-09-22 14:32 UTC (8 hours ago)
(HTM) web link (www.congress.gov)
(TXT) w3m dump (www.congress.gov)
| gigel82 wrote:
| Can't read legalese much, and -judging by how these things tend
| to go- I bet it's butchered beyond recognition before it gets to
| a vote (if at all). Instead, we should consider a constitutional
| amendment that enshrines digital privacy as a fundamental human
| right.
| legitster wrote:
| > digital privacy as a fundamental human right
|
| Why would digital privacy be a fundamental human right before
| normal privacy?
| cvoss wrote:
| > Instead
|
| No way. The threshold of consensus required to put a
| constitutional amendment through is far higher than that of
| passing a bill (maybe too high, but that's another
| conversation). The fact that such an ammendment would consist
| of terse, high-level, abstract statements rather than pages and
| pages concrete specifics would also make it harder to achieve
| consensus because too many people would be afraid of it getting
| read by SCOTUS in a way they didn't want.
|
| We need to work on federal laws here and not wait for a pie-in-
| the-sky constitutional ammendment. (State-by-state laws don't
| make a whole lot of sense on this topic. Glad CA has been test-
| driving some, but we need a unified approach.).
| encryptluks2 wrote:
| You do realize that you can waive your constitutional rights
| like a jury trial, and that these companies would just make
| that part of their standard terms of service... Right?
| lolinder wrote:
| Why would a constitutional amendment be less prone to getting
| butchered beyond all recognition? An amendment may not have its
| _text_ butchered, but there 's no guarantee at all that it will
| be interpreted the way you hope.
| seanw444 wrote:
| It probably will be interpreted in all the wrong ways you
| can't even anticipate. All you need for an example is 2A.
| micromacrofoot wrote:
| we don't even have food and shelter as a human right
| carom wrote:
| We do have food in a sense. I began cooking for the homeless
| and quickly learned they all had EBT cards and didn't want my
| bland cooking.
| micromacrofoot wrote:
| the comment I was responding to was specifically
| referencing rights as outlined by the constitution
| matai_kolila wrote:
| For any enterprising young legal authors, I'm sure a "rewritten
| for laypeople" paragraph-by-paragraph blog post would garner a
| large volume of views and impressions to your site...
| belkarx wrote:
| The effort put in is commendable but this doesn't yet reach the
| levels of GDPR and the US market is too large for it to be likely
| to pass. Maybe eventually ...
| lmkg wrote:
| For those following along at home:
|
| So far five states have passed local Data Privacy laws (CA, VA,
| UT, CT, MA). They are all different. This situation makes it much
| more likely that federal data privacy legislation will happen:
| while companies wish they could have 0 laws, they would still
| much rather prefer 1 law rather than 5 (trending towards 50)
| different laws that contradict each other.
|
| There's a whole buncha specifics about what data is covered and
| what companies are covered and bleh blah bluh. _That 's not the
| most important thing._ There are two things which are _more_
| important than that. These two issues also happen to be the
| topics most hotly debated between Dems & Repubs.
|
| 1. Private Right of Action, aka "Can I, a private citizen, sue
| someone?"
|
| Everyone violates GDPR a dozen ways to Sunday, and nothing
| happens. Why? Because no one can actually _enforce_ the law
| except for the local regulators who are underfunded. By contrast,
| the ADA lets anyone sue over violations, and as a result
| companies care a lot about handicap accessibility.
|
| To my understanding the current negotiations are trending towards
| a _limited_ Private Right of Action. Meaning it will exist for
| some violations but not others. This is how CCPA works in
| California right now: private citizens can sue over _data
| breaches_ , but any other violation can only be enforced by the
| Office of the Attorney General.
|
| 2. Pre-emption, aka "Does this repeal CCPA."
|
| Can states give additional protections to their residents, or is
| the Federal government removing the ability of states to define
| additional requirements for businesses. Again, the current state
| of negotiations seems to trend towards partial, but not total,
| pre-emption.
| encryptluks2 wrote:
| Partial preemption leads to supreme court decisions that lead
| to near total preemption.
| tomatotomato37 wrote:
| Only if it's not a highly contentious issue. Otherwise the
| bigger states just go "We control X amount of the American
| population/economy, and thus we are going to enforce our own
| law _anyway_ "
|
| Granted they would be in the wrong since this is clearly and
| unambiguously interstate commerce, but that hasn't stopped
| them before
| arrosenberg wrote:
| Its not unambiguous. Google is based in CA, I am based in
| CA. Packets may go across state lines, but the commercial
| transaction (a search query) has occurred between two CA
| entities and should fall under state law.
| encryptluks2 wrote:
| It doesn't work like that. Once Congress enacts something
| then it can be preempted by federal law. Just because the
| activity took place in a single state doesn't mean that
| the Federal courts don't have jurisdiction. Erisa is a
| good example.
| arrosenberg wrote:
| I wasn't arguing that, I was saying that it's not an
| unambiguous case of interstate commerce. Congress
| shouldn't be pre-empting the laws of California insofar
| as they apply to intrastate commerce. You can set a
| federal minimum and let each state enhance laws as they
| see fit.
| encryptluks2 wrote:
| Agreed, but as we've seen with many other federal laws
| once you have preemption then it is usually interpreted
| to the broadest extent and not the minimum.
| user3939382 wrote:
| > they would still much rather prefer 1 law rather than 5
| (trending towards 50) different laws that contradict each other
|
| A perfect example of how these megacorps destroy the fabric of
| our political process. The fact that dealing with state
| regulations is a burden isn't our (the people's) problem, we
| have a right to have our state's reflect our will. They want to
| scale up to this massive size raking in billions of dollars,
| that should come with the territory.
| tzs wrote:
| > Everyone violates GDPR a dozen ways to Sunday, and nothing
| happens. Why? Because no one can actually enforce the law
| except for the local regulators who are underfunded.
|
| Individuals can enforce GDPR in court:
|
| ---------------
|
| Art. 79 GDPR
|
| Right to an effective judicial remedy against a controller or
| processor
|
| 1. Without prejudice to any available administrative or non-
| judicial remedy, including the right to lodge a complaint with
| a supervisory authority pursuant to Article 77, each data
| subject shall have the right to an effective judicial remedy
| where he or she considers that his or her rights under this
| Regulation have been infringed as a result of the processing of
| his or her personal data in non-compliance with this
| Regulation.
|
| 2. Proceedings against a controller or a processor shall be
| brought before the courts of the Member State where the
| controller or processor has an establishment. Alternatively,
| such proceedings may be brought before the courts of the Member
| State where the data subject has his or her habitual residence,
| unless the controller or processor is a public authority of a
| Member State acting in the exercise of its public powers.
| rawgabbit wrote:
| Is there a right, as a private individual, to sue everyone who
| has sent spam/fraud texts to me?
| lmkg wrote:
| Spam email, yes, due to the CAN-SPAM Act explicitly
| authorizing it. I believe that at least one individual has
| literally made a living out of pursuing such lawsuits.
|
| Texts, nope.
| Kalanos wrote:
| anyone know the gist of what tech companies will have to do in
| order to be compliant?
| xbar wrote:
| Less than they do now. This washes away CCPA protections that
| are already nationalized-by-default.
| prego_xo wrote:
| > (B) any time beyond the initial 2 times described in
| subparagraph (A), may allow the individual to exercise such right
| for a reasonable fee for each request.
|
| Paying any sum of money to receive a copy of or request to delete
| my private data is unreasonable in nature.
| drstewart wrote:
| This is normal:
|
| https://www.techrepublic.com/article/how-to-request-your-per...
|
| >Although, the ICO also notes that a firm may charge a
| "reasonable fee" when "a request is manifestly unfounded or
| excessive, particularly if it is repetitive."
|
| Privacy request shouldn't enable mechanisms of denial of
| service type attacks against companies.
| prego_xo wrote:
| DoS is an understandable concern, but charging for a service
| is probably one of the least sensible ways to prevent it. To
| me, it just looks like the most profitable and impeding
| hurdle that companies can set up to prevent users who want to
| access their own data. I would be frustrated if any
| application made me pay even a small fine because they
| suspect a DoS attack. For example, entering my credit card
| info because I've searched a phrase too much just isn't
| efficient.
| colpabar wrote:
| > Privacy request shouldn't enable mechanisms of denial of
| service type attacks against companies.
|
| How would this even happen? I genuinely don't understand what
| you mean.
