It's not clear that ADPPA will move forward. The current version preempts California's CCPA/CPRA legislation, and (big surprise) California doesn't like that. But, that's far from the only issue with it. Here's an update from a couple of weeks ago which discusses some of the problems, as well as potential next steps. https://thenexusofprivacy.net/adppa-new-compromise/
Preemption would be an enormous mistake. Federal legislation moves at a glacial pace. In a field like privacy, you may only get to pass one substantial bill every 10 or 15 years. Technology moves too quickly for lawmakers at the Federal level to keep up. States can move much faster. Justice Brandeis popularized the phrase that "[the] states are the laboratories of democracy" and digital privacy law is a text book case of an emerging field that will benefit enormously from iterative experimentation at the state level.
States move faster... so fast that a technology company would be constantly chasing 50 different state laws.
The Internet is a global entity, and it doesn't strike me as being well served by the "laboratory of the states".
Federal legislation is slow, but executive agencies can move faster if they are empowered by legislation to make rules. Congress sets broad principles, and it's not unreasonable that those principles should stay the same for a decade at a time, even in a fast-moving domain like privacy. And while regulatory agencies can be their own pieces of work, it is much easier to deal with one national agency's rules than 50 different ones.
After seeing how the ATF operates entirely autonomously to nearly eliminate the right to bear arms through increasingly more unnecessarily complex and ridiculous "rules" that make you felon for things that were previously (and should still be) totally legal, I have zero interest in giving executive agencies autonomy to make laws.
And it doesn't matter that the rules can be ruled as ineffective by a high court, because it takes ages to get through the whole court process. So in the time that the court took ruling something totally unconstitutional, people's rights are squandered (especially without any democratic consensus to enact it), and the people that enacted and enforced the later-deemed-unconstitutional rulings face zero repercussions. And guess what? They then move on to the next unconstitutional ruling that squanders as many rights as possible for as long as possible.
> unnecessarily complex and ridiculous "rules" that make you felon for things that were previously (and should still be) totally legal
Not going into the US-centric gun debate and assuming that guns are simply tools, isn't it reasonable that gun owners need to monitor the regulations? If you operate heavy machinery or run a chemical lab, I'd expect you to keep a close eye on upcoming legislation and rules. I'd not be surprised if a food truck operator would need to keep track of more rules than gun owners.
Both of these examples are enterprises, not something a private citizen does. I would also hesitate to say that you can become a felon overnight with either of these scenarios (remember all of the rights lost, including gun ownership, by being labeled a felon). And a majority of businesses shield themselves such that if they do violate the law it’s the business itself penalized, not the workers. In the case of gun ownership it’s the individual being penalized.
To make your example equivalent, imagine if the food truck or some piece of equipment in that truck was suddenly made illegal. And if you’re in possession of it you are now a felon. Yesterday (literally) it was legal and you were not given advanced notice anymore than waking up this morning and receiving notice.
If heavy machinery and food industries operated this way there would be much less competition and likely no food trucks at all
Food trucks are under the purview of fda and the local and state authorities of the jurisdiction they do business in. Health and fire inspectors do audit these locations or trucks in the event of an entirely self contained food truck. These businesses are still subject to the whims of these oversight bodies and may be arbitrarily shut down overnight.
Your comparison is factually incorrect on every count. I do hope that you’re just ignorant of the mind boggling amount of legislation your average food truck is subject to.
To bring this full circle, gun owners are de facto legally assumed to be reasonable and responsible owners that abide the law and diligently pay attention to the changes of laws. If you become a felon “overnight” because of an illegal weapon; well that’s on you. Being responsible sucks because it demands humility and accountability. If you’re neither capable of admitting your mistakes nor following the glacial pace of state/federal law making then you’ve no business owning tools capable of killing masses of people in seconds from hundreds of yards away. Great power, great responsibility. Lately some politicians have become tunnel visioned on the power part, I’d like to remind you that in order to maintain a lawful society we must be responsible lest the unwashed masses take Justice for themselves in whatever capacity they can. This is the compromise of a civilized society, you would be wise to learn more about why things are they way they are before you write up factually incorrect justification for your grievances.
> Your comparison is factually incorrect on every count.
Please explain how, exactly.
> I do hope that you’re just ignorant of the mind boggling amount of legislation your average food truck is subject to.
Operating one on the side with some in-laws, I'm quite well aware of the legislation. Yet I'm still not aware of a single instance where a food truck operator became a felon overnight because they had a "high capacity grill". In what cases can a food truck operator become a felon when their activities that made them a felon were legal the literal day before?
> If you become a felon “overnight” because of an illegal weapon
Why is overnight in quotes? Do you not believe I was using the correct definition of literally?
> Being responsible sucks because it demands humility and accountability.
I think you'll find that a great majority of us are responsible, that's why we know about these laws and the ATF. I can't say the same for those that are pro gun control, they tend to be very ill informed on the subject and assume others are. Nobody is saying they shouldn't be responsible, we're saying they shouldn't be allowed to arbitrarily remove rights from people because of who's politically in control of the ATF. If you take a step back and remove personal bias, every sane person in the US would agree.
