
A Privacy Bomb Is About to Be Dropped on the California Economy and the Internet - coldseattle
https://blog.ericgoldman.org/archives/2018/06/a-privacy-bomb-is-about-to-be-dropped-on-the-california-economy-and-the-global-internet.htm#CA
======
sctb
Previously:
[https://news.ycombinator.com/item?id=17420849](https://news.ycombinator.com/item?id=17420849)
(and
[https://news.ycombinator.com/item?id=17376772](https://news.ycombinator.com/item?id=17376772)
earlier).

------
Lazare
I dunno, it looks fairly reasonable to me. At this point I feel like the
sooner everyone just shrugs and adopts a GDPR-ish like framework, the better.
And this one looks serviceable, doesn't come into effect until 2020, and can
be tweaked in the meantime if needed.

I'm open to the proposition that there's something horrible here but 1) the
linked article doesn't seems to able to find any and 2) it _does_ do a good
job of selling me on the idea that this law is better than the ballot
initiative we'll get if this doesn't pass.

So...what are we meant to do with this info? Call up our local legislators (if
we live in CA) and tell them to pass it? (Or...not pass it? I'm honestly
confused what the author wants.) There's no call to action here I can see,
probably because there's nothing meaningful to do, in which case...maybe take
a few more days and make a readable analysis of whatever ends up passing?
Because this just feels like fearmongering.

~~~
extralego
Right. If there are any major issues, the companies can pay the government to
make it how they want. They surely will anyhow. Very sad for the small
businesses that will suffer, but I can’t reason to worry for them more than
the all the millions mustering a life in the surveillance state _without_
small business capital. It sounds rough but something has to change yesterday.
Let the corporations work out the details for once and if you honestly want
small businesses to have a voice, simply vote for candidates who don’t accept
corporate campaign donations. That’s where it starts.

~~~
cft
There are no founders left on HN anymore: most commenters here with newish
accounts have no idea what it takes to start or run a business themselves.

~~~
extralego
I have started a business and sold 4 years ago. I understand your point.

Mine is more about asking what pace of commercial enterprise a society can and
should bear. Why must everyone carry the burdens of our greatest risk takers?
Life has many facets. Some of them cannot be bought and sold, and some of them
shouldn’t be. Businesses come and go like flies. Civil societies are harder to
come by.

------
chasing
Someone needs to do a better executive summary of this bill. Or at least do a
better job of highlighting and explaining where it might be broken. Without
all of the breathless editorializing. Because when I scan his summary,
everything actually seems fairly reasonable, from a consumer privacy
standpoint.

~~~
alistproducer2
My thoughts exactly. Very poorly constructed article. They definitely buried
the lead, which is that the law is reasonable. IMO it's crazy that it's taken
this long for real regulation of web 2.0.

------
snissn
> This bill would provide that a consumer shall have the right to request that
> a business delete any personal information about the consumer which the
> business has collected from the consumer. Upon such a request, the business
> would be required to delete the information from its records and direct any
> service providers to do the same. This right to delete would need to be
> disclosed by businesses collecting personal information

How does this work when someone requests that a company delete all invoices
related to them?

~~~
alextheparrot
There's a whole list of exceptions included in both GDPR and this law. For
example, a business does not need to delete information when it is required
to: "Complete the transaction for which the personal information was
collected, provide a good or service requested by the consumer, or reasonably
anticipated within the context of a business’s ongoing business relationship
with the consumer, or otherwise perform a contract between the business and
the consumer"

------
mindslight
I believe this is called FUD - lengthy "summarizing" of the facts, alternating
with vague baseless allusions. The author condemns the bill for being 10k
words long, while his own screed weighs in at 5.5k!

I _am_ a bit wary of something that pops up out of the blue, looking helpful -
"never let a good crisis go to waste" and all that. And I'm generally
skeptical of "making more laws". But what are the _specific_ flaws in this
one?

The indictment seems to be focused on time, meaning there could be flaws we
cannot find. But given this is an adversarial process, it also means there
(hopefully) hasn't been much of a chance for every entrenched interest to
compromise with each other at the people's expense!

The tech giants will eventually benefit from this type of legislation, because
after the initial shock it will just help them consolidate. For instance
(contrary to the linked FUD), "mom and pop [retail] stores" already don't have
to worry about handling customers' information, as that's encapsulated by the
payment processors.

So now every little business that wants to use surveillance against their
customers will be pushed to go through some centralizer (eg Google). Though
from the perspective of the unwillingly surveilled, this isn't really that bad
either - eg gaining the ability to _actually break up_ with clingy and
histrionic Faceboot.

The big question is if this ability to delete the files being kept about
ourselves will remain unneutered, or whether the surveillance industry will
eventually succeed in eroding it under some guise of indefinite consent or
nebulous mingling of orthogonal purposes.

Another big test will be if the law can be successfully applied against say
Experian.