| emiliobumachar wrote:
| When GDPR was new, several people sent "nightmare letters",
| deliberately and publicly designed to cause as much cost
| and hassle as possible. To my knowledge, no one was
| punished or even inconvenienced for blatantly abusing the
| law in this way.
|
| https://duckduckgo.com/?q=gdpr+nightmare+letters
| Nextgrid wrote:
| The "nightmare GDPR letter" is trivial to deal with:
| https://jacquesmattheij.com/so-your-start-up-receive-the-
| nig...
| michaelmior wrote:
| Users don't like a company, they automatically spam the
| company with large numbers of requests for personal
| information which they would legally be required to
| provide.
| colpabar wrote:
| Does the same logic apply to FOIA requests?
| HideousKojima wrote:
| Most FOIA requests involve a small fee as well for the
| same reason.
|
| https://www.hhs.gov/foia/faqs/what-is-the-cost-for-
| getting-r...
| Floegipoky wrote:
| And those fees have been infamously exploited to
| functionally deny access to material or financially harm
| the requester. Perfectly illustrating why charging fees
| for these things is such a bad idea.
| olyjohn wrote:
| Guess they'd better figure out how to get people their
| data in a more rapid manner. I guess they could use a
| computer or something to automate it so that users can
| just click a button to download their data.
|
| I mean, what year is this? We've been hearing "automate
| it, automate it, etc" for years and years now. But to get
| your personal data, these companies just throw up their
| hands and say that it's too hard?
| bpodgursky wrote:
| When we implemented CCPA lookups, one of the many
| necessary lookups was through a decade of glacier'd
| request logs (necessary to hold onto for compliance).
|
| Even ignoring implementation cost, there was a
| significant computational cost that's pretty hard to
| avoid.
| colpabar wrote:
| I couldn't agree more. Even if it does require a person
| to do something that isn't automated, they should be
| required to have people on staff whose first priority is
| responding to these requests. It seems ridiculous to me
| that people are claiming this is just too hard for a
| company so they should get to profit off of it.
|
| It's _our_ data, dammit!
| drstewart wrote:
| >that people are claiming this is just too hard for a
| company so they should get to profit off of it.
|
| Completely disingenuous argument. Literally nobody
| claimed that.
|
| By the same token of strawmanning, you're claiming that
| businesses should do nothing than hire people to send
| your data back to you. Why even have businesses if that's
| the only thing you think they should do?
|
| If you're so invested in "your data, damnit", then don't
| give it to them in the first place.
| legitster wrote:
| For our company, all privacy requests are handled manually
| by a team I am on. We manually do name searches in about a
| dozen platforms to see if there are any matching records.
|
| 4/5 times there aren't any - people doing the requests
| often use services that submit blanket requests.
| pooper wrote:
| Strong disagree. There are already other options for
| malicious actors, most notably Americans with Disability act.
| thayne wrote:
| So you could have something like each person is allowed two
| free data requests per year, after that you can charge for
| it, or something like that.
| olyjohn wrote:
| Maybe they should automate the requests then. There's zero
| reason why they couldn't just write something where you log
| into your account and click "download my data."
|
| These companies are happy to harvest up all your data, run
| all this crazy automation, spend millions analyzing
| algorithms, setting up machine learning, NFTs, run
| datacenters, networks, etc etc, but they can't figure out how
| to automate GDPR requests? FUCKING BULLSHIT.
|
| There is literally zero reason why a data request should add
| any burden to a tech company.
| nightski wrote:
| I wonder if a company can be DoS'd via privacy request maybe
| they are collecting more data than they can effectively
| handle and that should be re-examined.
| ortusdux wrote:
| The problem is, "reasonable" is subjective. Things like this
| need to be tethered to something. "The fee may not exceed 50%
| of the hourly federal minimum wage."
| smileysteve wrote:
| Yes, what's reasonable to a company may not be reasonable
| to a consumer. Ie, as a company can create process that
| uses 10 man hours and my cheapest labor with overhead is
| $50/hr, but we can find countless CNBC articles that say
| the average consumer can't afford a $500 expense.
| bin_bash wrote:
| That's just not true. "Reasonable" is a binding term used
| in contracts all of the time. The court system is extremely
| experienced in determining what is and is not reasonable.
| giantg2 wrote:
| "The court system is extremely experienced in determining
| what is and is not reasonable."
|
| Almost always to the dismay of one party, and sometimes
| to the dismay of the general public.
| MerelyMortal wrote:
| Not always. According to lemon law lawyer Mr. Lehto (who
| runs a Youtube channel Lehto's Law), RVs are not covered
| under most state lemon laws, and thus defers to the
| federal Magnuson Moss Warranty Act which just says
| repairs must be under a reasonable time frame, and the RV
| companies say something like 10 repairs, 6 months each,
| is the industry standard and thus reasonable, and judges
| don't have anything else to base that on, so they agree.
| [deleted]
| [deleted]
| smileysteve wrote:
| From a foia perspective the courts and government
| agencies aren't great at "reasonable".
| ortusdux wrote:
| Leaving the fee uncapped creates an incentive for
| business to put zero effort into making the reporting
| process efficient. That way, they can demonstrate that
| compliance requires 5 skilled hours (for example) and
| "reasonably" charge $250 per report.
|
| Courts rule on the evidence provided. If a user
| challenges the fee, the company can easily document where
| every penny went, and therefore claim it is a reasonable
| charge. The user's only real recourse would be to prove
| that company is over-billing, but that would require
| evidence.
|
| Pegging the cost to a set number of labor hours by law
| signals to companies that part of the cost of collecting
| this data is they must develop their internal systems in
| a way that they can quickly and easily comply with
| requests.
| tbihl wrote:
| Much like passing a bill to find out what's in it, going
| to court to discover the rules is not a healthy way for
| society to run.
| bin_bash wrote:
| Going to court to discover the rules is precisely how
| common law systems work
| riversflow wrote:
| I don't want to have to go to court to not be extorted
| over my data.
| jdasdf wrote:
| It's certainly experienced in making stuff up.
| drstewart wrote:
| GDPR is filled with "reasonableness" expectations and
| unspecified guidelines that aren't tethered to anything.
| Why the concern over this one specifically?
| dsr_ wrote:
| This one, I dunno.
|
| But in general, EU/EC law is full of policy that gets
| interpreted as human judgement calls, and US law is full
| of details that are interpreted as badly-written code
| with a choice of parsers. The two styles are not
| compatible.
| scarface74 wrote:
| Yes because a 99 section 11 chapter law is really easy
| for small companies to follow...
| scsh wrote:
| EU laws can often be written in such a way and are a bit
| looser in their language in ways when compared to how it
| may be written in the US. EU courts are more experienced
| with dealing with interpretations of "reasonableness" for
| a given law when compared to the US, so it's not really a
| fair comparison.
| rt4mn wrote:
| I agree privacy request shouldn't enable mechanisms of denial
| of service type attacks against companies. But I don't think
| that justifies allowing companies to put in place fees to
| access personal data.
|
| If cloudflare required people to pay to bypass their denial
| of service protections... well, I guess I dont know what
| would happen, other then that I would hate them even more
| then I already do for all the terrible things they do for my
| experience as a default tor browser user.
| legitster wrote:
| I mean, at our company, GDPR requests _have_ to cost at least
| $50 a pop. It goes to a human team to review and process with a
| dedicated legal representative.
| olyjohn wrote:
| Not my problem. You're the one collecting the data. You pay
| for the costs. Can't afford to collect my data? Go out of
| business then.
| legitster wrote:
| We have to process the request regardless of whether we
| actually have your data or not.
| smileysteve wrote:
| seems like you should either make the lookup automatable
| or stop collecting. eu citizens wont have such a fee.
| micromacrofoot wrote:
| It's your problem until there's a law saying otherwise.
| gbear605 wrote:
| Sounds like an appropriate cost of doing business with data.
| If you don't want to pay for it, collect less data.
| prego_xo wrote:
| Very fair point, and I understand the necessity of data
| collection in some cases. I do feel like that's a cost that's
| incurred voluntarily, though, and shouldn't fall on the
| shoulders of users/customers. Some people might not want data
| to be collected to begin with, so the cost ends up being your
| company's fault and not theirs.
| legitster wrote:
| But we have to process every request _even if we do not
| find any of their data_.
|
| A majority of requests are actually this way - people use
| online services that submit blanket removal requests.