> If you’re neither capable of admitting your mistakes nor following the glacial pace of state/federal law making then you’ve no business owning tools capable of killing masses of people in seconds from hundreds of yards away. Great power, great responsibility. Lately some politicians have become tunnel visioned on the power part, I’d like to remind you that in order to maintain a lawful society we must be responsible lest the unwashed masses take Justice for themselves in whatever capacity they can. This is the compromise of a civilized society, you would be wise to learn more about why things are they way they are before you write up factually incorrect justification for your grievances.
You're clearly going on some rant here that I'm not sure where you're basing this argument from and it really shows your bias (which has no place on a forum of engineers and other technical people). The point being if this were laws being passed by congress, with months of advanced notice, nobody would be complaining. The ATF can release a rule right now stating owning an AR-15 with a pistol grip is a felony, active at midnight and you best hope you pay attention to the few hours notice you've been given.
> The ATF can release a rule right now stating owning an AR-15 with a pistol grip is a felony, active at midnight and you best hope you pay attention to the few hours notice you've been given.
ATF rules get published in the Code of Federal Regulations
and later, upon finalization, published again in the same place.
I don't mean to defend the scope of ATF's (or other agencies') power or discretion, which is quite broad, but the ambush rule with just a few hours' notice is pretty implausible under the APA. Normally the APA calls for at least 30 days' notice, and months are more typical.
There is an emergency rulemaking exception under the APA for "good-cause", but this is comparatively rarely used and (like other aspects of a rule) may be reviewed by the courts. ATF knows that it has a lot of critics who are likely to sue to challenge its rulemakings, and has often taken a considerable amount of time to make new rules even when there was a lot of political pressure brought to bear in favor of expanding regulations.
It's unfortunate that you might have to go to court to vindicate your rights under the APA, but that's almost equally unfortunately true of almost anything improper that any part of government might do to you. If a police officer decided to randomly seize your weapons because he just thought they looked scary and you oughtn't own something so dangerous-looking, you would also need to go to court to establish that the police office wasn't entitled to do that. Or if, like in the Hitchhiker's Guide, a local government authority decided to demolish your house without proper notice, you'd probably also have to go through the courts to get a remedy.
To add, I’m down to talk to about governmental overreach if we can rationally prioritize issues. Gp seems to prioritize absolutist gun rights. I’m keen to consider extrajudicial murder, extrajudicial armed robbery by police, the separation of church and state, or the Supreme courts usurpation by the federalist society - before I think it’s worth discussing the loosening of gun rights in this country that has more gun involved MCEs (military conflicts excluded) than every other country combined.
As I’ve strayed a bit from the topic I’ll bring my point back by saying; sure there’s issues worth complaining about in almost every us regulatory process, but let’s prioritize by how many lives we can improve instead of lesser reasons that are used as a fundraising platform by the minority political party without regard for the trail of destruction their reckless policies engender.
I'm sure I'm quite a bit more sympathetic to the other poster's views than you are, but I found the idea of the ATF surprising people by banning something overnight to be implausible in terms of the way the U.S. administrative system works.
I worked on an issue a few years ago where the FCC was attempting to completely ban something, and it took them somewhere around a year to complete the process of actually banning it, despite having been very clear on their goal. If they'd simply said that people shouldn't have this, full stop, right away, well, I imagine the D.C. Circuit would have been even more upset with them than it actually was. :-)
We’re agreed on U.S. courts, lawmakers, and regulatory bodies inability to effectively respond to emergent issues on a human time scale. I don’t expect anyone to agree with me on much, but if everyone could agree with that we need strong regulation to reduce gun violence, well thatwould be swell. I’ll even hold my tongue and not gloat when the statistics begin the inevitable sharp drop in MCEs.
If your interest in regulatory hell take a look at the fdas campaign against vaping. Then compare it to the nhs to see what a semi functional system can accomplish.
> we need strong regulation to reduce gun violence
With it already being illegal for certain criminals to own firearms, what regulation short of a total ban would help? This is where the "add more laws" logic fails. The thinking is that adding more laws will keep criminals hands off of guns. Criminals by definition ignore laws. Guns can be made via a 3d printer now. Ammunition used to be made (reloaded) by campfires. It's impossible in these days to keep guns out of the hands of those who shouldn't have them. If you have a CNC machine you can make your own AR-15.
Instead the solution is quite the opposite. More guns. You don't have to carry one yourself, just don't stop the rest of us. And by law if someone is carrying a concealed weapon near you and your life is in danger, they must protect it. We end up with peer to peer police. Nobody has a problem adding classroom work onto concealed carry permits to ensure carriers know the laws. Nobody has a problem with carriers also being required to qualify to ensure they can accurately shoot their weapon.
As far as school shootings, that solution is quite easy and technical. AI powered cameras in classrooms and hallways that alert if someone not in faculty or the student body steps on the grounds. Alert for gun shaped objects. Ballistic class on the interior and exterior windows with doors that partition the hallway when closed and locked to block in any assailants.
The guns rights group has many solutions to the problems, but the gun control group doesn't want them. Gun control groups have created a situation where it's easier for criminals to get guns and use them than it is for law abiding citizens.
The solution is recognizing that the 2a side is belligerent regarding the consequences of easy access to cheap weapons. Once we accept that all we need to do stateside is adopt sensible legislation that demonstrably works in countries without a belligerent group incapable of intelligent debate. I’m not going to engage with you on a slippery slope argument.