~~~
halflings
> I wouldn't be surprised if the tech giants are actually positive on such
> legislation, because after the initial shock it will just help them
> consolidate.

It's really easy to check this, and the answer is no they're not positive on
such legislation:

"Amazon, Microsoft, and Uber are paying big money to kill a California privacy
initiative": [https://www.theverge.com/2018/6/15/17468292/amazon-
microsoft...](https://www.theverge.com/2018/6/15/17468292/amazon-microsoft-
uber-california-consumer-privacy-act)

Only facebook left this group of tech companies opposing this after his
testimony in Washington (probably wanted to avoid even more bad PR).

"Facebook exits group opposing California's proposed privacy law":
[https://www.cnet.com/news/facebook-drops-opposition-to-
calif...](https://www.cnet.com/news/facebook-drops-opposition-to-californias-
proposed-privacy-law/)

~~~
mindslight
While I didn't phrase that well (everybody resists change), I do stand by the
assertion that they specifically will benefit in the long term.

It's like how the health insurance companies were _really against_
"Obamacare", while now it has cemented their ability to compel your patronage.

------
danbmil99
How is this rush to give people the right to remove themselves from databases
going to intersect with corpuses of data that are immutably recorded in
blockchain?

~~~
Latteland
Aren't there bad things already encoded in the block chain, I thought I read
that? How would a court order on an international open source software base be
affected? You could order people in the us under court threat to alter the
block chain to remove that information. People in other countries could have
confusing legal implications. We already have this with us companies who
stored info in other countries so the us govt would have a difficult time
compelling them to give up info.

~~~
toomuchtodo
Publishing the block chain in question or running a node then becomes a civil
and/or criminal transgression. Similar to how torrents were/are handled.

Whack a mole, with whomever has the most force winning (usually a nation
state).

------
mcny
I don't know the whole story but maybe someone will enlighten me

I think the cat is already out of the bag. We saw how engaging the public
works with the legislature. California net neutrality is a recent case in
point.

I would argue that the being frozen thing is a good thing. In fact, I think we
need to make this proposition system stronger. Once a proposal meets
certification, the applicant or anyone may not withdraw it. This I think
reduced chances of reckless gambling behavior.

------
fmajid
The self-serving wailing of a lawyer/lobbyist for the privacy invasion
industry, how very droll.

The California initiative process, introduced around 1911 by crusading
progressive governor Hiram Johnson to curb a venal legislature in hock to
special interests, worked as designed in this case. Of course special
interests adapted and learned to coopt the process, as the sugary-drinks
industry is doing with its own initiative to arm-twist the State into
preempting local soda taxes like Berkeley’s or San Francisco’s.

The privacy initiative took 2 years of preparation, not 7 days:
[https://www.theregister.co.uk/2018/06/29/california_data_pri...](https://www.theregister.co.uk/2018/06/29/california_data_privacy_law/)

------
mirimir
It's pretty clear by now that many people, in fact, do not like being tracked
and profiled. Most people, I suspect, could just not imagine what Google,
Facebook and the programmatic ad industry overall have managed. But now, many
are catching on. And they're pissed.

------
iamaelephant
This law sounds awesome, please implement something similar in Australia and
New Zealand.

------
throwaway9d0291
> Among other major problems facing our country, we need to eliminate
> California’s initiative process to shut down this unwelcome workaround to
> our democratic institutions.

Calling direct democracy an "unwelcome workaround to our democratic
institutions" and saying it needs to be "eliminated" is a bit much. If the
legislature was doing its job properly and giving the people what they want,
they couldn't be motivated to support an initiative like this.

------
awinder
> the text is locked down, so there’s no way to improve the proposed text
> based on comments from other stakeholders (which the legislative process
> allows)

Or one of those stakeholders or a chairman beholden to those stakeholders
would have pulled the same move that just happened with CAs net neutrality
bill and used the process to poison-pill it.

------
matt4077
Such breathless, emotional ramblings really don't support whatever point the
author is trying to make.

------
s2g
> The GDPR took 4 years to develop; in contrast, the California legislature
> will spend a grand total of 7 days working on this major bill

not a claim I would believe without a lot of evidence.

~~~
notsofastbuddy
Which part?

~~~
s2g
7 days.

------
trisimix
I disagree

------
SubiculumCode
Well maybe this will move the commercial internet more towards subscription or
micro-transaction based models.