| prego_xo wrote:
| Yeah, that's definitely the case and I see where the
| hassle is, but to restate my point, those costs are
| simply a part of overhead and not the business of users.
| Unless the users are given an opt-out first and foremost,
| they're owed ownership over their personal data.
| legitster wrote:
| Again, the language of the proposed bill is requiring 2
| free requests per person.
|
| $100 for an occasional person? No biggie.
|
| _Potentially infinite_? That 's a bit more than normal
| overhead.
|
| While we haven't seen this sort of DDoS attack through
| our GDPR process _yet_ , the potential is already there
| if bad actors or competitors wanted to exploit it.
| robust-cactus wrote:
| Not sure what y'all are complaining about. The amount of privacy
| work that happens with governments at big tech companies is
| substantial. The language in this doc seems like a better, less
| oppressive version of GDPR.
| oaiey wrote:
| I find the gdpr is much easier to read than this.
| jdp23 wrote:
| It's not clear that ADPPA will move forward. The current version
| preempts California's CCPA/CPRA legislation, and (big surprise)
| California doesn't like that. But, that's far from the only issue
| with it. Here's an update from a couple of weeks ago which
| discusses some of the problems, as well as potential next steps.
| https://thenexusofprivacy.net/adppa-new-compromise/
|
| And, here's EFF's position: " Americans Deserve More Than The
| Current American Data Privacy Protection Act"
| https://www.eff.org/deeplinks/2022/07/americans-deserve-more...
| takeda wrote:
| That's weird that it was implement to preempt. Normally bills
| add on top of each other so why it is different here?
|
| As a Californian I would prefer that bills add additional
| protections especially when it comes to privacy.
| nugget wrote:
| Preemption would be an enormous mistake. Federal legislation
| moves at a glacial pace. In a field like privacy, you may only
| get to pass one substantial bill every 10 or 15 years.
| Technology moves too quickly for lawmakers at the Federal level
| to keep up. States can move much faster. Justice Brandeis
| popularized the phrase that "[the] states are the laboratories
| of democracy" and digital privacy law is a text book case of an
| emerging field that will benefit enormously from iterative
| experimentation at the state level.
| JumpCrisscross wrote:
| > _Preemption would be an enormous mistake_
|
| It creates a national standard. If we're still debating the
| solution, sure, devolve to states. But if we're near
| consensus, preemption provides scale. This is American
| strength in a nutshell.
| autoexec wrote:
| Yeah, nobody wants to have to constantly worry about
| compliance with 50+ different required standards which may
| or may not conflict with one another. Having one clear
| standard for services to follow is absolutely preferred so
| long as it actually does the job of protecting people's
| data privacy.
| yonaguska wrote:
| Yep, I personally only want federal pre-emption for
| restrictions on government. Shall not infringe type stuff.
| phpisthebest wrote:
| >>Preemption would be an enormous mistake
|
| Preemption is always a mistake, i am not sure why everyone
| wants federal laws for everything, without even touching the
| fact that Data privacy is in no way even close to any of the
| enumerated power of the US Federal Government
|
| Federal Laws almost always favor large companies, the exact
| companies these laws are needed to protect the consumer from
|
| Facebook, Microsoft, etc would love nothing more than to have
| the federal government take over because has "stake holders"
| they will be called on to write their own legislation, and
| will start the revolving door of hiring current, former and
| future regulators to work in the very corporations they are
| supposed to regulate.
|
| Federal laws never work for the average citizen
| hprotagonist wrote:
| > Preemption is always a mistake, i am not sure why
| everyone wants federal laws for everything
|
| So that my marriage is recognized across state lines, for a
| start.
| pokey00 wrote:
| eh poor example imo; that's guaranteed by the
| Constitution, not legislation.
| hprotagonist wrote:
| oh? where, exactly? Is that why we needed Obergefell, and
| Loving, and ... ?
| klabb3 wrote:
| Why would you the government to be involved in your
| marriage?
| agar wrote:
| Isn't a better question: why would you want /any/
| government involved in your marriage?
|
| This argues for federal legislation that defines marriage
| simply as a compact between two consenting adults with
| some basic legal record keeping.
|
| The /impact/ of that marriage can be both federal and
| state (e.g., federal vs. state tax laws).
|
| Individual state laws defining marriage could mean your
| next of kin could change if you die in the wrong state.
| That way lies dragons.
| hprotagonist wrote:
| Because that's what marriage _is_?
| d4mi3n wrote:
| I think the point GP is trying to make is that sometimes
| _state_ governments try to get involved in marriage and
| having a federal policy that preempts that can prevent
| further meddling.
|
| This cuts both ways--with preemption, you can provide
| baseline rights or guarantees to citizens. The trade-off
| is that you have federal legislation in the mix and you
| then need to deal with laws that are slower/harder to
| change; a big issue if the law was badly written or needs
| to be changed in a timely manner.
| nightpool wrote:
| > without even touching the fact that Data privacy is in no
| way even close to any of the enumerated power of the US
| Federal Government
|
| In what way is data privacy regulation for corporations
| _not_ a regulation on interstate commerce? That 's like,
| the whole deal. That's the entire internet. If anything,
| Internet regulations applying at the state level is even
| more insane, because of the inherently cross-state nature
| of globally networked communication.
| autoexec wrote:
| > i am not sure why everyone wants federal laws for
| everything
|
| I'm not sure why anyone wants to be held to 50+ different
| and conflicting privacy and data protection requirements
| just to have a website or provide a service online because
| that's what we'd be getting if we left online privacy
| regulation up the states.
| mc32 wrote:
| In this case I think preemption gives you widespread
| uniformity so it makes adherence easier to achieve and more
| predictability. Is those island gonna come up with weird
| stipulations, maybe Montana... uniformity in this case may be
| better.
| rt4mn wrote:
| This is exactly why Microsoft has been throwing money at
| lobbyists at the state level as well, pushing shitty
| "consumer privacy bills", both because they don't like strong
| legal privacy rights at the state level, but also in the
| hopes of forestalling and kneecapping a strong federal
| baseline privacy bill.
|
| https://www.eff.org/deeplinks/2020/03/tech-lobbyists-are-
| pus...
| jdp23 wrote:
| Yep. We've fought them off here in Washington ... but they
| and Amazon just took it to other, more pliable states. Todd
| Feathers and Albert Ng had a very good article on this in
| The Markup a few months ago
| https://themarkup.org/privacy/2022/05/26/tech-industry-
| group...
| encryptluks2 wrote:
| Did we though? What bills does Washington have that could
| compare to the CCPA?
| jdp23 wrote:
| None yet. Big tech companies have pushed various versions
| of the Bad Washington Privacy Act, which is weaker than
| CCPA. In 2021 and 2022, civil liberties, civil rights,
| and immigrant rights groups have supported the People's
| Privacy Act, which is a lot stronger than CCPA or ADPPA,
| but tech lobbying kept it from even getting a hearing.
| We'll see what happens in 2023 ... the Bad Washington
| Privacy Act's sponsor is retiring from the Senate (and is
| generally expected to become a full-time lobbyist), so
| the landscape should be different.
| jfengel wrote:
| States move faster... so fast that a technology company would
| be constantly chasing 50 different state laws.
|
| The Internet is a global entity, and it doesn't strike me as
| being well served by the "laboratory of the states".
|
| Federal legislation is slow, but executive agencies can move
| faster if they are empowered by legislation to make rules.
| Congress sets broad principles, and it's not unreasonable
| that those principles should stay the same for a decade at a
| time, even in a fast-moving domain like privacy. And while
| regulatory agencies can be their own pieces of work, it is
| much easier to deal with one national agency's rules than 50
| different ones.
| abigail95 wrote:
| If fewer jurisdictions = better, then just adopt the GDPR
| as-is.
|
| That seems obviously bad to me, having more jurisdictions
| to work out what the best laws are seems like a better
| idea.
| takeda wrote:
| > States move faster... so fast that a technology company
| would be constantly chasing 50 different state laws.
|
| As a person who's data is being sold I would one up it and
| wish that each county would produce their own regulations.
| That business is a cancer.
| seanw444 wrote:
| After seeing how the ATF operates entirely autonomously to
| nearly eliminate the right to bear arms through
| increasingly more unnecessarily complex and ridiculous
| "rules" that make you felon for things that were previously
| (and should still be) totally legal, I have zero interest
| in giving executive agencies autonomy to make laws.
