[HN Gopher] American Data Privacy and Protection Act ___________________________________________________________________ American Data Privacy and Protection Act Author : 1vuio0pswjnm7 Score : 346 points Date : 2022-09-22 14:32 UTC (8 hours ago) (HTM) web link (www.congress.gov) (TXT) w3m dump (www.congress.gov) | gigel82 wrote: | Can't read legalese much, and -judging by how these things tend | to go- I bet it's butchered beyond recognition before it gets to | a vote (if at all). Instead, we should consider a constitutional | amendment that enshrines digital privacy as a fundamental human | right. | legitster wrote: | > digital privacy as a fundamental human right | | Why would digital privacy be a fundamental human right before | normal privacy? | cvoss wrote: | > Instead | | No way. The threshold of consensus required to put a | constitutional amendment through is far higher than that of | passing a bill (maybe too high, but that's another | conversation). The fact that such an ammendment would consist | of terse, high-level, abstract statements rather than pages and | pages concrete specifics would also make it harder to achieve | consensus because too many people would be afraid of it getting | read by SCOTUS in a way they didn't want. | | We need to work on federal laws here and not wait for a pie-in- | the-sky constitutional ammendment. (State-by-state laws don't | make a whole lot of sense on this topic. Glad CA has been test- | driving some, but we need a unified approach.). | encryptluks2 wrote: | You do realize that you can waive your constitutional rights | like a jury trial, and that these companies would just make | that part of their standard terms of service... Right? | lolinder wrote: | Why would a constitutional amendment be less prone to getting | butchered beyond all recognition? An amendment may not have its | _text_ butchered, but there 's no guarantee at all that it will | be interpreted the way you hope. | seanw444 wrote: | It probably will be interpreted in all the wrong ways you | can't even anticipate. All you need for an example is 2A. | micromacrofoot wrote: | we don't even have food and shelter as a human right | carom wrote: | We do have food in a sense. I began cooking for the homeless | and quickly learned they all had EBT cards and didn't want my | bland cooking. | micromacrofoot wrote: | the comment I was responding to was specifically | referencing rights as outlined by the constitution | matai_kolila wrote: | For any enterprising young legal authors, I'm sure a "rewritten | for laypeople" paragraph-by-paragraph blog post would garner a | large volume of views and impressions to your site... | belkarx wrote: | The effort put in is commendable but this doesn't yet reach the | levels of GDPR and the US market is too large for it to be likely | to pass. Maybe eventually ... | lmkg wrote: | For those following along at home: | | So far five states have passed local Data Privacy laws (CA, VA, | UT, CT, MA). They are all different. This situation makes it much | more likely that federal data privacy legislation will happen: | while companies wish they could have 0 laws, they would still | much rather prefer 1 law rather than 5 (trending towards 50) | different laws that contradict each other. | | There's a whole buncha specifics about what data is covered and | what companies are covered and bleh blah bluh. _That 's not the | most important thing._ There are two things which are _more_ | important than that. These two issues also happen to be the | topics most hotly debated between Dems & Repubs. | | 1. Private Right of Action, aka "Can I, a private citizen, sue | someone?" | | Everyone violates GDPR a dozen ways to Sunday, and nothing | happens. Why? Because no one can actually _enforce_ the law | except for the local regulators who are underfunded. By contrast, | the ADA lets anyone sue over violations, and as a result | companies care a lot about handicap accessibility. | | To my understanding the current negotiations are trending towards | a _limited_ Private Right of Action. Meaning it will exist for | some violations but not others. This is how CCPA works in | California right now: private citizens can sue over _data | breaches_ , but any other violation can only be enforced by the | Office of the Attorney General. | | 2. Pre-emption, aka "Does this repeal CCPA." | | Can states give additional protections to their residents, or is | the Federal government removing the ability of states to define | additional requirements for businesses. Again, the current state | of negotiations seems to trend towards partial, but not total, | pre-emption. | encryptluks2 wrote: | Partial preemption leads to supreme court decisions that lead | to near total preemption. | tomatotomato37 wrote: | Only if it's not a highly contentious issue. Otherwise the | bigger states just go "We control X amount of the American | population/economy, and thus we are going to enforce our own | law _anyway_ " | | Granted they would be in the wrong since this is clearly and | unambiguously interstate commerce, but that hasn't stopped | them before | arrosenberg wrote: | Its not unambiguous. Google is based in CA, I am based in | CA. Packets may go across state lines, but the commercial | transaction (a search query) has occurred between two CA | entities and should fall under state law. | encryptluks2 wrote: | It doesn't work like that. Once Congress enacts something | then it can be preempted by federal law. Just because the | activity took place in a single state doesn't mean that | the Federal courts don't have jurisdiction. Erisa is a | good example. | arrosenberg wrote: | I wasn't arguing that, I was saying that it's not an | unambiguous case of interstate commerce. Congress | shouldn't be pre-empting the laws of California insofar | as they apply to intrastate commerce. You can set a | federal minimum and let each state enhance laws as they | see fit. | encryptluks2 wrote: | Agreed, but as we've seen with many other federal laws | once you have preemption then it is usually interpreted | to the broadest extent and not the minimum. | user3939382 wrote: | > they would still much rather prefer 1 law rather than 5 | (trending towards 50) different laws that contradict each other | | A perfect example of how these megacorps destroy the fabric of | our political process. The fact that dealing with state | regulations is a burden isn't our (the people's) problem, we | have a right to have our state's reflect our will. They want to | scale up to this massive size raking in billions of dollars, | that should come with the territory. | tzs wrote: | > Everyone violates GDPR a dozen ways to Sunday, and nothing | happens. Why? Because no one can actually enforce the law | except for the local regulators who are underfunded. | | Individuals can enforce GDPR in court: | | --------------- | | Art. 79 GDPR | | Right to an effective judicial remedy against a controller or | processor | | 1. Without prejudice to any available administrative or non- | judicial remedy, including the right to lodge a complaint with | a supervisory authority pursuant to Article 77, each data | subject shall have the right to an effective judicial remedy | where he or she considers that his or her rights under this | Regulation have been infringed as a result of the processing of | his or her personal data in non-compliance with this | Regulation. | | 2. Proceedings against a controller or a processor shall be | brought before the courts of the Member State where the | controller or processor has an establishment. Alternatively, | such proceedings may be brought before the courts of the Member | State where the data subject has his or her habitual residence, | unless the controller or processor is a public authority of a | Member State acting in the exercise of its public powers. | rawgabbit wrote: | Is there a right, as a private individual, to sue everyone who | has sent spam/fraud texts to me? | lmkg wrote: | Spam email, yes, due to the CAN-SPAM Act explicitly | authorizing it. I believe that at least one individual has | literally made a living out of pursuing such lawsuits. | | Texts, nope. | Kalanos wrote: | anyone know the gist of what tech companies will have to do in | order to be compliant? | xbar wrote: | Less than they do now. This washes away CCPA protections that | are already nationalized-by-default. | prego_xo wrote: | > (B) any time beyond the initial 2 times described in | subparagraph (A), may allow the individual to exercise such right | for a reasonable fee for each request. | | Paying any sum of money to receive a copy of or request to delete | my private data is unreasonable in nature. | drstewart wrote: | This is normal: | | https://www.techrepublic.com/article/how-to-request-your-per... | | >Although, the ICO also notes that a firm may charge a | "reasonable fee" when "a request is manifestly unfounded or | excessive, particularly if it is repetitive." | | Privacy request shouldn't enable mechanisms of denial of | service type attacks against companies. | prego_xo wrote: | DoS is an understandable concern, but charging for a service | is probably one of the least sensible ways to prevent it. To | me, it just looks like the most profitable and impeding | hurdle that companies can set up to prevent users who want to | access their own data. I would be frustrated if any | application made me pay even a small fine because they | suspect a DoS attack. For example, entering my credit card | info because I've searched a phrase too much just isn't | efficient. | colpabar