Your solution is naive, unsupported by research, reasonably hypothesized by people far more intelligent and accomplished than either of us, to be a failure on arrival, and conveniently requires no requires no acceptance of responsibility in the current horrific state of affairs nor does it requires a change in mind on anything.
More guns = more suicides and accidents. You should already know this.
the nra/federalist society, and similar organizations have been using their lackey’s to prevent progress on gun control for decades. Mitch McConnell has publicly taken pride in his ability to prevent anything from getting done regarding anything.
> The solution is recognizing that the 2a side is belligerent regarding the consequences of easy access to cheap weapons
So now only wealthy people can exercise a right?
> Once we accept that all we need to do stateside is adopt sensible legislation that demonstrably works in countries without a belligerent group incapable of intelligent debate.
Again, what legislation. I want specific laws you think will work.
> I’m not going to engage with you on a slippery slope argument.
It honestly sounds like you have no argument, just that you don't like guns and want them gone.
> More guns = more suicides and accidents. You should already know this.
I don't count suicides as deaths. This is used by the pro gun control groups to artificially inflate the numbers. Suicidal people will use other means if you take the guns away. And yes of course, the increased use of any object results in increased accidents with those objects. That's why some parents teach their kids gun safety early (I was handed a shotgun at age 8) and we develop proper procedures for handling weapons (Such as always visual and physically ensure the chamber is clear even if you "know" it's unloaded).
> the nra/federalist society, and similar organizations have been using their lackey’s to prevent progress on gun control for decades. Mitch McConnell has publicly taken pride in his ability to prevent anything from getting done regarding anything.
Do you think that perhaps the NRA is just representing the people that belong to its organization? Or said another way, if the NRA had nobody to represent would they exist?
While it may be hard for you to understand my position and the position of others like me, it's not the NRA fighting. It's me, other's like me. And we certainly aren't giving up anytime soon.
You’ve made liberal use of fallacious argument, taken my arguments exceptionally uncharitably, and have conveniently ignored many other of my arguments while projecting your own shortcomings onto me. You should read the site guidelines. At this point it is clear that you are arguing in bad faith and it is not worth the effort of even reading your replies as you have made it abundantly clear that you have no interest in engaging in a rational discussion. Instead it is obvious that your goal is to spread to your widely debunked talking points; truth, evidence, merits, respect be dammed.
What have I ignored and what have I taken uncharitably? I’m asking for specific laws that you would enact that would help the situation. You have not provided any and you’re now attempting to derail this conversation.
Every scenario you’ve presented Ive disproven. Remember this was started when it was said that food truck operators can become felons.
Further what site guidelines have I violated?
I want specific laws you’d enact to resolve the issues as you see them. Can you provide them or not?
> Nobody has a problem adding classroom work onto concealed carry permits to ensure carriers know the laws. Nobody has a problem with carriers also being required to qualify to ensure they can accurately shoot their weapon.
This is untrue. Half the country has constitutional carry established. I carry every day and do not have a permit. I get myself to the range frequently enough to be proficient. I do not need the government to "allow" me to practice my rights.
> This is untrue. Half the country has constitutional carry established. I carry every day and do not have a permit. I get myself to the range frequently enough to be proficient. I do not need the government to "allow" me to practice my rights.
There is a difference in practicing one's rights and endangering others. We require the same of our police officers. While I'm a fan of constitutional carry, I have no problem taking 8 hours of classroom courses and qualifying with my carry pistols.
> but let’s prioritize by how many lives we can improve instead of lesser reasons that are used as a fundraising platform by the minority political party without regard for the trail of destruction their reckless policies engender
What other enumerated rights shall we remove under the guise of saving lives? Should we remove access to vehicles? Alcohol? Shall we enact a speech control board that if you violate it you lose your enumerated rights? This would open the door for the same abuse gun owners receive for exercising their right.
You're right, I'm a gun rights absolutist. I will not settle for the removal of this right nor the government making it difficult to exercise. They don't do this with any other right why this one? Can other rights not be just as dangerous? (See Democrats stating they needed to misinformation due to the damage caused to democracy).
The entire argument used by belligerent guns right absolutists (belligerency follows absolutist views like butter on bread) is based on a maliciously broad understanding of the second amendment. Note that no one talks about militias, just the right for every angry terrified fan of tucker carlsons propaganda (legally not News remember) to go to their local gun shop and buy dozens of semi automatic long guns with 10+ round clips and have a few pallets of ammo delivered to their house with merely a signature and maybe a waiting period. But no, it’s too hard to buy a gun./s have you tried the dark web, other Americans have figured out how to carry straw purchases en masse.
Wait a second, who doesn’t? In fact on this board they have been discussed more than a few time, including by myself.
> just the right for every angry terrified fan of tucker carlsons propaganda (legally not News remember) to go to their local gun shop and buy dozens of semi automatic long guns with 10+ round clips and have a few pallets of ammo delivered to their house with merely a signature and maybe a waiting period.
This is a biased rant again. None of what you said sounds dangerous to me. The problem is now with what law abiding citizens buy and own, they will never use the “dozens of long guns” kill innocent people. Why are you conflating criminals and law abiding citizens?
