
The California Consumer Privacy Act Should Be Condemned, Not Celebrated - raleighm
https://blog.ericgoldman.org/archives/2018/08/the-california-consumer-privacy-act-should-be-condemned-not-celebrated-cross-post.htm
======
xg15
Not a Californian. The process and timing problems sound valid, but others
sound like the usual strawman arguments against _any_ kind of privacy
regulation:

> _Thus, consumers will pay for the CaCPA-mandated offerings one way or
> another, regardless of whether they value, or take advantage of, them._

There was a study showing that if you randomly ask people on the street, many
will give you their e-mail password in exchange for a literal chocolate bar.
Does that imply that we should freely post password leaks online as they
apparently have very low value?

From my understanding, the proposition of everyone deciding about a value for
themselves requires that they have enough information to assess that value.
This is not the case with privacy: The consequences of someone tracking you
are often completely unclear and businesses have little interest in making it
clearer.

> _Facebook may have been the target, but the local pizzeria will bear the
> law’s brunt._

If the local pizzeria would sell my data to some shady third-parties, I don't
see how that would be better than Facebook using it itself.

But more importantly, I think it's extremely difficult to write legislation
that is exclusively targeted at large companies. Those will always have more
resources to find loopholes than small companies. E.g., if the limit was set
higher, I could imagine Facebook/Google/etc inventing an army of small
"subcontractors" who would, on paper, handle the data, so they could benefit
from the exception, too.

How would a legislation look that (a) responds to the OP's criticism and (b)
is not completely toothless?

~~~
MisterTea
Straw man indeed. I'm no expert on any of this but it seems more than a
stretch to even begin to imply that a small local pizzeria is collecting
information. I can understand that a chain pizzeria would certainly be
involved in collection of data for profit and marketing research. But the
local pizza joint? Laughable.

~~~
UncleEntity
Pizza joints have been using caller ID to tell your address for, like,
forever.

Also probably doesn't matter what they do with the data but the mere fact they
have it means they have to comply with all the requirements of this new law so
even if they just use it so you don't have to tell them your address every
time you call they still have to treat it like they are selling it to some
marketing megacorp.

~~~
astura
My pizza place has software that keeps my credit card number for delivery for
my address plus calling phone number. They'll ask "do you want to pay with
Visa ending in 1234?"

------
EdwardDiego
> Facebook may have been the target, but the local pizzeria will bear the
> law’s brunt.

> Duplicative CaCPA/GDPR compliance. Because the CaCPA’s requirements don’t
> track the EU General Data Protection Regulation, GDPR-compliant businesses
> will incur additional compliance costs.

How many Californian pizzerias deliver to Europe?

------
gaius
_law reaches businesses that collect personal information from 50,000-plus
consumers per year, regardless of revenue_

As it should. Why are they collecting it in the first place? The requirement
is not onerous; simply refrain from actively collecting data that you don’t
actually need. That’s it.

Just think of data as a liability rather than an asset and everything else
comes naturally.

------
Shivetya
A 5 point break down is available here [1]

I need to read the actual bill closer but I would want political campaigns,
charities, and PACs, subject to it as well. It is depressing how many
"protection" bills exclude political committees and related PACs.

[1] [https://iapp.org/news/a/top-five-operational-impacts-of-
cacp...](https://iapp.org/news/a/top-five-operational-impacts-of-cacpa-
part-1-determining-if-youre-a-business-collecting-or-selling-consumers-
personal-information/)

~~~
Bizarro
_It is depressing how many "protection" bills exclude political committees and
related PACs._

That's because they're quasi-government entities or related, and above the
fray.

~~~
gt_
_> That’s because they’re quasi-government entities or related, and above the
fray._

No, they’re not. If anything, the distinction should be more clear for these
entities than other private businesses who could at least be contracted by the
government. Political campaigns are entirely private marketing arrangements.
The extent to which they are “quasi-government” should be perfectly obvious in
light of their intentions, which is _to become_ elected _in the future_. Even
if the candidate is serving in office, that office’s duties and the campaign
they run are separate projects. There is no blurry line here.

~~~
yspeak
Oh my. Not correct. Participation in democracy is not quasi-governmental.

------
yspeak
I love the techies praising the small time developer and the internet as we
know it. Please before commenting read the law and all the regs that go with
it, and then ask if your website complies. And it won't. And then calculate
how many lawyers and consultants you need to hire (unless of course you are
one of them and then you love this stuff). Or even easier just close up shop.
Google, Facebook, Microsoft love these regs. They erect a big barrier of entry
to the little guys.

~~~
yspeak
The death of the small developer and the internet as we know it

------
johnaspden
This article is literally the first I've heard of this bill and I'm now
strongly in favour of it. Lucky California!

------
mindslight
"Don't let a good crisis go to waste" and all that, I personally _would like_
to understand the lurking gotchas. But after an in-depth reading of a previous
post [0] and a quick reading of this one, the lead picture of a dumpster fire
seems more applicable to the blog itself.

[0]
[https://news.ycombinator.com/item?id=17438787](https://news.ycombinator.com/item?id=17438787)

------
j88439h84
None of these seem especially significant relative to the consumer benefits.