wrote: | > Privacy request shouldn't enable mechanisms of denial of | service type attacks against companies. | | How would this even happen? I genuinely don't understand what | you mean. | emiliobumachar wrote: | When GDPR was new, several people sent "nightmare letters", | deliberately and publicly designed to cause as much cost | and hassle as possible. To my knowledge, no one was | punished or even inconvenienced for blatantly abusing the | law in this way. | | https://duckduckgo.com/?q=gdpr+nightmare+letters | Nextgrid wrote: | The "nightmare GDPR letter" is trivial to deal with: | https://jacquesmattheij.com/so-your-start-up-receive-the- | nig... | michaelmior wrote: | Users don't like a company, they automatically spam the | company with large numbers of requests for personal | information which they would legally be required to | provide. | colpabar wrote: | Does the same logic apply to FOIA requests? | HideousKojima wrote: | Most FOIA requests involve a small fee as well for the | same reason. | | https://www.hhs.gov/foia/faqs/what-is-the-cost-for- | getting-r... | Floegipoky wrote: | And those fees have been infamously exploited to | functionally deny access to material or financially harm | the requester. Perfectly illustrating why charging fees | for these things is such a bad idea. | olyjohn wrote: | Guess they'd better figure out how to get people their | data in a more rapid manner. I guess they could use a | computer or something to automate it so that users can | just click a button to download their data. | | I mean, what year is this? We've been hearing "automate | it, automate it, etc" for years and years now. But to get | your personal data, these companies just throw up their | hands and say that it's too hard? | bpodgursky wrote: | When we implemented CCPA lookups, one of the many | necessary lookups was through a decade of glacier'd | request logs (necessary to hold onto for compliance). | | Even ignoring implementation cost, there was a | significant computational cost that's pretty hard to | avoid. | colpabar wrote: | I couldn't agree more. Even if it does require a person | to do something that isn't automated, they should be | required to have people on staff whose first priority is | responding to these requests. It seems ridiculous to me | that people are claiming this is just too hard for a | company so they should get to profit off of it. | | It's _our_ data, dammit! | drstewart wrote: | >that people are claiming this is just too hard for a | company so they should get to profit off of it. | | Completely disingenuous argument. Literally nobody | claimed that. | | By the same token of strawmanning, you're claiming that | businesses should do nothing than hire people to send | your data back to you. Why even have businesses if that's | the only thing you think they should do? | | If you're so invested in "your data, damnit", then don't | give it to them in the first place. | legitster wrote: | For our company, all privacy requests are handled manually | by a team I am on. We manually do name searches in about a | dozen platforms to see if there are any matching records. | | 4/5 times there aren't any - people doing the requests | often use services that submit blanket requests. | pooper wrote: | Strong disagree. There are already other options for | malicious actors, most notably Americans with Disability act. | thayne wrote: | So you could have something like each person is allowed two | free data requests per year, after that you can charge for | it, or something like that. | olyjohn wrote: | Maybe they should automate the requests then. There's zero | reason why they couldn't just write something where you log | into your account and click "download my data." | | These companies are happy to harvest up all your data, run | all this crazy automation, spend millions analyzing | algorithms, setting up machine learning, NFTs, run | datacenters, networks, etc etc, but they can't figure out how | to automate GDPR requests? FUCKING BULLSHIT. | | There is literally zero reason why a data request should add | any burden to a tech company. | nightski wrote: | I wonder if a company can be DoS'd via privacy request maybe | they are collecting more data than they can effectively | handle and that should be re-examined. | ortusdux wrote: | The problem is, "reasonable" is subjective. Things like this | need to be tethered to something. "The fee may not exceed 50% | of the hourly federal minimum wage." | smileysteve wrote: | Yes, what's reasonable to a company may not be reasonable | to a consumer. Ie, as a company can create process that | uses 10 man hours and my cheapest labor with overhead is | $50/hr, but we can find countless CNBC articles that say | the average consumer can't afford a $500 expense. | bin_bash wrote: | That's just not true. "Reasonable" is a binding term used | in contracts all of the time. The court system is extremely | experienced in determining what is and is not reasonable. | giantg2 wrote: | "The court system is extremely experienced in determining | what is and is not reasonable." | | Almost always to the dismay of one party, and sometimes | to the dismay of the general public. | MerelyMortal wrote: | Not always. According to lemon law lawyer Mr. Lehto (who | runs a Youtube channel Lehto's Law), RVs are not covered | under most state lemon laws, and thus defers to the | federal Magnuson Moss Warranty Act which just says | repairs must be under a reasonable time frame, and the RV | companies say something like 10 repairs, 6 months each, | is the industry standard and thus reasonable, and judges | don't have anything else to base that on, so they agree. | [deleted] | [deleted] | smileysteve wrote: | From a foia perspective the courts and government | agencies aren't great at "reasonable". | ortusdux wrote: | Leaving the fee uncapped creates an incentive for | business to put zero effort into making the reporting | process efficient. That way, they can demonstrate that | compliance requires 5 skilled hours (for example) and | "reasonably" charge $250 per report. | | Courts rule on the evidence provided. If a user | challenges the fee, the company can easily document where | every penny went, and therefore claim it is a reasonable | charge. The user's only real recourse would be to prove | that company is over-billing, but that would require | evidence. | | Pegging the cost to a set number of labor hours by law | signals to companies that part of the cost of collecting | this data is they must develop their internal systems in | a way that they can quickly and easily comply with | requests. | tbihl wrote: | Much like passing a bill to find out what's in it, going | to court to discover the rules is not a healthy way for | society to run. | bin_bash wrote: | Going to court to discover the rules is precisely how | common law systems work | riversflow wrote: | I don't want to have to go to court to not be extorted | over my data. | jdasdf wrote: | It's certainly experienced in making stuff up. | drstewart wrote: | GDPR is filled with "reasonableness" expectations and | unspecified guidelines that aren't tethered to anything. | Why the concern over this one specifically? | dsr_ wrote: | This one, I dunno. | | But in general, EU/EC law is full of policy that gets | interpreted as human judgement calls, and US law is full | of details that are interpreted as badly-written code | with a choice of parsers. The two styles are not | compatible. | scarface74 wrote: | Yes because a 99 section 11 chapter law is really easy | for small companies to follow... | scsh wrote: | EU laws can often be written in such a way and are a bit | looser in their language in ways when compared to how it | may be written in the US. EU courts are more experienced | with dealing with interpretations of "reasonableness" for | a given law when compared to the US, so it's not really a | fair comparison. | rt4mn wrote: | I agree privacy request shouldn't enable mechanisms of denial | of service type attacks against companies. But I don't think | that justifies allowing companies to put in place fees to | access personal data. | | If cloudflare required people to pay to bypass their denial | of service protections... well, I guess I dont know what | would happen, other then that I would hate them even more | then I already do for all the terrible things they do for my | experience as a default tor browser user. | legitster wrote: | I mean, at our company, GDPR requests _have_ to cost at least | $50 a pop. It goes to a human team to review and process with a | dedicated legal representative. | olyjohn wrote: | Not my problem. You're the one collecting the data. You pay | for the costs. Can't afford to collect my data? Go out of | business then. | legitster wrote: | We have to process the request regardless of whether we | actually have your data or not. | smileysteve wrote: | seems like you should either make the lookup automatable | or stop collecting. eu citizens wont have such a fee. | micromacrofoot wrote: | It's your problem until there's a law saying otherwise. | gbear605 wrote: | Sounds like an appropriate cost of doing business with data. | If you don't want to pay for it, collect less data. | prego_xo wrote: | Very fair point, and I understand the necessity of data | collection in some cases. I do feel like that's a cost that's | incurred voluntarily, though, and shouldn't fall on the | shoulders of users/customers. Some people might not want data | to be collected to begin with, so the cost ends up being your | company's fault and not