
A National Privacy Law Is Nowhere in Sight - tysone
https://www.nytimes.com/2019/10/01/technology/national-privacy-law.html
======
client4
In Montana I've been working on privacy legistlation with my friend and State
Representative Daniel Zolnikov for almost 10 years now. Initially we tried to
pass too much (something like 40 pages in a state where most bills are 1-2),
then Dan decided to break out individual ideas from the initial bill and pass
smaller chunks or create specific bills targeting abuses.

The Montana state constitution provides citizens with a right to privacy but
attempting to enumerate it in law is an uphill battle. At the last legislative
session the national Charter public policy guy flew in and spoke against the
bill saying it would be an incredible burden on his company to allow customers
the right to privacy (conveniently ignoring they're up to the task for
collecting and storing DNS, usage history, a multi-billion dollar company
etc.). They were able to spread enough FUD to get the bill killed.

Corporations are stifling privacy at the national level and willing to spend
the money quashing attempts by the states to take it back. Privacy will be a
hard-fought battle most likely won with technology and user choices vs policy.

~~~
toomuchtodo
Do you have any docs or knowledge you could share? I'd be interested in
working on this in several midwest states.

~~~
client4
Dan is a great resource to reach out to, he's on Keybase Chat
[https://keybase.io/drz](https://keybase.io/drz) and more than happy to help
people in the policy realm. Our naive first bill is well organized with some
of the things we felt necessary to enable an individuals right to privacy and
can be found here
[https://leg.mt.gov/bills/2013/billhtml/HB0400.htm](https://leg.mt.gov/bills/2013/billhtml/HB0400.htm)

------
comex
Good. With the current partisan makeup of Congress, even if they could agree
on a national privacy law, it would be drastically watered down and toothless
compared to California’s law, while preempting it (i.e. preventing California
and other states from legislating in that area). There’s a reason that it’s
industry groups, not consumer groups, who are currently pushing for such a
law. Without one, at least California residents will get the benefits of the
stricter version, and perhaps other blue states will pass similar laws in
coming years. Meanwhile, residents of other states will at least get indirect
benefits – for instance, the ability to bring class action lawsuits over data
breaches will hopefully encourage companies to invest more in security.

------
brenden2
Unfortunately, I don't think the government is going to come to the rescue
anytime soon with regard to privacy.

At this point I think the best option is for people passionate about privacy
issues to start building products and platforms that address the problems by
providing real solutions. That's what I'm doing with all my energy, and I know
a lot of other talented people who are too (or, at the very least, they want
to help).

~~~
Reedx
Maybe if Andrew Yang makes it through we'll see something happen, since his
overall approach has a chance of reducing gridlock.

And on this issue is proposing data as a property right:
[https://www.yang2020.com/policies/data-property-
right/](https://www.yang2020.com/policies/data-property-right/)

~~~
danShumway
For members of the privacy community that oppose efforts like this, we
probably should probably be more careful with the phrasing around "your" data.
What a lot of us meant was, "data that is generated by actions you take, or
that applies to your life." What (increasingly), people interpret it as
meaning is "your data" in the same way that you would say, "your boots."

The EU often falls back to referring to this stuff as Personally Identifying
Information, which is at least a more logically coherent term -- it focuses
more on de-anonymization and the risk to the individual, rather than on this
idea that I somehow have a morally granted monopoly over a fact.

I'm trying to be more careful about how I phrase stuff like this in the future
(PII, or 'facts about you' instead of 'your data'), to try and make it more
obvious that the privacy community isn't monolithic and that there is no
singular view even among privacy advocates about what data is or how it can be
controlled.

~~~
inetknght
> _For members of the privacy community that oppose efforts like this, we
> probably should probably be more careful with the phrasing around "your"
> data. What a lot of us meant was, "data that is generated by actions you
> take, or that applies to your life." What (increasingly), people interpret
> it as meaning is "your data" in the same way that you would say, "your
> boots."_

When I say "your data" I mean exactly "your data" in the same way that I would
say "your home" is _your_ home but also the home of people you live with.

~~~
danShumway
I'm guessing though that you don't belong to the subset of people who oppose
efforts like this?

It sounds like you're saying that you do think "your data" describes a type of
property ownership, not just an abstract thing you have a stake in protecting.

------
bryanmgreen
I believe one of the biggest blockers for ~right now~ is Ajit Pai, FCC
Chairman.

Anything around privacy will need the support of the FCC and, under the
current administration, they have clearly set a standard of favoring a hands-
off approach. In fact, avoiding regulation is the number one philosophy bullet
point on his profile - [https://www.fcc.gov/about/leadership/ajit-
pai](https://www.fcc.gov/about/leadership/ajit-pai).

While I am generally and very-broadly-speaking against regulation, I believe
privacy and personal-data issues are definitely an exception for me.

Edit: Really not trying to be partisan here, folks. Privacy laws are
regulatory and it's not an opinion that the FCC doesn't want regulations -
that's why I provided the link to the .Gov website for proof.

~~~
Accujack
To be fair, this isn't solely a problem from the current administration.

Privacy laws in the US have not ever been updated for the computer age. It's
still safer to send secret info in a paper letter than in an e-mail, because
the laws have never been re-written.

This is not surprising given the generation that's been in power since the
1970s. They didn't grow up with computers, and they don't understand them.

~~~
bryanmgreen
You're 100% right that this isn't a problem that began or ends with the
current administration. There's a lot of work to be done from every party and
every age group!

I was reflecting on what I what think is a ~current~ large obstacle and tried
my best to keep my comment neutral, but thanks for clarifying.

------
dr_dshiv
Also, what about a right to cognitive liberty? Privacy is one thing, but does
it give me the right to take drugs or implant, because I have a right to my
own mind?

~~~
LocalH
Sad to see this downvoted, probably due to the mention of drugs tbh.

I feel cognitive liberty is underdiscussed. Not just in the context of
consumption, but also in the context of mental autonomy. One of these days, if
we don't have a strong cognitive liberty protection, they'll end up developing
technology to "read" people's minds (which of course will be unreliable at
first), and if we're not careful then the idea of having privacy _in our own
minds_ will be a thing of the past. If that happens, I fear we'll slip into a
dystopia within a quarter century.

~~~
dr_dshiv
If that's so clear, how come no one seems to care about cognitive liberty?

~~~
LocalH
Probably because they're worried (somewhat legitimately) about more currently
pressing issues.

I have no hard evidence to back up my assertion. It's just my feeling after
observing the path our societies are traveling. I _really_ hope I'm dead wrong
on that.

------
journalctl
Well, yeah. Functional legislation requires a functional government. This
hasn’t been news for a long time.

------
bedhead
That would require congress to actually do something.

------
noarchy
The US couldn't even stop its own intelligence services from breaking the law
with regard to spying on citizens. Do people expect it can or will enforce
this on private companies? I'd expect such measures to be equally toothless.

