
Do Not Track California Privacy Law Changes Effective Today - iSimone
https://www.iubenda.com/blog/2014/01/01/track-california-privacy-law-changes-effective-today/
======
drdaeman
Am I the only one who thinks "Do-Not-Track" is a snake-oil-grade security and
what this header reliably does is only adding a single more bit to uniquely
identify the visitor?

~~~
DanBC
I tend to agree.

Some marketters just have really weird ideas about what they should be allowed
to do. Or even what i should be allowed to stop them doing.

Spam is obviously evil to most people, until they decide to spam for their
particular product.

SEO has had some strongly negative effects on the www. I'm sort of thinking of
starting a movement like "contrast revolution" or "viewable in any browser".
My banners would be "zero SEO performed here".

~~~
eli
_shrug_

I think the primary tactic for white-hat SEO these days is, "Create good
content people want to read." Hard to get too upset about that.

------
iSimone
Basically, commercial online services (which includes mobile apps) need to add
a sentence/paragraph about how they are handling the Do Not Track header
requests. This is a California OPPA amendment starting today.

We/iubenda is giving away a special discount to those affected in California,
which most of you may be.

~~~
CookWithMe
Honest question: How does one send a Do Not Track header request to a mobile
app? One does not interact with a mobile app via HTTP (although the app may
use HTTP internally) and can therefore not send HTTP headers...

Or, is it in your opinion, a law written by someone who does not have
sufficient technical understanding to find the correct wording, and now the
law applies erroneously applies to mobile apps?

------
kordless
I'm wondering about how 'club card' tracking is affected by this. If I use a
club card at the hardware store, and it has a corresponding website that
allows me to manage the card's account, is the tracking law going to apply to
purchases I do in store as well?

------
jason_wang
So practically speaking, this California law will have a national effect.

Since it is near impossible to determine if a visitor is a California resident
or not, sites/apps will just implement the necessary notices and features to
comply with DNT for everyone.

~~~
coin
I would think that this law has no enforcement outside of California for
websites that are outside of California. As a non-California resident
operating a website not in California, I am not subject California law. This
is the same basis used for not collecting out of state sale tax.

~~~
jason_wang
I didn't mean the DNT law will be enforced nationally. I meant the effect will
be national since a site will just implement the necessary changes once for
all its visitors.

------
Jayschwa
Now we just need a law to require use of the Evil bit in packets. I'm sure it
will be as equally effective as the Do Not Track header.

[https://tools.ietf.org/html/rfc3514](https://tools.ietf.org/html/rfc3514)

------
jevinskie
Does this apply even if you do not have a physical presence in California?

~~~
adventured
It applies, but California has effectively zero enforcement capability if
you're operating out of say, Rhode Island.

The only outside scenario is if you get really large, and become a juicy
target for the state to go after (and or eg you're large and doing something
particularly aggressive in violation). The state simply could never afford the
massive enforcement costs to go after every web site owner on earth external
to California, so they'll obviously only target the big prizes.

------
jusob
Anyone has as an example of text that should be added?

~~~
iSimone
I've suggested in the post that something along the lines "we do not react to
Do Not Track signals" may be a start. It's hard to tell what will be a
standard down the road. If you do honor those signals though, a more thorough
description will be in order.

Also note that (6) sets out slightly stricter standards regarding disclosure:

(6) Disclose whether other parties may collect personally identifiable
information about an individual consumer’s online activities over time and
across different Web sites when a consumer uses the operator’s Web site or
service.

------
lhgaghl
Wow I didn't know the law even talks about Do-Not-Track. It's a distraction
posing as a solution. The time spent talking about Do-Not-Track could be spent
on useful things such as contributing to torbrowser.

~~~
iSimone
Hm I think most would agree with a statement like this. On the other hand I
think it's important for privacy laws to be in place. We all know how
regulations are lagging years behind, so theoretically, this is just the
beginning.

In the meantime it's important to comply with it with the simplest means
possible imo. That's what we're trying to help with.

~~~
drdaeman
It's even more important to _not_ introduce privacy laws that are misleading
and give a false sense of security, thus averting public from the core
problem.

If you can be tracked you will be tracked, eventually but almost inevitably.
The law could be used to provide some remedy for damages caused by tracking,
but it should be introduced only after core problem with tracking (browsers
willingly tag users for indefinite time with invisible tokens, in an quite
stealthy manner) is solved.

~~~
iSimone
Hard to argue with that @drdaeman. Let's say in an ideal world I'd agree with
every last thing you said. Again, it sure isn't perfect, it may be a start.
Worse than no developments at all? We're doing our job at iubenda to help
developers/website operators to keep up with the developments that are out
there right now.