theirs. | legitster wrote: | But we have to process every request _even if we do not | find any of their data_. | | A majority of requests are actually this way - people use | online services that submit blanket removal requests. | prego_xo wrote: | Yeah, that's definitely the case and I see where the | hassle is, but to restate my point, those costs are | simply a part of overhead and not the business of users. | Unless the users are given an opt-out first and foremost, | they're owed ownership over their personal data. | legitster wrote: | Again, the language of the proposed bill is requiring 2 | free requests per person. | | $100 for an occasional person? No biggie. | | _Potentially infinite_? That 's a bit more than normal | overhead. | | While we haven't seen this sort of DDoS attack through | our GDPR process _yet_ , the potential is already there | if bad actors or competitors wanted to exploit it. | robust-cactus wrote: | Not sure what y'all are complaining about. The amount of privacy | work that happens with governments at big tech companies is | substantial. The language in this doc seems like a better, less | oppressive version of GDPR. | oaiey wrote: | I find the gdpr is much easier to read than this. | jdp23 wrote: | It's not clear that ADPPA will move forward. The current version | preempts California's CCPA/CPRA legislation, and (big surprise) | California doesn't like that. But, that's far from the only issue | with it. Here's an update from a couple of weeks ago which | discusses some of the problems, as well as potential next steps. | https://thenexusofprivacy.net/adppa-new-compromise/ | | And, here's EFF's position: " Americans Deserve More Than The | Current American Data Privacy Protection Act" | https://www.eff.org/deeplinks/2022/07/americans-deserve-more... | takeda wrote: | That's weird that it was implement to preempt. Normally bills | add on top of each other so why it is different here? | | As a Californian I would prefer that bills add additional | protections especially when it comes to privacy. | nugget wrote: | Preemption would be an enormous mistake. Federal legislation | moves at a glacial pace. In a field like privacy, you may only | get to pass one substantial bill every 10 or 15 years. | Technology moves too quickly for lawmakers at the Federal level | to keep up. States can move much faster. Justice Brandeis | popularized the phrase that "[the] states are the laboratories | of democracy" and digital privacy law is a text book case of an | emerging field that will benefit enormously from iterative | experimentation at the state level. | JumpCrisscross wrote: | > _Preemption would be an enormous mistake_ | | It creates a national standard. If we're still debating the | solution, sure, devolve to states. But if we're near | consensus, preemption provides scale. This is American | strength in a nutshell. | autoexec wrote: | Yeah, nobody wants to have to constantly worry about | compliance with 50+ different required standards which may | or may not conflict with one another. Having one clear | standard for services to follow is absolutely preferred so | long as it actually does the job of protecting people's | data privacy. | yonaguska wrote: | Yep, I personally only want federal pre-emption for | restrictions on government. Shall not infringe type stuff. | phpisthebest wrote: | >>Preemption would be an enormous mistake | | Preemption is always a mistake, i am not sure why everyone | wants federal laws for everything, without even touching the | fact that Data privacy is in no way even close to any of the | enumerated power of the US Federal Government | | Federal Laws almost always favor large companies, the exact | companies these laws are needed to protect the consumer from | | Facebook, Microsoft, etc would love nothing more than to have | the federal government take over because has "stake holders" | they will be called on to write their own legislation, and | will start the revolving door of hiring current, former and | future regulators to work in the very corporations they are | supposed to regulate. | | Federal laws never work for the average citizen | hprotagonist wrote: | > Preemption is always a mistake, i am not sure why | everyone wants federal laws for everything | | So that my marriage is recognized across state lines, for a | start. | pokey00 wrote: | eh poor example imo; that's guaranteed by the | Constitution, not legislation. | hprotagonist wrote: | oh? where, exactly? Is that why we needed Obergefell, and | Loving, and ... ? | klabb3 wrote: | Why would you the government to be involved in your | marriage? | agar wrote: | Isn't a better question: why would you want /any/ | government involved in your marriage? | | This argues for federal legislation that defines marriage | simply as a compact between two consenting adults with | some basic legal record keeping. | | The /impact/ of that marriage can be both federal and | state (e.g., federal vs. state tax laws). | | Individual state laws defining marriage could mean your | next of kin could change if you die in the wrong state. | That way lies dragons. | hprotagonist wrote: | Because that's what marriage _is_? | d4mi3n wrote: | I think the point GP is trying to make is that sometimes | _state_ governments try to get involved in marriage and | having a federal policy that preempts that can prevent | further meddling. | | This cuts both ways--with preemption, you can provide | baseline rights or guarantees to citizens. The trade-off | is that you have federal legislation in the mix and you | then need to deal with laws that are slower/harder to | change; a big issue if the law was badly written or needs | to be changed in a timely manner. | nightpool wrote: | > without even touching the fact that Data privacy is in no | way even close to any of the enumerated power of the US | Federal Government | | In what way is data privacy regulation for corporations | _not_ a regulation on interstate commerce? That 's like, | the whole deal. That's the entire internet. If anything, | Internet regulations applying at the state level is even | more insane, because of the inherently cross-state nature | of globally networked communication. | autoexec wrote: | > i am not sure why everyone wants federal laws for | everything | | I'm not sure why anyone wants to be held to 50+ different | and conflicting privacy and data protection requirements | just to have a website or provide a service online because | that's what we'd be getting if we left online privacy | regulation up the states. | mc32 wrote: | In this case I think preemption gives you widespread | uniformity so it makes adherence easier to achieve and more | predictability. Is those island gonna come up with weird | stipulations, maybe Montana... uniformity in this case may be | better. | rt4mn wrote: | This is exactly why Microsoft has been throwing money at | lobbyists at the state level as well, pushing shitty | "consumer privacy bills", both because they don't like strong | legal privacy rights at the state level, but also in the | hopes of forestalling and kneecapping a strong federal | baseline privacy bill. | | https://www.eff.org/deeplinks/2020/03/tech-lobbyists-are- | pus... | jdp23 wrote: | Yep. We've fought them off here in Washington ... but they | and Amazon just took it to other, more pliable states. Todd | Feathers and Albert Ng had a very good article on this in | The Markup a few months ago | https://themarkup.org/privacy/2022/05/26/tech-industry- | group... | encryptluks2 wrote: | Did we though? What bills does Washington have that could | compare to the CCPA? | jdp23 wrote: | None yet. Big tech companies have pushed various versions | of the Bad Washington Privacy Act, which is weaker than | CCPA. In 2021 and 2022, civil liberties, civil rights, | and immigrant rights groups have supported the People's | Privacy Act, which is a lot stronger than CCPA or ADPPA, | but tech lobbying kept it from even getting a hearing. | We'll see what happens in 2023 ... the Bad Washington | Privacy Act's sponsor is retiring from the Senate (and is | generally expected to become a full-time lobbyist), so | the landscape should be different. | jfengel wrote: | States move faster... so fast that a technology company would | be constantly chasing 50 different state laws. | | The Internet is a global entity, and it doesn't strike me as | being well served by the "laboratory of the states". | | Federal legislation is slow, but executive agencies can move | faster if they are empowered by legislation to make rules. | Congress sets broad principles, and it's not unreasonable | that those principles should stay the same for a decade at a | time, even in a fast-moving domain like privacy. And while | regulatory agencies can be their own pieces of work, it is | much easier to deal with one national agency's rules than 50 | different ones. | abigail95 wrote: | If fewer jurisdictions = better, then just adopt the GDPR | as-is. | | That seems obviously bad to me, having more jurisdictions | to work out what the best laws are seems like a better | idea. | takeda wrote: | > States move faster... so fast that a technology company | would be constantly chasing 50 different state laws. | | As a person who's data is being sold I would one up it and | wish that each county would produce their own regulations. | That business is a cancer. | seanw444 wrote: | After seeing how the ATF operates entirely autonomously to | nearly eliminate the right to bear arms through | increasingly more unnecessarily complex and ridiculous | "rules" that make