|
| And it doesn't matter that the rules can be ruled as
| ineffective by a high court, because it takes ages to get
| through the whole court process. So in the time that the
| court took ruling something totally unconstitutional,
| people's rights are squandered (especially without any
| democratic consensus to enact it), and the people that
| enacted and enforced the later-deemed-unconstitutional
| rulings face zero repercussions. And guess what? They then
| move on to the next unconstitutional ruling that squanders
| as many rights as possible for as long as possible.
| klabb3 wrote:
| > unnecessarily complex and ridiculous "rules" that make
| you felon for things that were previously (and should
| still be) totally legal
|
| Not going into the US-centric gun debate and assuming
| that guns are simply tools, isn't it reasonable that gun
| owners need to monitor the regulations? If you operate
| heavy machinery or run a chemical lab, I'd expect you to
| keep a close eye on upcoming legislation and rules. I'd
| not be surprised if a food truck operator would need to
| keep track of more rules than gun owners.
| tekknik wrote:
| Both of these examples are enterprises, not something a
| private citizen does. I would also hesitate to say that
| you can become a felon overnight with either of these
| scenarios (remember all of the rights lost, including gun
| ownership, by being labeled a felon). And a majority of
| businesses shield themselves such that if they do violate
| the law it's the business itself penalized, not the
| workers. In the case of gun ownership it's the individual
| being penalized.
|
| To make your example equivalent, imagine if the food
| truck or some piece of equipment in that truck was
| suddenly made illegal. And if you're in possession of it
| you are now a felon. Yesterday (literally) it was legal
| and you were not given advanced notice anymore than
| waking up this morning and receiving notice.
|
| If heavy machinery and food industries operated this way
| there would be much less competition and likely no food
| trucks at all
| encryptluks2 wrote:
| Lol.. gotta love when they propose acts before even understanding
| technology. Things like this need to be collectively written by
| some of the best privacy advocates. Not a bunch of interns that
| have no clue how technology works.
| lolinder wrote:
| If there's a piece of the bill that illustrates your objection,
| please do share. As is this feels like a canned response based
| on a stereotype, not a substantial objection.
| donatj wrote:
| Now if we could just get a bill that actually limited the
| _governments_ ability to collect data on its citizens. I 'm not
| really worried about targeted ads, I'm worried about targeted
| assassinations.
|
| You talk to people and ask them why they are worried about
| companies collecting data, and a certain percentage will tell you
| they don't like that the government could get it with a court
| order. That'd be a HUGE improvement over the current situation
| where they don't have to, they just collect it directly.
| candiddevmike wrote:
| This poses an interesting question: if the government mandates
| a company to collect data, are they exempt from this? What's
| stopping them from using that data for commerical purposes?
| lmkg wrote:
| Section 101 part b "Permissible Purposes," defines when data
| is allowed to be collected. The sixth such purpose: "To
| comply with a legal obligation imposed by Federal, Tribal,
| Local, or State law..."
|
| A close reading of the wording implies this only covers
| requests _backed by a law_ , i.e. it does _not_ cover
| "polite requests" from a government agency. However that is a
| theoretic protection, practice could be different.
| hot_gril wrote:
| > I'm not really worried about targeted ads, I'm worried about
| targeted assassinations.
|
| Who's after you? I'm not making the lame "only wrongdoers have
| something to fear" argument, just wondering what circumstances
| you're dealing with.
| pessimizer wrote:
| They only need a court order (which can be from a secret court
| providing secret guidance, and can be a infinite standing order
| that covers vast amounts of arbitrary collection AUMF-style) to
| _force_ companies to turn things over. Companies can just hand
| your data over because they don 't want to be retaliated
| against (or in return for favors), and nobody needs a warrant,
| nobody ever has to tell anyone. Depending on agency internal
| rules, they may not even have to keep a record themselves of
| having done it (if they break their rules, they'll be
| responsible for punishing themselves though, I'm sure they'll
| be harsh.)
|
| That's your targeted ads (and your cellphone tracking, and your
| transaction records.)
| carom wrote:
| Hell, I'd be happy if the DMV, post office, and voter records
| stopped publishing my address.
| uni_rule wrote:
| That is incredibly shortsighted considering one of the prime
| ways the US Government skirts protections against domestic data
| collection is by simply buying it from private entities.
| legitster wrote:
| There's a large difference though between what governments
| could presumably buy from ad trackers or data warehouses and
| what they can get by intercepting unencrypted web traffic at
| the ISP level.
| makeitdouble wrote:
| Wouldn't it be the same if the ISP sold the gov. the
| extracted info they want ?
|
| In this setting the gov can hint at what data it wants, and
| private parties will manage to get it for resale.
| legitster wrote:
| I think to OP's point, if we are worried about government
| wrongdoing we should pass laws against government
| wrongdoing. It really doesn't matter what the private
| industry does or doesn't do if the government still has
| the right to take it.
|
| I am not afraid of my data being used against me to sell
| products. I am afraid of the government abusing their
| monopoly on violence. The first seems like misdirection.
| always2slow wrote:
| Technically we already have protection under the 4th
| amendment, to me this falls squarely under "papers, and
| effects" and is an unreasonable search. It seems that the
| court doesn't agree though considering the current state
| of things.
| notinfuriated wrote:
| Pretty sure everyone who wants gov data collection of private
| individuals would want this to be illegal as well.
|
| I'm disappointed to find most of the complaining on this
| thread about businesses collecting personal data, rather than
| the government. Even more so that the first comment's top
| response regarding this is shooting it down because of an
| imagined loophole.
|
| It disgusted me about CCPA that a private company can have a
| breach and be fined millions, but the CA govt is immune. Same
| thing here, and it should disgust everyone who supposedly
| cares about privacy.
| Ragnarork wrote:
| You need both.
|
| Companies collecting data on you directly or indirectly is a
| problem, even if they don't do anything malevolent with it (and
| some already do). The issue is that eventually they'll be
| breached, and then that data can end up in the hands of
| malicious actors that might use it in a way that could harm you
| (e.g. identity theft, compromising other accounts thanks to
| peronal info, etc.).
| micromacrofoot wrote:
| A lot of the time they just buy it from data brokers.
| kmeisthax wrote:
| Fun fact: the lack of this is actually THE reason why Google
| Fonts is banned in the EU right now
| always2slow wrote:
| Why would they need a court order when they are already just
| buying the data with zero oversight? The panopticon works like
| this: fund startups that will create a data treasure trove ->
| legally buy / access the dataset and add it to xkeyscore.
| justinzollars wrote:
| Worst administration in History.
| rt4mn wrote:
| The Biden Administration? This is a bill introduced in an
| entirly different branch of government. AFAIK Bidens got squat
| to do with this
| dcow wrote:
| One of the logistical issues with a law like this, and with the
| CCPA, is verification of the user requesting things such as
| account deletion. How are people supposed to do that without
| providing KYC-level details to every service provider?
| billiam wrote:
| The ADPPA seems like a great example of regulatory capture and
| gridlock of the federal government by rich corporations and
| individuals and how federalism (state's rights) is a crucial and
| increasingly fragile element in holding our economy and our
| society together. Privacy is a particularly fraught area. SCOTUS
| says it's not a constitutional right at all (unless it's your
| money, in which case it's speech), which means states will have
| to define not data privacy and the limits of the surveillance
| economy but abortion and marriage and contraception too.
| jjtheblunt wrote:
| ( typo : i think you meant "not only data privacy..." )
| borbulon wrote:
| If we can let lobbyists write bills, we should be able to let
| privacy advocates write bills. We can do better than this.
| ericb wrote:
| Maybe something in the middle is nicest? I'm not looking
| forward to every single website having _two_ cookie warnings I
| need to close!
| weberer wrote:
| Privacy advocates such as the ACLU and EFF do have lobbyists as
| well.
| guerrilla wrote:
| but not tens of billions of dollars between them.
| jedberg wrote:
| You can help them if you want! :)
|
| https://supporters.eff.org/donate/
| rt4mn wrote:
| The ACLU also does a lot of great privacy work, so
| donating to them is also a good idea if you care about
| this stuff. National ACLU does a lot of great work, but I
| personally suggest giving to your local affiliate
| https://www.aclu.org/about/affiliates, as they are often
| the ones who work on local issues that are likely to
| directly impact you. We do privacy lobbying at the
| municipal and state level and our local ACLU affiliate
| has been a huge, huge ally.