Can you also tell me, using your example, why any waiting period past the first one does anything? If someone already owns a gun, why are they being subjected to yet another waiting period? The entire point of a waiting period was to cool off and not do something stupid with your new purchase. But if the person already has a gun on hand then what is the point of it?
> ATF rules get published in the Code of Federal Regulations
> and are subject to the Administrative Procedure Act
> and therefore are announced ahead of time in Notices of Proposed Rulemaking (NPRMs) published in the Federal Registe
Only if there is no exception that allows them to wave the comment period. The key being "emergency actions".
> There is an emergency rulemaking exception under the APA for "good-cause", but this is comparatively rarely used
Bingo. Now imagine living in fear because of a particular government body's overreach. You can clearly see that this can and will be abused based on political bent. The exceptions are the problem. Remove them. Require all rules have a 180 day waiting period.
I left the exercise of relating my arguments to your statements to you and am doing the same here.
Are you aware of the origins of the fda? Chefs and pharmacists got rightfully chilled by the dozens of bills it took to fully reign in their murderous proclivities.
The only reasons that we’re having this discussion is because of elementary (bad faith) disagreements over the semantic interpretation of laws that predate world changing technologies our great grand parents took for granted in their childhood.
Overnight is in quotes because your use of it is needlessly inflammatory. One felony conviction equates a lifetime felon. Your usage of overnight is superfluous and only acts as a conservative dog whistle in your comments.
Who is us, precisely? Names, addresses, and gun permit numbers please. I like to stay as far away from anti-regulation outspoken second amendment types as possible. They’re too shooty and screamy. That said, what are you and your “responsible” gun owners doing to control the irresponsible ones? If responsible people set the rules we wouldn’t have drunk driving laws, or urine screens at work, or even currency. The nra has only supported gun control legislation when its toothless or black people are effectively asserting the same rights. If not The nra being the de facto national steering body and figure head for the “responsible gun owner” cohort then who? I’ve not heard of any organization with a fraction the membership of that side of the gun control war.
Funny how you cast the people with your beliefs in a broad positive brush and those who consider your beliefs the direct cause of countless deaths in a broad negative brush. Some might consider that an argument in bad faith. The anarchist and socialist gun owners I know all know to code switch when talking to people proudly exclaiming the same beliefs as you.
Your appeal to authority is dehumanizing, fallacious, and thoroughly refuted by a sibling comment to your post. It’s up to you recognize that your beliefs create a perverse incentive to engage in illegal vigilantism and thus in order to protect democracy and secure the most rights for the most people we must continue to aggressively regulate firearms until their misuse is inline with peer countries. All other domestic attempts to curtail wanton gun violence and vigilantism have failed to have substantial. The time has passed for 2a absolutists to be taken rationally as we’re witnessing countless preventable murders of children go unaddressed.
Drop the bad faith flame bait and transparent insults. You’re sidestepping my points and demanding I engage you on your terms. It’s uncouth and ironically hypocritical. This is no rant, but I can understand why someone of your beliefs may feel that way. I am a recovered 1-2a absolutist libertarian myself, and I cannot help but full body cringe at the ridiculous justifications and mental gymnastics I used to justify my hatred, prejudices, and wave away the inevitable externalities in such a society that is so improbable it cannot even exist in fiction.
Flame bait? Libertarianism is a stereotypical collegiate belief system that collapses explosively and hilariously whenever it’s been attempted. Keep your guns, I’m fine with civilian gun ownership. I’m not fine with school shootings. First world countries manage responsible gun ownership without school shootings. Let’s get there and then quibble about these things.
I'm somewhat skeptical that the increasing power of private companies to gather and sell your personal data is increasing freedoms for the American people.
So a pragmatic person chooses a solution that maximizes the benefit and mitigates the tradeoffs.
Preemption is always a mistake, i am not sure why everyone wants federal laws for everything, without even touching the fact that Data privacy is in no way even close to any of the enumerated power of the US Federal Government
Federal Laws almost always favor large companies, the exact companies these laws are needed to protect the consumer from
Facebook, Microsoft, etc would love nothing more than to have the federal government take over because has "stake holders" they will be called on to write their own legislation, and will start the revolving door of hiring current, former and future regulators to work in the very corporations they are supposed to regulate.
I dont think government should be in the business of regulated interpersonal relationships at all, for the finances it should be covered by contract law, for everything else it is none of the government's business
I think the point GP is trying to make is that sometimes state governments try to get involved in marriage and having a federal policy that preempts that can prevent further meddling.
This cuts both ways—with preemption, you can provide baseline rights or guarantees to citizens. The trade-off is that you have federal legislation in the mix and you then need to deal with laws that are slower/harder to change; a big issue if the law was badly written or needs to be changed in a timely manner.
> without even touching the fact that Data privacy is in no way even close to any of the enumerated power of the US Federal Government
In what way is data privacy regulation for corporations not a regulation on interstate commerce? That's like, the whole deal. That's the entire internet. If anything, Internet regulations applying at the state level is even more insane, because of the inherently cross-state nature of globally networked communication.
Because the original concept of "interstate commerce" was trade disputes among the states.