you felon for things that were previously | (and should still be) totally legal, I have zero interest | in giving executive agencies autonomy to make laws. | | And it doesn't matter that the rules can be ruled as | ineffective by a high court, because it takes ages to get | through the whole court process. So in the time that the | court took ruling something totally unconstitutional, | people's rights are squandered (especially without any | democratic consensus to enact it), and the people that | enacted and enforced the later-deemed-unconstitutional | rulings face zero repercussions. And guess what? They then | move on to the next unconstitutional ruling that squanders | as many rights as possible for as long as possible. | klabb3 wrote: | > unnecessarily complex and ridiculous "rules" that make | you felon for things that were previously (and should | still be) totally legal | | Not going into the US-centric gun debate and assuming | that guns are simply tools, isn't it reasonable that gun | owners need to monitor the regulations? If you operate | heavy machinery or run a chemical lab, I'd expect you to | keep a close eye on upcoming legislation and rules. I'd | not be surprised if a food truck operator would need to | keep track of more rules than gun owners. | tekknik wrote: | Both of these examples are enterprises, not something a | private citizen does. I would also hesitate to say that | you can become a felon overnight with either of these | scenarios (remember all of the rights lost, including gun | ownership, by being labeled a felon). And a majority of | businesses shield themselves such that if they do violate | the law it's the business itself penalized, not the | workers. In the case of gun ownership it's the individual | being penalized. | | To make your example equivalent, imagine if the food | truck or some piece of equipment in that truck was | suddenly made illegal. And if you're in possession of it | you are now a felon. Yesterday (literally) it was legal | and you were not given advanced notice anymore than | waking up this morning and receiving notice. | | If heavy machinery and food industries operated this way | there would be much less competition and likely no food | trucks at all | encryptluks2 wrote: | Lol.. gotta love when they propose acts before even understanding | technology. Things like this need to be collectively written by | some of the best privacy advocates. Not a bunch of interns that | have no clue how technology works. | lolinder wrote: | If there's a piece of the bill that illustrates your objection, | please do share. As is this feels like a canned response based | on a stereotype, not a substantial objection. | donatj wrote: | Now if we could just get a bill that actually limited the | _governments_ ability to collect data on its citizens. I 'm not | really worried about targeted ads, I'm worried about targeted | assassinations. | | You talk to people and ask them why they are worried about | companies collecting data, and a certain percentage will tell you | they don't like that the government could get it with a court | order. That'd be a HUGE improvement over the current situation | where they don't have to, they just collect it directly. | candiddevmike wrote: | This poses an interesting question: if the government mandates | a company to collect data, are they exempt from this? What's | stopping them from using that data for commerical purposes? | lmkg wrote: | Section 101 part b "Permissible Purposes," defines when data | is allowed to be collected. The sixth such purpose: "To | comply with a legal obligation imposed by Federal, Tribal, | Local, or State law..." | | A close reading of the wording implies this only covers | requests _backed by a law_ , i.e. it does _not_ cover | "polite requests" from a government agency. However that is a | theoretic protection, practice could be different. | hot_gril wrote: | > I'm not really worried about targeted ads, I'm worried about | targeted assassinations. | | Who's after you? I'm not making the lame "only wrongdoers have | something to fear" argument, just wondering what circumstances | you're dealing with. | pessimizer wrote: | They only need a court order (which can be from a secret court | providing secret guidance, and can be a infinite standing order | that covers vast amounts of arbitrary collection AUMF-style) to | _force_ companies to turn things over. Companies can just hand | your data over because they don 't want to be retaliated | against (or in return for favors), and nobody needs a warrant, | nobody ever has to tell anyone. Depending on agency internal | rules, they may not even have to keep a record themselves of | having done it (if they break their rules, they'll be | responsible for punishing themselves though, I'm sure they'll | be harsh.) | | That's your targeted ads (and your cellphone tracking, and your | transaction records.) | carom wrote: | Hell, I'd be happy if the DMV, post office, and voter records | stopped publishing my address. | uni_rule wrote: | That is incredibly shortsighted considering one of the prime | ways the US Government skirts protections against domestic data | collection is by simply buying it from private entities. | legitster wrote: | There's a large difference though between what governments | could presumably buy from ad trackers or data warehouses and | what they can get by intercepting unencrypted web traffic at | the ISP level. | makeitdouble wrote: | Wouldn't it be the same if the ISP sold the gov. the | extracted info they want ? | | In this setting the gov can hint at what data it wants, and | private parties will manage to get it for resale. | legitster wrote: | I think to OP's point, if we are worried about government | wrongdoing we should pass laws against government | wrongdoing. It really doesn't matter what the private | industry does or doesn't do if the government still has | the right to take it. | | I am not afraid of my data being used against me to sell | products. I am afraid of the government abusing their | monopoly on violence. The first seems like misdirection. | always2slow wrote: | Technically we already have protection under the 4th | amendment, to me this falls squarely under "papers, and | effects" and is an unreasonable search. It seems that the | court doesn't agree though considering the current state | of things. | notinfuriated wrote: | Pretty sure everyone who wants gov data collection of private | individuals would want this to be illegal as well. | | I'm disappointed to find most of the complaining on this | thread about businesses collecting personal data, rather than | the government. Even more so that the first comment's top | response regarding this is shooting it down because of an | imagined loophole. | | It disgusted me about CCPA that a private company can have a | breach and be fined millions, but the CA govt is immune. Same | thing here, and it should disgust everyone who supposedly | cares about privacy. | Ragnarork wrote: | You need both. | | Companies collecting data on you directly or indirectly is a | problem, even if they don't do anything malevolent with it (and | some already do). The issue is that eventually they'll be | breached, and then that data can end up in the hands of | malicious actors that might use it in a way that could harm you | (e.g. identity theft, compromising other accounts thanks to | peronal info, etc.). | micromacrofoot wrote: | A lot of the time they just buy it from data brokers. | kmeisthax wrote: | Fun fact: the lack of this is actually THE reason why Google | Fonts is banned in the EU right now | always2slow wrote: | Why would they need a court order when they are already just | buying the data with zero oversight? The panopticon works like | this: fund startups that will create a data treasure trove -> | legally buy / access the dataset and add it to xkeyscore. | justinzollars wrote: | Worst administration in History. | rt4mn wrote: | The Biden Administration? This is a bill introduced in an | entirly different branch of government. AFAIK Bidens got squat | to do with this | dcow wrote: | One of the logistical issues with a law like this, and with the | CCPA, is verification of the user requesting things such as | account deletion. How are people supposed to do that without | providing KYC-level details to every service provider? | billiam wrote: | The ADPPA seems like a great example of regulatory capture and | gridlock of the federal government by rich corporations and | individuals and how federalism (state's rights) is a crucial and | increasingly fragile element in holding our economy and our | society together. Privacy is a particularly fraught area. SCOTUS | says it's not a constitutional right at all (unless it's your | money, in which case it's speech), which means states will have | to define not data privacy and the limits of the surveillance | economy but abortion and marriage and contraception too. | jjtheblunt wrote: | ( typo : i think you meant "not only data privacy..." ) | borbulon wrote: | If we can let lobbyists write bills, we should be able to let | privacy advocates write bills. We can do better than this. | ericb wrote: | Maybe something in the middle is nicest? I'm not looking | forward to every single website having _two_ cookie warnings I | need to close! | weberer wrote: | Privacy advocates such as the ACLU and EFF do have lobbyists as | well. | guerrilla wrote: | but not tens of billions of dollars between them. | jedberg wrote: | You can help them if you want! :) | | https://supporters.eff.org/donate/ | rt4mn wrote: | The ACLU also does a lot of great privacy work, so | donating to them is also a good idea if you care about | this stuff. National ACLU does a lot of great work, but I | personally suggest giving to your local affiliate | https://www.aclu.org/about/affiliates, as they are often | the ones who work on local issues that are likely to | directly impact you. We do privacy lobbying at the | municipal and state level and our local ACLU affiliate | has been a huge, huge ally. | | There are also other great privacy orgs that are not | quite as big but are also fantastic in their own ways, | like Restore the Fourth (which also has local chapters | like shameless plug) rt4mn) Fight for the Future, Demand | Progress, Cato, and Privacy International | | Also, If you want to do more then just donate, you can | help the EFF with its lobbying efforts by joining the | Electronic Frontier Alliance https://www.eff.org/fight We | participate, its pretty great. | SV_BubbleTime wrote: | You have not been paying attention to the ACLU. | [deleted] | rt4mn wrote: | Always good to see links to direct text of bills. | | Reading the tea leaves a bit, Speaker Pelosi seems dead set | against it and I dont think will allow it to be moved as is. she | has publicly stated that "states must be allowed to address rapid | changes in technology", IE, the bill preempts to many state | privacy regulations, esp in California. But as a rule my default | assumption for the "real reason" why Pelosi is against something | is because she thinks it will harm chance of caucus holding | majority in house. | | https://pelosi.house.gov/news/press-releases/pelosi-statemen... | | Skeptical as I am of her motives / methods, I'm inclined to agree | with her in this case. Act should be a floor not a ceiling. | tempie_deleteme wrote: | because of the "war on drugs" was supposed to be about the health | of americans, which turned out to be a lie... | | I think this is not about protecting the rights to data and | privacy of american indivudal citizens...the other kind of | american citizen, the american corporation, on the other hand, | stands to gain a lot from this. | | > _To provide consumers with foundational data privacy rights, | create strong oversight mechanisms, and establish meaningful | enforcement._ | | ah, so corporations can well-foundedly and meaningfully consume | the data of 'consumers' (an euphenism for fuel) in a way such | that the historic shadow suckers of everything's energy (banks) | can continue to partake on the sucking down of everybody's | data/information (with real time measurements, which is a novelty | in this ancient system build around trade, commerce, insurance, | and power-authority concentration). | greyface- wrote: | SEC. 203. INDIVIDUAL DATA OWNERSHIP AND CONTROL. (e) | Verification And Exceptions.-- (1) REQUIRED | EXCEPTIONS.--A covered entity shall not permit an individual to | exercise a right described in subsection (a), in whole or in | part, if the covered entity-- (C) determines that the | exercise of the right would require access to or correction of | another individual's sensitive covered data; or | | Simple: store all your user data in an intermingled fashion, such | that a read or update of any individual record necessarily | involves a read or update of one or more unrelated records. Now | you don't need to act on data access requests. | etchalon wrote: | Doubtful any court would accept that practice. | reeboo wrote: | I chuckled at the thought of U.S. judges being forced to have | opinions on software design principles. | unknownaccount wrote: | Why on earth would we want MORE restrictions and government | interference / intrusion in our affairs? Especially in this era | of worldwide creeping authoritarianism? | | The only way implement these sorts of mandates is stomping all | over a developer's right to freedom of expression. I'm a firm | believer that code is speech and that limiting what a developer | can do is infringing on his own right to free speech. | chronotis wrote: | Ten years or so ago, I was participating in a small business | roundtable discussion with one of our state senators. At the | time, I ran a consumer research agency and would often have | multinational projects involving consumer data collection in both | the US and EU; this is before GDPR had become ratified, but Safe | Harbor was failing and there was ambiguity about what the future | state would look like. | | Of the 15 or 20 business owners in the room, I was the only "pro | privacy" voice. People were very focused on what would be the | perceived additional cost of complying with any GDPR-style rules | in the US, and weren't yet thinking about the negative effects of | having different privacy rules in different markets. "Different | markets have different rules all the time," in short. | | I maintain that it would be less complicated, less expensive, and | more human-friendly to use data privacy rules as globally | universal as can be achieved. There will always be capitalism | leeches that drain money through arbitrage between the policy | gaps, yes, but it would help. | | (Also: there is zero chance this gets through the current US | Senate. Would never clear filibuster.) | pessimizer wrote: | > Would never clear filibuster. | | A filibuster by who? Neither party would support any privacy | rules that placed any undue importance on privacy. | chronotis wrote: | I'm mostly just projecting based on the current 48+2+50 state | of the Senate where virtually everything gets held up. If the | Democrats brought it forward, I would expect the Republicans | to filibuster just on principle. | rt4mn wrote: | I would be interested to hear why you think it has no chance in | Senate. | legitster wrote: | > I maintain that it would be less complicated, less expensive, | and more human-friendly to use data privacy rules as globally | universal as can be achieved. | | I think this is a bit naive. As someone who has had to dwell a | lot on the specific nuances of German privacy laws vs GDPR or | South Korea's, I have come to the conclusion that conflicting | privacy laws are a designed feature. | | I think lawmakers certainly have consumer protection as _one_ | of their goals, most privacy legislation has many features | intended to benefit domestic industries at the expense of | foreign ones. Or to benefit national security in some way (such | as requirements for certain types of data to be stored on | servers inside the country). | | Even if the US was to homogenize with GDPR in some way, I | wouldn't doubt that the EU would fast follow with a _slightly_ | different spin on it just to give US tech companies an extra | set of hoops to jump through. | | In a way, this is already how safety regulations work in the | automobile industry. | chronotis wrote: | I agree that we're not going to see a US privacy framework | that's identical to GDPR and where all players have the same | obligations and enforcement mechanisms. What is extremely | problematic, IMHO, is the US having _no_ privacy framework to | speak of while the rest of the world does. Beyond HIPPA and | COPPA (and CCPA if you happen to live in Cali), there's | really not much recourse for US citizens besides their | collection of company-paid credit monitoring after each | security breach. | | If one outcome of GDPR is that 10-15 years later, the US | adopts some sort of national privacy framework that motivates | industry to reevaluate their data monetization business | models, that's a good outcome. | weberer wrote: | You can also see which companies sent lobbyists to work on this | bill. | | https://www.opensecrets.org/federal-lobbying/bills/summary?c... | laweijfmvo wrote: | The first thing to know about US Laws/Bills is that whatever | they name it, it typically achieves the opposite | rolph wrote: | this is because the title of a bill has very little to do | with the function of the bill turned law. | | obfusication of a bills content and intention by using a | dissociative title must stop | paparush wrote: | Sadly true. | mdip wrote: | Completely, _especially_ if it has the words "Digital", | "Online" or "Data". I haven't read the bill or read about the | bill but I'd wager a coffee there's also some form of | entertainment/copyright industry hostility in there. | | I'm _really_ trying not to be cynical here, but I started so | I might as well finish. Step #2 is if it _does_ happen to | pass, the parts of the bill that _are_ actually consumer | protections will be unenforceable, be ruled unconstitutional | or have unintended negative consequences. The bad parts of | the law will have no issues in the courts or with | enforcement. They, too, will have unintended added negative | consequences. | roamerz wrote: | You forgot the words "Inflation", "Equality", | "Infrastructure", "Dream", "People", "Save", "Health", | Budget" or "Climate". | Consultant32452 wrote: | Patriot | classified wrote: | I assume "Data Privacy" means privacy for the company that | collected the data and "Protection" means protection from the | people they collected it from. | water-your-self wrote: | The U.S. government makes often use of the data that many | companies keep about us. Android geofencing is my clasic | example for non tech. | hot_gril wrote: | Or something unrelated. The "infrastructure" bill got renamed | to "inflation-reduction" bill despite its contents not | changing much. If the pandemic were still a massive concern, | I'll bet it'd be called the "covid19 relief" bill... oh | right, there was one of those, and it included