|
| There are also other great privacy orgs that are not
| quite as big but are also fantastic in their own ways,
| like Restore the Fourth (which also has local chapters
| like shameless plug) rt4mn) Fight for the Future, Demand
| Progress, Cato, and Privacy International
|
| Also, If you want to do more then just donate, you can
| help the EFF with its lobbying efforts by joining the
| Electronic Frontier Alliance https://www.eff.org/fight We
| participate, its pretty great.
| SV_BubbleTime wrote:
| You have not been paying attention to the ACLU.
| [deleted]
| rt4mn wrote:
| Always good to see links to direct text of bills.
|
| Reading the tea leaves a bit, Speaker Pelosi seems dead set
| against it and I dont think will allow it to be moved as is. she
| has publicly stated that "states must be allowed to address rapid
| changes in technology", IE, the bill preempts to many state
| privacy regulations, esp in California. But as a rule my default
| assumption for the "real reason" why Pelosi is against something
| is because she thinks it will harm chance of caucus holding
| majority in house.
|
| https://pelosi.house.gov/news/press-releases/pelosi-statemen...
|
| Skeptical as I am of her motives / methods, I'm inclined to agree
| with her in this case. Act should be a floor not a ceiling.
| tempie_deleteme wrote:
| because of the "war on drugs" was supposed to be about the health
| of americans, which turned out to be a lie...
|
| I think this is not about protecting the rights to data and
| privacy of american indivudal citizens...the other kind of
| american citizen, the american corporation, on the other hand,
| stands to gain a lot from this.
|
| > _To provide consumers with foundational data privacy rights,
| create strong oversight mechanisms, and establish meaningful
| enforcement._
|
| ah, so corporations can well-foundedly and meaningfully consume
| the data of 'consumers' (an euphenism for fuel) in a way such
| that the historic shadow suckers of everything's energy (banks)
| can continue to partake on the sucking down of everybody's
| data/information (with real time measurements, which is a novelty
| in this ancient system build around trade, commerce, insurance,
| and power-authority concentration).
| greyface- wrote:
| SEC. 203. INDIVIDUAL DATA OWNERSHIP AND CONTROL. (e)
| Verification And Exceptions.-- (1) REQUIRED
| EXCEPTIONS.--A covered entity shall not permit an individual to
| exercise a right described in subsection (a), in whole or in
| part, if the covered entity-- (C) determines that the
| exercise of the right would require access to or correction of
| another individual's sensitive covered data; or
|
| Simple: store all your user data in an intermingled fashion, such
| that a read or update of any individual record necessarily
| involves a read or update of one or more unrelated records. Now
| you don't need to act on data access requests.
| etchalon wrote:
| Doubtful any court would accept that practice.
| reeboo wrote:
| I chuckled at the thought of U.S. judges being forced to have
| opinions on software design principles.
| unknownaccount wrote:
| Why on earth would we want MORE restrictions and government
| interference / intrusion in our affairs? Especially in this era
| of worldwide creeping authoritarianism?
|
| The only way implement these sorts of mandates is stomping all
| over a developer's right to freedom of expression. I'm a firm
| believer that code is speech and that limiting what a developer
| can do is infringing on his own right to free speech.
| chronotis wrote:
| Ten years or so ago, I was participating in a small business
| roundtable discussion with one of our state senators. At the
| time, I ran a consumer research agency and would often have
| multinational projects involving consumer data collection in both
| the US and EU; this is before GDPR had become ratified, but Safe
| Harbor was failing and there was ambiguity about what the future
| state would look like.
|
| Of the 15 or 20 business owners in the room, I was the only "pro
| privacy" voice. People were very focused on what would be the
| perceived additional cost of complying with any GDPR-style rules
| in the US, and weren't yet thinking about the negative effects of
| having different privacy rules in different markets. "Different
| markets have different rules all the time," in short.
|
| I maintain that it would be less complicated, less expensive, and
| more human-friendly to use data privacy rules as globally
| universal as can be achieved. There will always be capitalism
| leeches that drain money through arbitrage between the policy
| gaps, yes, but it would help.
|
| (Also: there is zero chance this gets through the current US
| Senate. Would never clear filibuster.)
| pessimizer wrote:
| > Would never clear filibuster.
|
| A filibuster by who? Neither party would support any privacy
| rules that placed any undue importance on privacy.
| chronotis wrote:
| I'm mostly just projecting based on the current 48+2+50 state
| of the Senate where virtually everything gets held up. If the
| Democrats brought it forward, I would expect the Republicans
| to filibuster just on principle.
| rt4mn wrote:
| I would be interested to hear why you think it has no chance in
| Senate.
| legitster wrote:
| > I maintain that it would be less complicated, less expensive,
| and more human-friendly to use data privacy rules as globally
| universal as can be achieved.
|
| I think this is a bit naive. As someone who has had to dwell a
| lot on the specific nuances of German privacy laws vs GDPR or
| South Korea's, I have come to the conclusion that conflicting
| privacy laws are a designed feature.
|
| I think lawmakers certainly have consumer protection as _one_
| of their goals, most privacy legislation has many features
| intended to benefit domestic industries at the expense of
| foreign ones. Or to benefit national security in some way (such
| as requirements for certain types of data to be stored on
| servers inside the country).
|
| Even if the US was to homogenize with GDPR in some way, I
| wouldn't doubt that the EU would fast follow with a _slightly_
| different spin on it just to give US tech companies an extra
| set of hoops to jump through.
|
| In a way, this is already how safety regulations work in the
| automobile industry.
| chronotis wrote:
| I agree that we're not going to see a US privacy framework
| that's identical to GDPR and where all players have the same
| obligations and enforcement mechanisms. What is extremely
| problematic, IMHO, is the US having _no_ privacy framework to
| speak of while the rest of the world does. Beyond HIPPA and
| COPPA (and CCPA if you happen to live in Cali), there's
| really not much recourse for US citizens besides their
| collection of company-paid credit monitoring after each
| security breach.
|
| If one outcome of GDPR is that 10-15 years later, the US
| adopts some sort of national privacy framework that motivates
| industry to reevaluate their data monetization business
| models, that's a good outcome.
| weberer wrote:
| You can also see which companies sent lobbyists to work on this
| bill.
|
| https://www.opensecrets.org/federal-lobbying/bills/summary?c...
| laweijfmvo wrote:
| The first thing to know about US Laws/Bills is that whatever
| they name it, it typically achieves the opposite
| rolph wrote:
| this is because the title of a bill has very little to do
| with the function of the bill turned law.
|
| obfusication of a bills content and intention by using a
| dissociative title must stop
| paparush wrote:
| Sadly true.
| mdip wrote:
| Completely, _especially_ if it has the words "Digital",
| "Online" or "Data". I haven't read the bill or read about the
| bill but I'd wager a coffee there's also some form of
| entertainment/copyright industry hostility in there.
|
| I'm _really_ trying not to be cynical here, but I started so
| I might as well finish. Step #2 is if it _does_ happen to
| pass, the parts of the bill that _are_ actually consumer
| protections will be unenforceable, be ruled unconstitutional
| or have unintended negative consequences. The bad parts of
| the law will have no issues in the courts or with
| enforcement. They, too, will have unintended added negative
| consequences.
| roamerz wrote:
| You forgot the words "Inflation", "Equality",
| "Infrastructure", "Dream", "People", "Save", "Health",
| Budget" or "Climate".
| Consultant32452 wrote:
| Patriot
| classified wrote:
| I assume "Data Privacy" means privacy for the company that
| collected the data and "Protection" means protection from the
| people they collected it from.
| water-your-self wrote:
| The U.S. government makes often use of the data that many
| companies keep about us. Android geofencing is my clasic
| example for non tech.
| hot_gril wrote:
| Or something unrelated. The "infrastructure" bill got renamed
| to "inflation-reduction" bill despite its contents not
| changing much. If the pandemic were still a massive concern,
| I'll bet it'd be called the "covid19 relief" bill... oh
| right, there was one of those, and it included foreign
| military aid.
| guerrilla wrote:
| That is a lot worse than I imagined. So basically this would be
| terrible or meaningless for workers/consumers?
| noasaservice wrote:
| So basically, this is a mostly toothless law, that requires
| small companies to follow to the extreme detriment of the
| large companies... which already likely do the bare minimum.
|
| I'm not sure of the term. It's like a regulatory legal
| barrier that keeps new companies from entering the market.