Wickard that expanded that to include all commerce that may touch another state even indirectly was / is one of the WORST supreme court decision ever and it is eternal dream that the Supreme Court will reverse it and instantly shrink the power of federal government by at least 75%
> i am not sure why everyone wants federal laws for everything
I'm not sure why anyone wants to be held to 50+ different and conflicting privacy and data protection requirements just to have a website or provide a service online because that's what we'd be getting if we left online privacy regulation up the states.
I dont, I want to be held to the standard of my State, for which I would have more control over than the federal government's one which is often influenced more greatly by states like NY, CA, TX or FL none of which I reside in an have no desire to live under either extreme's of those states
> I dont, I want to be held to the standard of my State,
that's not possible for people who do business with people who live in other states. If I make a website in Ohio I'm responsible for following Florida's laws on how I handle data collected from Florida's citizens.
If you never create a business or service that anyone from any other state or country uses you'll never have to worry about compliance with their laws, but most of us want to build things for more than just the people in our immediate surroundings.
>>If I make a website in Ohio I'm responsible for following Florida's laws on how I handle data collected from Florida's citizens.
Why? For decades in the US we have had the concept of "Nexus", and just because a person visits your website in Ohio from Florida does not you have a Nexus in FL to where you need to follow FL Law
Just like today if I put up a website, and a person from the EU visits it, I as a US Citizen with no business interests in the EU have no obligation to follow GDPR or put up cookie notices or any other EU Laws
Because the alternative is that businesses do for data privacy the same thing they already do for things like manufacturing and corporate taxes. That's even worse.
It's a lot easier for big business to control a single state government than all fifty of them.
> Just like today if I put up a website, and a person from the EU visits it, I as a US Citizen with no business interests in the EU have no obligation to follow GDPR or put up cookie notices or any other EU Laws
You'd possibly have an obligation under GDPR, but you are free to ignore that and face the consequences. Same with laws passed in other states. You're free to ignore them so long as you're fine with what ignoring them will cost you. If you enjoy being able to conduct business in and travel to places outside of your state it's probably a good idea not to violate the laws of those places.
This is exactly why Microsoft has been throwing money at lobbyists at the state level as well, pushing shitty "consumer privacy bills", both because they don't like strong legal privacy rights at the state level, but also in the hopes of forestalling and kneecapping a strong federal baseline privacy bill.
Yep. We've fought them off here in Washington ... but they and Amazon just took it to other, more pliable states. Todd Feathers and Albert Ng had a very good article on this in The Markup a few months ago https://themarkup.org/privacy/2022/05/26/tech-industry-group...
None yet. Big tech companies have pushed various versions of the Bad Washington Privacy Act, which is weaker than CCPA. In 2021 and 2022, civil liberties, civil rights, and immigrant rights groups have supported the People's Privacy Act, which is a lot stronger than CCPA or ADPPA, but tech lobbying kept it from even getting a hearing. We'll see what happens in 2023 ... the Bad Washington Privacy Act's sponsor is retiring from the Senate (and is generally expected to become a full-time lobbyist), so the landscape should be different.
It creates a national standard. If we’re still debating the solution, sure, devolve to states. But if we’re near consensus, preëmption provides scale. This is American strength in a nutshell.
Yeah, nobody wants to have to constantly worry about compliance with 50+ different required standards which may or may not conflict with one another. Having one clear standard for services to follow is absolutely preferred so long as it actually does the job of protecting people's data privacy.
In this case I think preemption gives you widespread uniformity so it makes adherence easier to achieve and more predictability. Is those island gonna come up with weird stipulations, maybe Montana… uniformity in this case may be better.
EFF is quite popular among "nerds" but as a source for information and advocacy about electronic privacy I actually prefer EPIC.^1
Perhaps someone reading this can explain why, but I did not see anyone from the EFF at the 8 September 2022 public forum on the FTC's ANPR on Commercial Surveillance and Data Security. EPIC was there providing cogent commentary. The operater of thenexusofprivacy.net was there, too.^2
1. For example, here is a comparison of the ADPPA with the CCPA from the folks at EPIC.
2. This is another topic that may interest HN thread readers. This is Section 18 "Mag-Moss" rulemaking so public input is mandatory. Those who understand the issues should submit comment to the FTC to support the process. The deadline is 21 October. https://www.regulations.gov/comment/FTC-2022-0053-0001
Completely, especially if it has the words "Digital", "Online" or "Data". I haven't read the bill or read about the bill but I'd wager a coffee there's also some form of entertainment/copyright industry hostility in there.
I'm really trying not to be cynical here, but I started so I might as well finish. Step #2 is if it does happen to pass, the parts of the bill that are actually consumer protections will be unenforceable, be ruled unconstitutional or have unintended negative consequences. The bad parts of the law will have no issues in the courts or with enforcement. They, too, will have unintended added negative consequences.
I assume "Data Privacy" means privacy for the company that collected the data and "Protection" means protection from the people they collected it from.
Or something unrelated. The "infrastructure" bill got renamed to "inflation-reduction" bill despite its contents not changing much. If the pandemic were still a massive concern, I'll bet it'd be called the "covid19 relief" bill... oh right, there was one of those, and it included foreign military aid.