foreign | military aid. | guerrilla wrote: | That is a lot worse than I imagined. So basically this would be | terrible or meaningless for workers/consumers? | noasaservice wrote: | So basically, this is a mostly toothless law, that requires | small companies to follow to the extreme detriment of the | large companies... which already likely do the bare minimum. | | I'm not sure of the term. It's like a regulatory legal | barrier that keeps new companies from entering the market. | root_axis wrote: | > _So basically, this is a mostly toothless law, that | requires small companies to follow to the extreme detriment | of the large companies_ | | The bill outlines exemptions for business making less than | 40 million annually. I haven't read the whole thing so it's | possible I missed something, could you point out which | sections you're referring to to draw that conclusion? | onlyrealcuzzo wrote: | Small companies are exempt from CCPA? | rabuse wrote: | Yep, always used to stifle competition. Regulate the hell | out of it, so new companies can't even begin without | millions up front. | jedberg wrote: | Regulatory capture. | tomatotomato37 wrote: | It's almost like blindly calling for regulation without | accounting for the political/monetary influence of those | being regulated is a bad idea or something | ahtihn wrote: | > blindly calling for regulation [...] is a bad idea | | What do you expect people to do instead? | water-your-self wrote: | Call for individual protections, possibly with a solvent | soaked rag in a bottle, typically. | tomatotomato37 wrote: | It's like a genie wish. You have to be _very_ specific in | what you are asking for. | zeruch wrote: | The term is probably "regulatory capture" | guerrilla wrote: | > It's like a regulatory legal barrier that keeps new | companies from entering the market. | | barriers to entry [1] | | 1. https://en.wikipedia.org/wiki/Barriers_to_entry | yumraj wrote: | Great, we have the usual anti-privacy companies there as well | as ByteDance .. what can go wrong. | chitowneats wrote: | It's insane enough letting Big Corps lobby your legislature | and even write language that eventually gets enshrined as | law. | | It's even more insane we allow the state-affiliated entities | of our adversaries to do this. | randomdata wrote: | _> It 's insane enough letting Big Corps lobby your | legislature_ | | Well, it would be rather pointless to elect to hire a | representative to represent you and then not take time to | make your position known with them. They certainly are not | mind readers. | | And you can't realistically remove big businesses from | citizenry as those who are stakeholders in big business are | going to bias their position to what benefits their | business. Business _is_ people, after all. ByteDance | certainly has stakeholders who are American citizens. | | So we make a best effort to register those biases for the | sake of transparency. The only real alternative, short of | abandoning democracy entirely, is to leave it a mystery who | talked to their representatives. | vinay_ys wrote: | Isn't it the job of the representatives in a | representational democracy to have working mechanisms to | understand what their constituents' demands are? | Shouldn't such mechanisms be equally accessible to all | constituents irrespective of their ability to spend $$? | | Also, don't the representatives have pre-election issues | based manifesto when they are seeking votes to get | elected? Shouldn't they stay true to the promises they | made? | randomdata wrote: | _> Isn 't it the job of the representatives in a | representational democracy to have working mechanisms to | understand what their constituents' demands are?_ | | The advantage big business has is scale. Big business, by | definition, has many more stakeholders. This means that | big business will be disproportionately represented by | the constituents. If those biases weren't made clear, and | each constituent's position was taken at face value, then | the unified front would appear stronger than it would | actually be if each actor were acting without those | biases. | | _> Shouldn 't they stay true to the promises they made?_ | | I'm not sure why you'd want them to. The state of the | world is constantly changing and new information | continues to flow in. You will be constantly reevaluating | your position in the face of new information. A | representative will respond to that. | | Representatives know that some segment of the population | honestly believe that they are mind readers and will | offer up some examples of how they might try to read the | minds of those who buy into that witchcraft to attract | their vote, but marketing and reality are quite | different. | takeda wrote: | I have a representative who I agree pretty much on all | issues. The problem though is that he is one of 435 | people in the House. He can just vote for, against, or | propose changes. But then will have to fight against | those who will easily accept money to ruin it. | | I'm glad that Pelosi is using her position to impose some | changes on the bill so maybe something good will come out | of it, but I really can't stand that in US bribery is | essentially legal. | elashri wrote: | What is more insane is that this is not considered | corruption. Usually if this happens outside US, the US | government itself will call that corruption. | 2OEH8eoCRo0 wrote: | Freedom of speech. All they do is pay people to speak for | them. They have money to do that. Gifts and other | tomfoolery is obviously no good but I'm not sure how you | could gate this without running afoul of the first | amendment. | carom wrote: | It's pretty simple, you pass an amendment that says | corporations are not people for the purpose of political | spending. | water-your-self wrote: | Alphabet and amazon are on the last page, alphabet having spent | ~3mil and amazon ~5mil | hot_gril wrote: | I think the theme is just that they're big companies. | nixass wrote: | *briberies | jdp23 wrote: | There's been some good reporting on the lobbying on ADPPA | | What Microsoft, IBM and others won as the privacy bill evolved | - https://www.protocol.com/newsletters/policy/cloud- | enterprise... | | Privacy bill triggers lobbying surge by data brokers - Privacy | bill triggers lobbying surge by data brokers | rt4mn wrote: | Microsoft has been a particularly bad actor in this space. | They have been hiring lobbyists to advocate at the state | level for shitty "consumer privacy bills", specifically | because they want to forestall and kneecap federal | legislation. | | https://www.eff.org/deeplinks/2020/03/tech-lobbyists-are- | pus... | vinay_ys wrote: | What's Microsoft's interest in this? They don't have a big | search or ads business. What are they doing with Consumer | data? | rt4mn wrote: | Their interest is in their bottom line and avoiding | regulation. Pretty much any company that has a lot of | users creating accounts will be impacted by even the most | milquetoast privacy regulation to some degree or another, | and I guess microsoft sees the cost of hiring a bunch of | lobyists as cheaper then having to deal with the | regulation that might come about if they dont. | donjorgenson wrote: | Giggety | xbar wrote: | 2nd rate claptrap of a bill. Just make the CCPA national. | criddell wrote: | I kind of wish they would just copy the EU rules. Once set of | rules for the US and all of Europe would be pretty nice. | jesuspiece wrote: | MerelyMortal wrote: | Maybe politics would be better if people didn't jump to | stereotypes (which don't always hold true, as evidenced by your | comment and the replies pointing out your error), and instead | of blaming/attacking each other, we could focus more efforts on | making things better. | rabuse wrote: | "It's a big club, and you ain't in it" - George Carlin | lolinder wrote: | 2 out of 3 sponsors are Republican, and not the kind that | typically cross the aisle. | weberer wrote: | >Cosponsors: | | >Rep. McMorris Rodgers, Cathy [R-WA-5] | | >Rep. Schakowsky, Janice D. [D-IL-9] | | >Rep. Bilirakis, Gus M. [R-FL-12] | say_it_as_it_is wrote: | This is the proverbial shaking of the tree, whereby elected | officials will ask (threaten) tech lobbyists for campaign | contributions in exchange for their vote against the act | pessimizer wrote: | It's also potentially a huge score for some Democratic | politicians, because for every Republican that supports the | bill, they're going to need a Democrat to defect. | ck2 wrote: | Just a reminder any email you have online that is over six months | old can be read without a warrant. | pacija wrote: | Hm, I have 10 years worth of emails in my dovecot, on my metal, | in my basement, online. Can you please describe how can it be | read without a warrant by people who don't have my imap | password or wheel ssh key to my server? | unionpivo wrote: | Unless you are just emailing yourself on your server, chances | are that 80% of your email is searchable between Google, | Microsoft or Amazon. | | I just checked on my mail (look at headers, for smtp hosts | not just senders and receivers). | | For me its 76% for the past 7 years, that either originated | or ended in one of the big three silos. | pessimizer wrote: | Can you describe how it could be read _with_ a warrant, or | how it 's relevant at all to people who have email accounts | with online services? | criddell wrote: | Do you ever send email to other servers? If so, there are | copies out there. | ck2 wrote: | Well that's the "proper" version of the clinton email server | in the