| root_axis wrote:
| > _So basically, this is a mostly toothless law, that
| requires small companies to follow to the extreme detriment
| of the large companies_
|
| The bill outlines exemptions for business making less than
| 40 million annually. I haven't read the whole thing so it's
| possible I missed something, could you point out which
| sections you're referring to to draw that conclusion?
| onlyrealcuzzo wrote:
| Small companies are exempt from CCPA?
| rabuse wrote:
| Yep, always used to stifle competition. Regulate the hell
| out of it, so new companies can't even begin without
| millions up front.
| jedberg wrote:
| Regulatory capture.
| tomatotomato37 wrote:
| It's almost like blindly calling for regulation without
| accounting for the political/monetary influence of those
| being regulated is a bad idea or something
| ahtihn wrote:
| > blindly calling for regulation [...] is a bad idea
|
| What do you expect people to do instead?
| water-your-self wrote:
| Call for individual protections, possibly with a solvent
| soaked rag in a bottle, typically.
| tomatotomato37 wrote:
| It's like a genie wish. You have to be _very_ specific in
| what you are asking for.
| zeruch wrote:
| The term is probably "regulatory capture"
| guerrilla wrote:
| > It's like a regulatory legal barrier that keeps new
| companies from entering the market.
|
| barriers to entry [1]
|
| 1. https://en.wikipedia.org/wiki/Barriers_to_entry
| yumraj wrote:
| Great, we have the usual anti-privacy companies there as well
| as ByteDance .. what can go wrong.
| chitowneats wrote:
| It's insane enough letting Big Corps lobby your legislature
| and even write language that eventually gets enshrined as
| law.
|
| It's even more insane we allow the state-affiliated entities
| of our adversaries to do this.
| randomdata wrote:
| _> It 's insane enough letting Big Corps lobby your
| legislature_
|
| Well, it would be rather pointless to elect to hire a
| representative to represent you and then not take time to
| make your position known with them. They certainly are not
| mind readers.
|
| And you can't realistically remove big businesses from
| citizenry as those who are stakeholders in big business are
| going to bias their position to what benefits their
| business. Business _is_ people, after all. ByteDance
| certainly has stakeholders who are American citizens.
|
| So we make a best effort to register those biases for the
| sake of transparency. The only real alternative, short of
| abandoning democracy entirely, is to leave it a mystery who
| talked to their representatives.
| vinay_ys wrote:
| Isn't it the job of the representatives in a
| representational democracy to have working mechanisms to
| understand what their constituents' demands are?
| Shouldn't such mechanisms be equally accessible to all
| constituents irrespective of their ability to spend $$?
|
| Also, don't the representatives have pre-election issues
| based manifesto when they are seeking votes to get
| elected? Shouldn't they stay true to the promises they
| made?
| randomdata wrote:
| _> Isn 't it the job of the representatives in a
| representational democracy to have working mechanisms to
| understand what their constituents' demands are?_
|
| The advantage big business has is scale. Big business, by
| definition, has many more stakeholders. This means that
| big business will be disproportionately represented by
| the constituents. If those biases weren't made clear, and
| each constituent's position was taken at face value, then
| the unified front would appear stronger than it would
| actually be if each actor were acting without those
| biases.
|
| _> Shouldn 't they stay true to the promises they made?_
|
| I'm not sure why you'd want them to. The state of the
| world is constantly changing and new information
| continues to flow in. You will be constantly reevaluating
| your position in the face of new information. A
| representative will respond to that.
|
| Representatives know that some segment of the population
| honestly believe that they are mind readers and will
| offer up some examples of how they might try to read the
| minds of those who buy into that witchcraft to attract
| their vote, but marketing and reality are quite
| different.
| takeda wrote:
| I have a representative who I agree pretty much on all
| issues. The problem though is that he is one of 435
| people in the House. He can just vote for, against, or
| propose changes. But then will have to fight against
| those who will easily accept money to ruin it.
|
| I'm glad that Pelosi is using her position to impose some
| changes on the bill so maybe something good will come out
| of it, but I really can't stand that in US bribery is
| essentially legal.
| elashri wrote:
| What is more insane is that this is not considered
| corruption. Usually if this happens outside US, the US
| government itself will call that corruption.
| 2OEH8eoCRo0 wrote:
| Freedom of speech. All they do is pay people to speak for
| them. They have money to do that. Gifts and other
| tomfoolery is obviously no good but I'm not sure how you
| could gate this without running afoul of the first
| amendment.
| carom wrote:
| It's pretty simple, you pass an amendment that says
| corporations are not people for the purpose of political
| spending.
| water-your-self wrote:
| Alphabet and amazon are on the last page, alphabet having spent
| ~3mil and amazon ~5mil
| hot_gril wrote:
| I think the theme is just that they're big companies.
| nixass wrote:
| *briberies
| jdp23 wrote:
| There's been some good reporting on the lobbying on ADPPA
|
| What Microsoft, IBM and others won as the privacy bill evolved
| - https://www.protocol.com/newsletters/policy/cloud-
| enterprise...
|
| Privacy bill triggers lobbying surge by data brokers - Privacy
| bill triggers lobbying surge by data brokers
| rt4mn wrote:
| Microsoft has been a particularly bad actor in this space.
| They have been hiring lobbyists to advocate at the state
| level for shitty "consumer privacy bills", specifically
| because they want to forestall and kneecap federal
| legislation.
|
| https://www.eff.org/deeplinks/2020/03/tech-lobbyists-are-
| pus...
| vinay_ys wrote:
| What's Microsoft's interest in this? They don't have a big
| search or ads business. What are they doing with Consumer
| data?
| rt4mn wrote:
| Their interest is in their bottom line and avoiding
| regulation. Pretty much any company that has a lot of
| users creating accounts will be impacted by even the most
| milquetoast privacy regulation to some degree or another,
| and I guess microsoft sees the cost of hiring a bunch of
| lobyists as cheaper then having to deal with the
| regulation that might come about if they dont.
| donjorgenson wrote:
| Giggety
| xbar wrote:
| 2nd rate claptrap of a bill. Just make the CCPA national.
| criddell wrote:
| I kind of wish they would just copy the EU rules. Once set of
| rules for the US and all of Europe would be pretty nice.
| jesuspiece wrote:
| MerelyMortal wrote:
| Maybe politics would be better if people didn't jump to
| stereotypes (which don't always hold true, as evidenced by your
| comment and the replies pointing out your error), and instead
| of blaming/attacking each other, we could focus more efforts on
| making things better.
| rabuse wrote:
| "It's a big club, and you ain't in it" - George Carlin
| lolinder wrote:
| 2 out of 3 sponsors are Republican, and not the kind that
| typically cross the aisle.
| weberer wrote:
| >Cosponsors:
|
| >Rep. McMorris Rodgers, Cathy [R-WA-5]
|
| >Rep. Schakowsky, Janice D. [D-IL-9]
|
| >Rep. Bilirakis, Gus M. [R-FL-12]
| say_it_as_it_is wrote:
| This is the proverbial shaking of the tree, whereby elected
| officials will ask (threaten) tech lobbyists for campaign
| contributions in exchange for their vote against the act
| pessimizer wrote:
| It's also potentially a huge score for some Democratic
| politicians, because for every Republican that supports the
| bill, they're going to need a Democrat to defect.
| ck2 wrote:
| Just a reminder any email you have online that is over six months
| old can be read without a warrant.
| pacija wrote:
| Hm, I have 10 years worth of emails in my dovecot, on my metal,
| in my basement, online. Can you please describe how can it be
| read without a warrant by people who don't have my imap
| password or wheel ssh key to my server?
| unionpivo wrote:
| Unless you are just emailing yourself on your server, chances
| are that 80% of your email is searchable between Google,
| Microsoft or Amazon.
|
| I just checked on my mail (look at headers, for smtp hosts
| not just senders and receivers).
|
| For me its 76% for the past 7 years, that either originated
| or ended in one of the big three silos.
| pessimizer wrote:
| Can you describe how it could be read _with_ a warrant, or
| how it 's relevant at all to people who have email accounts
| with online services?
| criddell wrote:
| Do you ever send email to other servers? If so, there are
| copies out there.
| ck2 wrote:
| Well that's the "proper" version of the clinton email server
| in the basement.
|
| But I meant the major services all must give access to
| virtually any federal government entity on request,
| warrantless. I think they even have portals, imagine how that
| is abused by anyone and everyone.
|
| Not sure how it would be enforced but I would guess if the
| feds wanted access to your server, even without a warrant,
| you'd be forced to give it to them.