> It's insane enough letting Big Corps lobby your legislature
Well, it would be rather pointless to elect to hire a representative to represent you and then not take time to make your position known with them. They certainly are not mind readers.
And you can't realistically remove big businesses from citizenry as those who are stakeholders in big business are going to bias their position to what benefits their business. Business is people, after all. ByteDance certainly has stakeholders who are American citizens.
So we make a best effort to register those biases for the sake of transparency. The only real alternative, short of abandoning democracy entirely, is to leave it a mystery who talked to their representatives.
Isn't it the job of the representatives in a representational democracy to have working mechanisms to understand what their constituents' demands are? Shouldn't such mechanisms be equally accessible to all constituents irrespective of their ability to spend $$?
Also, don't the representatives have pre-election issues based manifesto when they are seeking votes to get elected? Shouldn't they stay true to the promises they made?
> Isn't it the job of the representatives in a representational democracy to have working mechanisms to understand what their constituents' demands are?
The advantage big business has is scale. Big business, by definition, has many more stakeholders. This means that big business will be disproportionately represented by the constituents. If those biases weren't made clear, and each constituent's position was taken at face value, then the unified front would appear stronger than it would actually be if each actor were acting without those biases.
> Shouldn't they stay true to the promises they made?
I'm not sure why you'd want them to. The state of the world is constantly changing and new information continues to flow in. You will be constantly reevaluating your position in the face of new information. A representative will respond to that.
Representatives know that some segment of the population honestly believe that they are mind readers and will offer up some examples of how they might try to read the minds of those who buy into that witchcraft to attract their vote, but marketing and reality are quite different.
I have a representative who I agree pretty much on all issues. The problem though is that he is one of 435 people in the House. He can just vote for, against, or propose changes. But then will have to fight against those who will easily accept money to ruin it.
I'm glad that Pelosi is using her position to impose some changes on the bill so maybe something good will come out of it, but I really can't stand that in US bribery is essentially legal.
Freedom of speech. All they do is pay people to speak for them. They have money to do that. Gifts and other tomfoolery is obviously no good but I'm not sure how you could gate this without running afoul of the first amendment.
Microsoft has been a particularly bad actor in this space. They have been hiring lobbyists to advocate at the state level for shitty "consumer privacy bills", specifically because they want to forestall and kneecap federal legislation.
Their interest is in their bottom line and avoiding regulation. Pretty much any company that has a lot of users creating accounts will be impacted by even the most milquetoast privacy regulation to some degree or another, and I guess microsoft sees the cost of hiring a bunch of lobyists as cheaper then having to deal with the regulation that might come about if they dont.
So basically, this is a mostly toothless law, that requires small companies to follow to the extreme detriment of the large companies... which already likely do the bare minimum.
I'm not sure of the term. It's like a regulatory legal barrier that keeps new companies from entering the market.
It's almost like blindly calling for regulation without accounting for the political/monetary influence of those being regulated is a bad idea or something
> So basically, this is a mostly toothless law, that requires small companies to follow to the extreme detriment of the large companies
The bill outlines exemptions for business making less than 40 million annually. I haven't read the whole thing so it's possible I missed something, could you point out which sections you're referring to to draw that conclusion?
> SEC. 210. UNIFIED OPT-OUT MECHANISMS.
For the rights established under sections 204(b) and (c), and section 206(c)(3)(D) not later than 18 months after the date of enactment of this Act, the Commission shall establish one or more acceptable privacy protective, centralized mechanisms, including global privacy signals such as browser or device privacy settings, for individuals to exercise all such rights through a single interface for a covered entity to utilize to allow an individual to make such opt out designations with respect to covered data related to such individual.
Was scanning for this thanks for pointing it out. Some of these banners are infuriating, and if I use firefox containers sometimes I see them over and over, especially if I'm clearing my cookies. It is insane to me that this isn't already a standard.
the tl;dr for that story is that it wasn't mandated to be honored, the industry didn't voluntarily adopt it widely, and when IE 10 tried to turn it on by default and the standard's lead supporter responded by submitting a patch to Apache web server to ignore the DNT signal coming from IE 10 because "does not protect anyone's privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization," that situation pretty much killed it in the crib.
The problem is technologically simple to solve; all the challenges are social and legal.
I wonder if a browser plugin that utilizes AI would work as a sidestep to a standardized cookie dialog. Granted someone would have to build such a tool and standardization seems inevitable at some point. Shouldn't be too difficult to build something like that.
There's a browser plugin called uMatrix that lets you block cookies and javascript on a per-site basis. I just have it blocking all cookies by default unless its a site I need to log in to.
There is a standard that has some recognition and uptake (though needs more) - Global Privacy Control. It’s been adopted by some browsers and publishers, and IIRC is a requirement for CCPA (California Consumer Privacy Act) compliance.
https://globalprivacycontrol.org/
That's only for ad personalization. If you want to turn off web and app activity, you have to be logged in.
The ad industry has had these opt-outs for a while, but you have to set opt-out cookies on about 500 sites, so it's not practical. DNT solves that problem, but the industry won't voluntarily adopt any solution that has any realistic chance of making a difference.
I went to the site. (They misspelled the DNS name "adssettings.google.com)
I opted out.
I pressed the trash can button in Firefox Focus.
I reopened the site. It said I was opted in.