basement. | | But I meant the major services all must give access to | virtually any federal government entity on request, | warrantless. I think they even have portals, imagine how that | is abused by anyone and everyone. | | Not sure how it would be enforced but I would guess if the | feds wanted access to your server, even without a warrant, | you'd be forced to give it to them. | | https://www.wired.com/2010/04/emailprivacy/ | | https://en.wikipedia.org/wiki/Electronic_Communications_Priv. | .. | asow92 wrote: | Could they have picked a better sounding acronym? Maybe APPA | (American Privacy and Protection Act)? | jawadch93 wrote: | cyral wrote: | I see they are also annoyed at cookie banners: | | > SEC. 210. UNIFIED OPT-OUT MECHANISMS. For the rights | established under sections 204(b) and (c), and section | 206(c)(3)(D) not later than 18 months after the date of enactment | of this Act, the Commission shall establish one or more | acceptable privacy protective, centralized mechanisms, including | global privacy signals such as browser or device privacy | settings, for individuals to exercise all such rights through a | single interface for a covered entity to utilize to allow an | individual to make such opt out designations with respect to | covered data related to such individual. | shishy wrote: | Was scanning for this thanks for pointing it out. Some of these | banners are infuriating, and if I use firefox containers | sometimes I see them over and over, especially if I'm clearing | my cookies. It is insane to me that this isn't already a | standard. | shadowgovt wrote: | Standardization was attempted. | https://en.wikipedia.org/wiki/Do_Not_Track | | the tl;dr for that story is that it wasn't mandated to be | honored, the industry didn't voluntarily adopt it widely, and | when IE 10 tried to turn it on by default and the standard's | lead supporter responded by submitting a patch to Apache web | server to ignore the DNT signal coming from IE 10 because | "does not protect anyone's privacy unless the recipients | believe it was set by a real human being, with a real | preference for privacy over personalization," that situation | pretty much killed it in the crib. | | The problem is technologically simple to solve; all the | challenges are social and legal. | m463 wrote: | I believe DNT was used for better browser fingerprinting. | cphoover wrote: | I wonder if a browser plugin that utilizes AI would work as | a sidestep to a standardized cookie dialog. Granted someone | would have to build such a tool and standardization seems | inevitable at some point. Shouldn't be too difficult to | build something like that. | weberer wrote: | There's a browser plugin called uMatrix that lets you | block cookies and javascript on a per-site basis. I just | have it blocking all cookies by default unless its a site | I need to log in to. | Dalewyn wrote: | It's kind of hilarious that of all the datapoints websites | will gorge upon, DNT is the one thing they all toss out. | tagawa wrote: | There is a standard that has some recognition and uptake | (though needs more) - Global Privacy Control. It's been | adopted by some browsers and publishers, and IIRC is a | requirement for CCPA (California Consumer Privacy Act) | compliance. https://globalprivacycontrol.org/ | hunterb123 wrote: | They'll just make it so complicated where you have to use | an embed from Google or something to implement it properly, | similar to CCPA. | | In the end Google ends up in a script on the page somehow | in the name of privacy. | Spivak wrote: | halle-fuckin-lujah please don't make it some bullshit | centralized service where you have to have a specific cookie | from a random website to actually use it. please just expand | DNT. | bdougherty wrote: | More likely it will be GPC | (https://globalprivacycontrol.org). | user3939382 wrote: | In the sick world we live in, ad companies would love a more | granular DNT response from your browser so they can use it to | fingerprint you. | hedora wrote: | They need to specify that this has to work in an anonymous, per | device way (like DNT). | | Otherwise, google could claim its current policies are | compliant. ("Just log in if you want to be 'anonymous'...") | stvswn wrote: | Google does not rely on a user being logged in. Go to | adsettings.google.com in a logged out state, for example. I'm | not sure what you're referring to. | singron wrote: | That's only for ad personalization. If you want to turn off | web and app activity, you have to be logged in. | | The ad industry has had these opt-outs for a while, but you | have to set opt-out cookies on about 500 sites, so it's not | practical. DNT solves that problem, but the industry won't | voluntarily adopt any solution that has any realistic | chance of making a difference. | hot_gril wrote: | Sigh. I have my cookies enabled because I want to use them. If | I didn't, I wouldn't enable them. I wish there were a "fuck | GDPR, I agree to whatever terms" browser setting. | klabb3 wrote: | GDPR doesn't disallow cookies, it disallows tracking cookies, | afaik. Tracking data is not yours too see, so how could you | _use them_? Do you mean that you want personalized ads? | hot_gril wrote: | I want to use the site without getting a banner. Some | require me to agree to cookies. I don't care what they do | with the cookies. Almost nobody does. | yrgulation wrote: | Will you guys get to click popups on every.single.site.? If so | believe it's annoying. There must be a better way. | [deleted] | [deleted] | macns wrote: | Maybe I'm too romantic, but I'd like to see an american GDPR (not | saying that the eu name or the bill itself is better), and then | an Asian and so on till we have one global GDPR protecting all | consumer data. | | </daydream> | ThomPete wrote: | GDPR is a horrible horrible solution and only helps the big | corporations who can afford all the extra work to ensure that | users who actually end up agreeing to the terms are locked in. | | It helps no one besides politicians who now have create more | work for them selves, and is an abomination just like the | cookie policy. | hatware wrote: | Bills are always named so you think they're good! We are not too | far from 1984 now. | macintux wrote: | Can you expand on what you feel is wrong with the bill? | hatware wrote: | Feel free to read up on the last 20 years of US politics. | Same shit, different day. | macintux wrote: | The point of HN is not to make winking, snide comments | about how things are broken, but to actually | discuss/document what's good or bad. | | You're not adding any value without diving into details. | hatware wrote: | And you're not adding any value by staying ignorant to | history. | | It's not my job to spoon-feed you the problems and | solutions. | dekken_ wrote: | Always? Unlikely, can be sure, but I doubt it's always. | hatware wrote: | Boot taste good. | dekken_ wrote: | Nah I just know the difference between reality and | generalizations. | hatware wrote: | You'd be surprised. | matai_kolila wrote: | I can't remember the last time I saw a non-iroinic reference to | 1984. | | Have you read the book? It's nothing at all like how we live | today, and (as far as I can tell) this would do nothing towards | making our lives more like how the lives of Winston and Julia | were in the novel. | bdougherty wrote: | Telescreen, newspeak, mass surveillance, perpetual war, | "officials" acting as if what they are saying now is always | what they said, etc. It's almost easier to list the things | that we _don 't_ have in common. | matai_kolila wrote: | Literally none of those things are real as actually | described in the novel. | | Keeping a diary is punishable by _death_ (that 's the | premise of the entire story), it's kind of silly to compare | that with our lives today. | rt4mn wrote: | 1984 was published in 1949. It is partially _science | fiction_. Tricorders are not literally the same as cell | phones, either, but if you ignore the parrelels you are | doing a disservice to the important role and lessons of | good sci-fi. | | The thing I tell most people is that we currently live | under more surveillance then folks in 1984. "You had to | live--did live, from habit that became instinct--in the | assumption that every sound you made was overheard, and, | except in darkness, every movement scrutinized." nowadays | your movement is not safe even in darkness. | | We would be even more screwed then folks living in that | fictional regime if we backslide away from rights based | democratic rule of law. | matai_kolila wrote: | I couldn't disagree more strongly; the fact that you can | write this and not worry for the rest of your life about | being killed is the whole point. | | I urge you to reread 1984, and focus on how people who | broke the rules were treated. People weren't deplatformed | or cancelled, they were murdered. | rt4mn wrote: | I do worry about being killed by the government. I worry | about everything related to government abuse of power and | surveillance. I wear my tinfoil with with pride, thank | you very much. | | On a more serious note (in case it was not clear that I | was being facetious), you are absolute correct that an | important theme (and, arguably, the primary / key | message) of 1984 is to highlight the horror and dangers | of a totalitarian government, and to push back against | the very, very pressing danger of Nazi Germany and the | Soviet Union. | | But one of the great things about sci-fi / dystopian / | utopian fiction is that it lets us look at a potential | future, ask ourselves