

Silicon Valley companies quietly try to kill Internet privacy bill - guelo
http://www.insidebayarea.com/breaking-news/ci_23067323/silicon-valley-companies-quietly-try-kill-internet-privacy

======
coldcode
This is one of those bills that seems like a good idea to the general public.
But how do you even define what data is covered and what uses have to be
disclosed and in what level of detail? If someone objects how do you identify
them (if there is no login) enough to avoid collecting any data about them
without collecting enough to identify them? The legally required compliance
with the law is likely to be a giant wormhole. In the end it probably will
result in making no difference like the recent EU cookie rule.

------
shawnee_
<http://legiscan.com/CA/text/AB1291>

Rationale according to the authors of the bill:

 _This state has previously recognized the importance of providing
Californians with transparency about how their personal information has been
shared by businesses by enacting Section 1798.83 of the Civil Code into law in
2003

Businesses are now collecting types of personal information not included in
the original law and sharing and selling it in ways not contemplated or
properly covered by the current law.

\- Some Web sites are installing up to 100 tracking tools when consumers visit
Web pages and sending very personal information such as age, gender, race,
income, health concerns, and recent purchases to third-party advertising and
marketing companies.

\- Third-party data broker companies are buying, selling, and trading personal
information obtained from mobile phones, financial institutions, social media
sites, and other online and brick and mortar companies.

\- Some mobile applications are sharing personal information, such as location
information, unique phone identification numbers, and age, gender, and other
personal details with third-party companies. _

Proposed changes to the 2003 law:

 _This bill would instead require any business that retains a customer's
personal information, as defined, or discloses that information to a 3rd
party, to provide at no charge, within 30 days of the customer's specified
request, a copy of that information to the customer as well as the names and
contact information for all 3rd parties with which the business has shared the
information during the previous 12 months, regardless of any business
relationship with the customer. This bill would require that a business
subject to these provisions choose one of several specified options to provide
the customer with a designated address for use in making a request for copies
of information under these provisions._

------
dmix
I'm on their side, for impracticality reasons.

But one note: TechAmerica, who are very vocal on this bill, were also strong
_supporters_ of the CISPA bill... which seems a bit inconsistent.

[http://www.techamerica.org/house-passage-of-cispa-major-
step...](http://www.techamerica.org/house-passage-of-cispa-major-step-towards-
enhancing-our-nations-cybersecurity/)