Their "disable tracking" button simply does not work.
I'm not enabling cookies so I can opt out and they can just buy my tracking information from some other ad network. There is a reason I disable persistent cookies and want DNT headers to be legally binding.
halle-fuckin-lujah please don't make it some bullshit centralized service where you have to have a specific cookie from a random website to actually use it. please just expand DNT.
Sigh. I have my cookies enabled because I want to use them. If I didn't, I wouldn't enable them. I wish there were a "fuck GDPR, I agree to whatever terms" browser setting.
GDPR doesn't disallow cookies, it disallows tracking cookies, afaik. Tracking data is not yours too see, so how could you use them? Do you mean that you want personalized ads?
Principle of least privilege. If websites ask for camera permission they should have a good reason, and you should be able to disable it in the browser. Unfortunately, you can't enforce what cookies will be used for technically, so it's done legally instead. But the preference could still be in the browser, where it belongs. I'd be fine being denied service if I don't allow tracking cookies.
Another option would be to spoof/containerize/pollute/sabotage the cookies through the browser or an extension, and opt back in for sites that you need persistence with.
Principle of least privilege is for things the client can control, like sending the cookies in the first place. There has already been a "do not track" option since 2010. It got basically deprecated because nobody respected it. And even if they tried to enforce it, and I actually cared about being tracked, I wouldn't trust it.
I sure care. I never agree to any cookies, and instead, I use an ad blocker to hide the banner. I can't speak for most people but of you care about your privacy, tracking cookies should become an opt-in mechanism.
Yeah, you care, but most people probably just click accept. I want an "I don't care" option. Ad-blocking the banner only goes so far and is harder on mobile.
> (B) any time beyond the initial 2 times described in subparagraph (A), may allow the individual to exercise such right for a reasonable fee for each request.
Paying any sum of money to receive a copy of or request to delete my private data is unreasonable in nature.
I mean, at our company, GDPR requests have to cost at least $50 a pop. It goes to a human team to review and process with a dedicated legal representative.
Yes we should. But there are a few too many systems, and we add and drop systems with such regularity that it would still be a non-stop engineering challenge.
>stop collecting
For the few records we do return as part of GDPR requests, they are usually associated to customer and billing data. I don't know how you run a business without that.
> eu citizens wont have such a fee.
They do and it's collected in the cost of higher product costs.
Very fair point, and I understand the necessity of data collection in some cases. I do feel like that's a cost that's incurred voluntarily, though, and shouldn't fall on the shoulders of users/customers. Some people might not want data to be collected to begin with, so the cost ends up being your company's fault and not theirs.
Yeah, that's definitely the case and I see where the hassle is, but to restate my point, those costs are simply a part of overhead and not the business of users. Unless the users are given an opt-out first and foremost, they're owed ownership over their personal data.
Again, the language of the proposed bill is requiring 2 free requests per person.
$100 for an occasional person? No biggie.
Potentially infinite? That's a bit more than normal overhead.
While we haven't seen this sort of DDoS attack through our GDPR process yet, the potential is already there if bad actors or competitors wanted to exploit it.
>Although, the ICO also notes that a firm may charge a “reasonable fee” when “a request is manifestly unfounded or excessive, particularly if it is repetitive.”
Privacy request shouldn't enable mechanisms of denial of service type attacks against companies.
DoS is an understandable concern, but charging for a service is probably one of the least sensible ways to prevent it. To me, it just looks like the most profitable and impeding hurdle that companies can set up to prevent users who want to access their own data.
I would be frustrated if any application made me pay even a small fine because they suspect a DoS attack. For example, entering my credit card info because I've searched a phrase too much just isn't efficient.
The problem is, "reasonable" is subjective. Things like this need to be tethered to something. "The fee may not exceed 50% of the hourly federal minimum wage."
That’s just not true. “Reasonable” is a binding term used in contracts all of the time. The court system is extremely experienced in determining what is and is not reasonable.
Not always. According to lemon law lawyer Mr. Lehto (who runs a Youtube channel Lehto's Law), RVs are not covered under most state lemon laws, and thus defers to the federal Magnuson Moss Warranty Act which just says repairs must be under a reasonable time frame, and the RV companies say something like 10 repairs, 6 months each, is the industry standard and thus reasonable, and judges don't have anything else to base that on, so they agree.
Leaving the fee uncapped creates an incentive for business to put zero effort into making the reporting process efficient. That way, they can demonstrate that compliance requires 5 skilled hours (for example) and "reasonably" charge $250 per report.
Courts rule on the evidence provided. If a user challenges the fee, the company can easily document where every penny went, and therefore claim it is a reasonable charge. The user's only real recourse would be to prove that company is over-billing, but that would require evidence.
Pegging the cost to a set number of labor hours by law signals to companies that part of the cost of collecting this data is they must develop their internal systems in a way that they can quickly and easily comply with requests.
Yes, what's reasonable to a company may not be reasonable to a consumer. Ie, as a company can create process that uses 10 man hours and my cheapest labor with overhead is $50/hr, but we can find countless CNBC articles that say the average consumer can't afford a $500 expense.
GDPR is filled with "reasonableness" expectations and unspecified guidelines that aren't tethered to anything. Why the concern over this one specifically?