|
| https://www.wired.com/2010/04/emailprivacy/
|
| https://en.wikipedia.org/wiki/Electronic_Communications_Priv.
| ..
| asow92 wrote:
| Could they have picked a better sounding acronym? Maybe APPA
| (American Privacy and Protection Act)?
| jawadch93 wrote:
| cyral wrote:
| I see they are also annoyed at cookie banners:
|
| > SEC. 210. UNIFIED OPT-OUT MECHANISMS. For the rights
| established under sections 204(b) and (c), and section
| 206(c)(3)(D) not later than 18 months after the date of enactment
| of this Act, the Commission shall establish one or more
| acceptable privacy protective, centralized mechanisms, including
| global privacy signals such as browser or device privacy
| settings, for individuals to exercise all such rights through a
| single interface for a covered entity to utilize to allow an
| individual to make such opt out designations with respect to
| covered data related to such individual.
| shishy wrote:
| Was scanning for this thanks for pointing it out. Some of these
| banners are infuriating, and if I use firefox containers
| sometimes I see them over and over, especially if I'm clearing
| my cookies. It is insane to me that this isn't already a
| standard.
| shadowgovt wrote:
| Standardization was attempted.
| https://en.wikipedia.org/wiki/Do_Not_Track
|
| the tl;dr for that story is that it wasn't mandated to be
| honored, the industry didn't voluntarily adopt it widely, and
| when IE 10 tried to turn it on by default and the standard's
| lead supporter responded by submitting a patch to Apache web
| server to ignore the DNT signal coming from IE 10 because
| "does not protect anyone's privacy unless the recipients
| believe it was set by a real human being, with a real
| preference for privacy over personalization," that situation
| pretty much killed it in the crib.
|
| The problem is technologically simple to solve; all the
| challenges are social and legal.
| m463 wrote:
| I believe DNT was used for better browser fingerprinting.
| cphoover wrote:
| I wonder if a browser plugin that utilizes AI would work as
| a sidestep to a standardized cookie dialog. Granted someone
| would have to build such a tool and standardization seems
| inevitable at some point. Shouldn't be too difficult to
| build something like that.
| weberer wrote:
| There's a browser plugin called uMatrix that lets you
| block cookies and javascript on a per-site basis. I just
| have it blocking all cookies by default unless its a site
| I need to log in to.
| Dalewyn wrote:
| It's kind of hilarious that of all the datapoints websites
| will gorge upon, DNT is the one thing they all toss out.
| tagawa wrote:
| There is a standard that has some recognition and uptake
| (though needs more) - Global Privacy Control. It's been
| adopted by some browsers and publishers, and IIRC is a
| requirement for CCPA (California Consumer Privacy Act)
| compliance. https://globalprivacycontrol.org/
| hunterb123 wrote:
| They'll just make it so complicated where you have to use
| an embed from Google or something to implement it properly,
| similar to CCPA.
|
| In the end Google ends up in a script on the page somehow
| in the name of privacy.
| Spivak wrote:
| halle-fuckin-lujah please don't make it some bullshit
| centralized service where you have to have a specific cookie
| from a random website to actually use it. please just expand
| DNT.
| bdougherty wrote:
| More likely it will be GPC
| (https://globalprivacycontrol.org).
| user3939382 wrote:
| In the sick world we live in, ad companies would love a more
| granular DNT response from your browser so they can use it to
| fingerprint you.
| hedora wrote:
| They need to specify that this has to work in an anonymous, per
| device way (like DNT).
|
| Otherwise, google could claim its current policies are
| compliant. ("Just log in if you want to be 'anonymous'...")
| stvswn wrote:
| Google does not rely on a user being logged in. Go to
| adsettings.google.com in a logged out state, for example. I'm
| not sure what you're referring to.
| singron wrote:
| That's only for ad personalization. If you want to turn off
| web and app activity, you have to be logged in.
|
| The ad industry has had these opt-outs for a while, but you
| have to set opt-out cookies on about 500 sites, so it's not
| practical. DNT solves that problem, but the industry won't
| voluntarily adopt any solution that has any realistic
| chance of making a difference.
| hot_gril wrote:
| Sigh. I have my cookies enabled because I want to use them. If
| I didn't, I wouldn't enable them. I wish there were a "fuck
| GDPR, I agree to whatever terms" browser setting.
| klabb3 wrote:
| GDPR doesn't disallow cookies, it disallows tracking cookies,
| afaik. Tracking data is not yours too see, so how could you
| _use them_? Do you mean that you want personalized ads?
| hot_gril wrote:
| I want to use the site without getting a banner. Some
| require me to agree to cookies. I don't care what they do
| with the cookies. Almost nobody does.
| yrgulation wrote:
| Will you guys get to click popups on every.single.site.? If so
| believe it's annoying. There must be a better way.
| [deleted]
| [deleted]
| macns wrote:
| Maybe I'm too romantic, but I'd like to see an american GDPR (not
| saying that the eu name or the bill itself is better), and then
| an Asian and so on till we have one global GDPR protecting all
| consumer data.
|
| </daydream>
| ThomPete wrote:
| GDPR is a horrible horrible solution and only helps the big
| corporations who can afford all the extra work to ensure that
| users who actually end up agreeing to the terms are locked in.
|
| It helps no one besides politicians who now have create more
| work for them selves, and is an abomination just like the
| cookie policy.
| hatware wrote:
| Bills are always named so you think they're good! We are not too
| far from 1984 now.
| macintux wrote:
| Can you expand on what you feel is wrong with the bill?
| hatware wrote:
| Feel free to read up on the last 20 years of US politics.
| Same shit, different day.
| macintux wrote:
| The point of HN is not to make winking, snide comments
| about how things are broken, but to actually
| discuss/document what's good or bad.
|
| You're not adding any value without diving into details.
| hatware wrote:
| And you're not adding any value by staying ignorant to
| history.
|
| It's not my job to spoon-feed you the problems and
| solutions.
| dekken_ wrote:
| Always? Unlikely, can be sure, but I doubt it's always.
| hatware wrote:
| Boot taste good.
| dekken_ wrote:
| Nah I just know the difference between reality and
| generalizations.
| hatware wrote:
| You'd be surprised.
| matai_kolila wrote:
| I can't remember the last time I saw a non-iroinic reference to
| 1984.
|
| Have you read the book? It's nothing at all like how we live
| today, and (as far as I can tell) this would do nothing towards
| making our lives more like how the lives of Winston and Julia
| were in the novel.
| bdougherty wrote:
| Telescreen, newspeak, mass surveillance, perpetual war,
| "officials" acting as if what they are saying now is always
| what they said, etc. It's almost easier to list the things
| that we _don 't_ have in common.
| matai_kolila wrote:
| Literally none of those things are real as actually
| described in the novel.
|
| Keeping a diary is punishable by _death_ (that 's the
| premise of the entire story), it's kind of silly to compare
| that with our lives today.
| rt4mn wrote:
| 1984 was published in 1949. It is partially _science
| fiction_. Tricorders are not literally the same as cell
| phones, either, but if you ignore the parrelels you are
| doing a disservice to the important role and lessons of
| good sci-fi.
|
| The thing I tell most people is that we currently live
| under more surveillance then folks in 1984. "You had to
| live--did live, from habit that became instinct--in the
| assumption that every sound you made was overheard, and,
| except in darkness, every movement scrutinized." nowadays
| your movement is not safe even in darkness.
|
| We would be even more screwed then folks living in that
| fictional regime if we backslide away from rights based
| democratic rule of law.
| matai_kolila wrote:
| I couldn't disagree more strongly; the fact that you can
| write this and not worry for the rest of your life about
| being killed is the whole point.
|
| I urge you to reread 1984, and focus on how people who
| broke the rules were treated. People weren't deplatformed
| or cancelled, they were murdered.
| rt4mn wrote:
| I do worry about being killed by the government. I worry
| about everything related to government abuse of power and
| surveillance. I wear my tinfoil with with pride, thank
| you very much.
|
| On a more serious note (in case it was not clear that I
| was being facetious), you are absolute correct that an
| important theme (and, arguably, the primary / key
| message) of 1984 is to highlight the horror and dangers
| of a totalitarian government, and to push back against
| the very, very pressing danger of Nazi Germany and the
| Soviet Union.
|
| But one of the great things about sci-fi / dystopian /
| utopian fiction is that it lets us look at a potential
| future, ask ourselves if thats a world we want to live
| in, and if its not, we can think about what it might take
| for us to go down that path, and what steps we should
| take if we want to avoid it.