if thats a world we want to live | in, and if its not, we can think about what it might take | for us to go down that path, and what steps we should | take if we want to avoid it. | | You are right to point out that we dont live an a | totalitarian surveillance state run by elites without | respect for the rule of law. But my point is that we | _could_ , and that we currently do live in a | _surveillance state_. It just happens to be a democratic | surveillance state run by elected representatives of the | people with a strong culture of respect of the rule of | law. But its a surveillance state nevertheless. | | I wont suggest you re-read 1984, but I would suggest | taking a look at this opinion piece by Pussy Riot's Nadya | Tolokonnikova: https://www.nytimesn7cgmftshazwhfgzm37qxb4 | 4r64ytbb2dj3x62d2l... (or i guess | https://www.nytimes.com/2020/08/26/opinion/navalny- | russia.ht..., but I suggest the onion link) | | Or at least the last paragraph: "Our president has only | just recently had the law changed so that he can stay in | power until 2036, but his program of repression didn't | start out this blatantly. These things happen in pieces, | bit by bit, small acts. And each one may even seem | relatively benign at first, perhaps bad, but not fatal. | You get angry, maybe you speak out, but you get on with | your life. The promise of our democracy was chipped away | in pieces, one by one: corrupt cronies appointed, | presidential orders issued, actions taken, laws passed, | votes rigged. It happens slowly, intermittently; | sometimes we couldn't see how steadily. Autocracy crept | in, like the coward it is." | | Persistent mass surveillance is not mentioned. Abusive | government surveillance tends to fly under the radar. But | one of the lessons of 1984 is that you ignore it at your | peril. | [deleted] | [deleted] | matai_kolila wrote: | I don't disagree or agree with what you've written | generally here, but specifically speaking 1984 is not a | reflection of current reality for Americans, and you seem | to agree with that. | | That's an important point, and I think there are a lot of | folks who would try to disagree. There are people in this | very comment thread that believe 1984 is not a work of | fiction, and that's silly. Those are the people I'm | disagreeing with. | | I'm not really interested in generic, "society is falling | apart" conversations, as every society ever has been | saying that about different things, and yes they even | followed up with, "No but for us it's real!" | rt4mn wrote: | > specifically speaking 1984 is not a reflection of | current reality for Americans, and you seem to agree with | that | | Of course 1984 is not a reflection of current reality. it | was not a reflection of current reality back when it was | written. Science fiction is not a fun-house mirror | reflecting back a warped version of the present, its a | kaleidoscope looking into the future. | | I have not seen anyone in this thread say "1984 is | totally real and not a work of fiction", or confusing | that world with reality. I've only seen people using the | novel as it was intended to be used (as a rhetorical and | persuasive tool) and pointing out: "There are a number of | very real parallels between the world we live in and the | world of 1984, and the number of parallels is increasing. | This is a giant blinking warning light, and we should | change course" | | > I'm not really interested in generic, "society is | falling apart" conversations, as every society ever has | been saying that about different things, and yes they | even followed up with, "No but for us it's real!" | | I sympathize with your lack of interest in that | conversation, its not a fun one, but its important and | your rational for avoiding it is flawed. True, very | society every has had its doomsayers, and they were very | often wrong. But a lot of them were right, too. Progress | is not inevitable. Societal backsliding has happened many | times throughout the course of human history, and | democratic / rule of law backsliding has happened a lot | in very, very recent history. Back when that opinion | piece I linked too was written, the new york times had | reporters based in russia. Now they don't. | | Judge Doomsayers like me based on the specific doom we | forsee, not on the fact that we are doomspeaking. (and | now I promise I'm done editing, even for spelling, since | thats gotten me hooked two bloody revisions ago) | matai_kolila wrote: | > Telescreen, newspeak, mass surveillance, perpetual war, | "officials" acting as if what they are saying now is | always what they said, etc. It's almost easier to list | the things that we don't have in common. | | > The thing I tell most people is that we currently live | under more surveillance then folks in 1984. | | > In ~20 years you'll see how silly you are for welcoming | totalitarianism. You won't care until it effects you. | | Three examples from this thread (one by you) of folks | claiming "1984 is totally real and not a work of | fiction", at least to the degree of what I originally | said (you're misconstruing what I wrote for rhetorical | value, but if you look at what I _actually_ claimed, | these quotes fit). | | There are not "a number of very real parallels between | the world we live in and the world of 1984", this is a | misremembering of the content of the novel. You don't get | to just hand select a few things from the novel and say, | "Look, 1984!" in the same way you don't get to cite "well | the humans in Lord of the Rings breathed air so it's the | same as today!" | | For example, without the critical, "or else you die" | consequences of misbehavior in the 1984 novel, none of | the "scary" things in the novel carry anything remotely | approaching the weight or meaningfulness. | pessimizer wrote: | > Three examples from this thread (one by you) of folks | claiming "1984 is totally real and not a work of | fiction", | | I'm not sure that you can accuse anyone of misconstruing | anything unless you can find this quote in another | comment, or anything resembling it. | matai_kolila wrote: | I'm not really interested in playing the semantics game, | I concede all points to anyone who wants to try. | hatware wrote: | I like how calling you out somehow implies 1984 was not | fiction. What a set of hoops! | | Then when _others_ call you out, you call it semantics | games. Rich. | hatware wrote: | In ~20 years you'll see how silly you are for welcoming | totalitarianism. You won't care until it effects you. | | And then it will be too late for you to do anything about | it. | [deleted] | matai_kolila wrote: | Welcoming, not welcoming; you don't know my position on | totalitarianism, you just know I've read 1984 and have | opinions about the validity of parallels with modern day. | | For all you know I prefer "Brave New World" analogies! | hatware wrote: | > you don't know my position on totalitarianism | | We all know your position, and you're not on the right | side of history. Period. | pessimizer wrote: | Speakwrites are coming. It'll be no time at all until your | computer changes what you're typing to something more | appropriate, or throws up a modal that reads: | | "Most writers don't write things like this. You should | consider for a moment whether this is how you want to | present yourself to others. Press [suggestions] for | alternate ways to express a similar idea, or press [submit] | to become legally and socially liable for the consequences | of your actions." | [deleted] | throwaway71271 wrote: | when people say '1984' they dont always mean Winston and | Julia, sometimes they mean the Proles. | | > If there is hope, wrote Winston, it lies in the proles. | | https://www.abhaf.org/assets/books/html/1984/47.html | hatware wrote: | > Have you read the book? | | Have you...? Imagine being this far away from the truth. | Yikes. | hallway_monitor wrote: | If it has anything about protecting children in it or it has to | do with limiting encryption you are correct. | viridian wrote: | > limiting encryption | | You mean stopping online crime, identity theft, and | cyberbullying. Going after encryption is the goal, the stated | goal is usually about more tangible, friendly concepts. | antonymy wrote: | Well... | | >SEC. 406. COPPA. | | >(a) In General.--Nothing in this Act shall be construed to | relieve or change any obligations that a covered entity or | another person may have under the Children's Online Privacy | Protection Act of 1998 (15 U.S.C. 6501 et seq.). | | >(b) Updated Regulations.--Not later than 180 days after the | enactment of this Act, the Commission shall amend its rules | issued pursuant to the Children's Online Privacy Protection | Act of 1998 (15 U.S.C. 6501 et seq.) to make reference to the | additional requirements placed on covered entities under this | Act, in addition to those already enacted under the | Children's Online Privacy Protection Act of 1998 that may | already apply to some of such covered entities. | | Not exactly new rules, but they're making sure this doesn't | overwrite anything they already enacted "for the children". | kevinventullo wrote: | Also, my understanding is that COPPA is actually pretty | well-scoped to legitimately protecting children. I say this | as someone who works on a product that is affected by | COPPA. | kornhole wrote: | The corporate captured government will only protect their privacy | and profits. The quicker people realize this, the better. ___________________________________________________________________ (page generated 2022-09-22 23:00 UTC)