|
| You are right to point out that we dont live an a
| totalitarian surveillance state run by elites without
| respect for the rule of law. But my point is that we
| _could_ , and that we currently do live in a
| _surveillance state_. It just happens to be a democratic
| surveillance state run by elected representatives of the
| people with a strong culture of respect of the rule of
| law. But its a surveillance state nevertheless.
|
| I wont suggest you re-read 1984, but I would suggest
| taking a look at this opinion piece by Pussy Riot's Nadya
| Tolokonnikova: https://www.nytimesn7cgmftshazwhfgzm37qxb4
| 4r64ytbb2dj3x62d2l... (or i guess
| https://www.nytimes.com/2020/08/26/opinion/navalny-
| russia.ht..., but I suggest the onion link)
|
| Or at least the last paragraph: "Our president has only
| just recently had the law changed so that he can stay in
| power until 2036, but his program of repression didn't
| start out this blatantly. These things happen in pieces,
| bit by bit, small acts. And each one may even seem
| relatively benign at first, perhaps bad, but not fatal.
| You get angry, maybe you speak out, but you get on with
| your life. The promise of our democracy was chipped away
| in pieces, one by one: corrupt cronies appointed,
| presidential orders issued, actions taken, laws passed,
| votes rigged. It happens slowly, intermittently;
| sometimes we couldn't see how steadily. Autocracy crept
| in, like the coward it is."
|
| Persistent mass surveillance is not mentioned. Abusive
| government surveillance tends to fly under the radar. But
| one of the lessons of 1984 is that you ignore it at your
| peril.
| [deleted]
| [deleted]
| matai_kolila wrote:
| I don't disagree or agree with what you've written
| generally here, but specifically speaking 1984 is not a
| reflection of current reality for Americans, and you seem
| to agree with that.
|
| That's an important point, and I think there are a lot of
| folks who would try to disagree. There are people in this
| very comment thread that believe 1984 is not a work of
| fiction, and that's silly. Those are the people I'm
| disagreeing with.
|
| I'm not really interested in generic, "society is falling
| apart" conversations, as every society ever has been
| saying that about different things, and yes they even
| followed up with, "No but for us it's real!"
| rt4mn wrote:
| > specifically speaking 1984 is not a reflection of
| current reality for Americans, and you seem to agree with
| that
|
| Of course 1984 is not a reflection of current reality. it
| was not a reflection of current reality back when it was
| written. Science fiction is not a fun-house mirror
| reflecting back a warped version of the present, its a
| kaleidoscope looking into the future.
|
| I have not seen anyone in this thread say "1984 is
| totally real and not a work of fiction", or confusing
| that world with reality. I've only seen people using the
| novel as it was intended to be used (as a rhetorical and
| persuasive tool) and pointing out: "There are a number of
| very real parallels between the world we live in and the
| world of 1984, and the number of parallels is increasing.
| This is a giant blinking warning light, and we should
| change course"
|
| > I'm not really interested in generic, "society is
| falling apart" conversations, as every society ever has
| been saying that about different things, and yes they
| even followed up with, "No but for us it's real!"
|
| I sympathize with your lack of interest in that
| conversation, its not a fun one, but its important and
| your rational for avoiding it is flawed. True, very
| society every has had its doomsayers, and they were very
| often wrong. But a lot of them were right, too. Progress
| is not inevitable. Societal backsliding has happened many
| times throughout the course of human history, and
| democratic / rule of law backsliding has happened a lot
| in very, very recent history. Back when that opinion
| piece I linked too was written, the new york times had
| reporters based in russia. Now they don't.
|
| Judge Doomsayers like me based on the specific doom we
| forsee, not on the fact that we are doomspeaking. (and
| now I promise I'm done editing, even for spelling, since
| thats gotten me hooked two bloody revisions ago)
| matai_kolila wrote:
| > Telescreen, newspeak, mass surveillance, perpetual war,
| "officials" acting as if what they are saying now is
| always what they said, etc. It's almost easier to list
| the things that we don't have in common.
|
| > The thing I tell most people is that we currently live
| under more surveillance then folks in 1984.
|
| > In ~20 years you'll see how silly you are for welcoming
| totalitarianism. You won't care until it effects you.
|
| Three examples from this thread (one by you) of folks
| claiming "1984 is totally real and not a work of
| fiction", at least to the degree of what I originally
| said (you're misconstruing what I wrote for rhetorical
| value, but if you look at what I _actually_ claimed,
| these quotes fit).
|
| There are not "a number of very real parallels between
| the world we live in and the world of 1984", this is a
| misremembering of the content of the novel. You don't get
| to just hand select a few things from the novel and say,
| "Look, 1984!" in the same way you don't get to cite "well
| the humans in Lord of the Rings breathed air so it's the
| same as today!"
|
| For example, without the critical, "or else you die"
| consequences of misbehavior in the 1984 novel, none of
| the "scary" things in the novel carry anything remotely
| approaching the weight or meaningfulness.
| pessimizer wrote:
| > Three examples from this thread (one by you) of folks
| claiming "1984 is totally real and not a work of
| fiction",
|
| I'm not sure that you can accuse anyone of misconstruing
| anything unless you can find this quote in another
| comment, or anything resembling it.
| matai_kolila wrote:
| I'm not really interested in playing the semantics game,
| I concede all points to anyone who wants to try.
| hatware wrote:
| I like how calling you out somehow implies 1984 was not
| fiction. What a set of hoops!
|
| Then when _others_ call you out, you call it semantics
| games. Rich.
| hatware wrote:
| In ~20 years you'll see how silly you are for welcoming
| totalitarianism. You won't care until it effects you.
|
| And then it will be too late for you to do anything about
| it.
| [deleted]
| matai_kolila wrote:
| Welcoming, not welcoming; you don't know my position on
| totalitarianism, you just know I've read 1984 and have
| opinions about the validity of parallels with modern day.
|
| For all you know I prefer "Brave New World" analogies!
| hatware wrote:
| > you don't know my position on totalitarianism
|
| We all know your position, and you're not on the right
| side of history. Period.
| pessimizer wrote:
| Speakwrites are coming. It'll be no time at all until your
| computer changes what you're typing to something more
| appropriate, or throws up a modal that reads:
|
| "Most writers don't write things like this. You should
| consider for a moment whether this is how you want to
| present yourself to others. Press [suggestions] for
| alternate ways to express a similar idea, or press [submit]
| to become legally and socially liable for the consequences
| of your actions."
| [deleted]
| throwaway71271 wrote:
| when people say '1984' they dont always mean Winston and
| Julia, sometimes they mean the Proles.
|
| > If there is hope, wrote Winston, it lies in the proles.
|
| https://www.abhaf.org/assets/books/html/1984/47.html
| hatware wrote:
| > Have you read the book?
|
| Have you...? Imagine being this far away from the truth.
| Yikes.
| hallway_monitor wrote:
| If it has anything about protecting children in it or it has to
| do with limiting encryption you are correct.
| viridian wrote:
| > limiting encryption
|
| You mean stopping online crime, identity theft, and
| cyberbullying. Going after encryption is the goal, the stated
| goal is usually about more tangible, friendly concepts.
| antonymy wrote:
| Well...
|
| >SEC. 406. COPPA.
|
| >(a) In General.--Nothing in this Act shall be construed to
| relieve or change any obligations that a covered entity or
| another person may have under the Children's Online Privacy
| Protection Act of 1998 (15 U.S.C. 6501 et seq.).
|
| >(b) Updated Regulations.--Not later than 180 days after the
| enactment of this Act, the Commission shall amend its rules
| issued pursuant to the Children's Online Privacy Protection
| Act of 1998 (15 U.S.C. 6501 et seq.) to make reference to the
| additional requirements placed on covered entities under this
| Act, in addition to those already enacted under the
| Children's Online Privacy Protection Act of 1998 that may
| already apply to some of such covered entities.
|
| Not exactly new rules, but they're making sure this doesn't
| overwrite anything they already enacted "for the children".
| kevinventullo wrote:
| Also, my understanding is that COPPA is actually pretty
| well-scoped to legitimately protecting children. I say this
| as someone who works on a product that is affected by
| COPPA.
| kornhole wrote:
| The corporate captured government will only protect their privacy
| and profits. The quicker people realize this, the better.
___________________________________________________________________
(page generated 2022-09-22 23:00 UTC)