But in general, EU/EC law is full of policy that gets interpreted as human judgement calls, and US law is full of details that are interpreted as badly-written code with a choice of parsers. The two styles are not compatible.
EU laws can often be written in such a way and are a bit looser in their language in ways when compared to how it may be written in the US. EU courts are more experienced with dealing with interpretations of "reasonableness" for a given law when compared to the US, so it's not really a fair comparison.
I agree privacy request shouldn't enable mechanisms of denial of service type attacks against companies. But I don't think that justifies allowing companies to put in place fees to access personal data.
If cloudflare required people to pay to bypass their denial of service protections... well, I guess I dont know what would happen, other then that I would hate them even more then I already do for all the terrible things they do for my experience as a default tor browser user.
Users don't like a company, they automatically spam the company with large numbers of requests for personal information which they would legally be required to provide.
Guess they'd better figure out how to get people their data in a more rapid manner. I guess they could use a computer or something to automate it so that users can just click a button to download their data.
I mean, what year is this? We've been hearing "automate it, automate it, etc" for years and years now. But to get your personal data, these companies just throw up their hands and say that it's too hard?
I couldn't agree more. Even if it does require a person to do something that isn't automated, they should be required to have people on staff whose first priority is responding to these requests. It seems ridiculous to me that people are claiming this is just too hard for a company so they should get to profit off of it.
By the same token of strawmanning, you're claiming that businesses should do nothing than hire people to send your data back to you. Why even have businesses if that's the only thing you think they should do?
If you're so invested in "your data, damnit", then don't give it to them in the first place.
When we implemented CCPA lookups, one of the many necessary lookups was through a decade of glacier'd request logs (necessary to hold onto for compliance).
Even ignoring implementation cost, there was a significant computational cost that's pretty hard to avoid.
And those fees have been infamously exploited to functionally deny access to material or financially harm the requester. Perfectly illustrating why charging fees for these things is such a bad idea.
For our company, all privacy requests are handled manually by a team I am on. We manually do name searches in about a dozen platforms to see if there are any matching records.
4/5 times there aren't any - people doing the requests often use services that submit blanket requests.
When GDPR was new, several people sent "nightmare letters", deliberately and publicly designed to cause as much cost and hassle as possible. To my knowledge, no one was punished or even inconvenienced for blatantly abusing the law in this way.
Maybe they should automate the requests then. There's zero reason why they couldn't just write something where you log into your account and click "download my data."
These companies are happy to harvest up all your data, run all this crazy automation, spend millions analyzing algorithms, setting up machine learning, NFTs, run datacenters, networks, etc etc, but they can't figure out how to automate GDPR requests? FUCKING BULLSHIT.
There is literally zero reason why a data request should add any burden to a tech company.
I wonder if a company can be DoS'd via privacy request maybe they are collecting more data than they can effectively handle and that should be re-examined.
Now if we could just get a bill that actually limited the governments ability to collect data on its citizens. I'm not really worried about targeted ads, I'm worried about targeted assassinations.
You talk to people and ask them why they are worried about companies collecting data, and a certain percentage will tell you they don't like that the government could get it with a court order. That'd be a HUGE improvement over the current situation where they don't have to, they just collect it directly.
That is incredibly shortsighted considering one of the prime ways the US Government skirts protections against domestic data collection is by simply buying it from private entities.
Pretty sure everyone who wants gov data collection of private individuals would want this to be illegal as well.
I'm disappointed to find most of the complaining on this thread about businesses collecting personal data, rather than the government. Even more so that the first comment's top response regarding this is shooting it down because of an imagined loophole.
It disgusted me about CCPA that a private company can have a breach and be fined millions, but the CA govt is immune. Same thing here, and it should disgust everyone who supposedly cares about privacy.
There's a large difference though between what governments could presumably buy from ad trackers or data warehouses and what they can get by intercepting unencrypted web traffic at the ISP level.
I think to OP's point, if we are worried about government wrongdoing we should pass laws against government wrongdoing. It really doesn't matter what the private industry does or doesn't do if the government still has the right to take it.
I am not afraid of my data being used against me to sell products. I am afraid of the government abusing their monopoly on violence. The first seems like misdirection.
I see your point and the appeal of pushing for toughness on the worst side with leniency on the lighter issues.
It just seems irrealistic to have basically a "don't be evil" policy on gov side while letting gorrilla size businesses roam free.
For instance we already have a very bad time dealing with VISA/Mastercard policies that straight dictate what businesses are allowed to thrive online. VISA/MC duopoly is not the gov, yet it has arguably more power on the online cultural landscape. And any gov making their life easier can have them implicitely return the favor in some way would be basically untraceable (the gov might not even need to ask for anything. VISA/MC would just apply changes in line with the gov.'s stated policies)
User surveillance is the same, you can't have unruled gigantic entities allowed to do whatever they want, with the gov limited to a small set. That chinese wall is just bound to leak.
Technically we already have protection under the 4th amendment, to me this falls squarely under "papers, and effects" and is an unreasonable search. It seems that the court doesn't agree though considering the current state of things.
Why would they need a court order when they are already just buying the data with zero oversight? The panopticon works like this: fund startups that will create a data treasure trove -> legally buy / access the dataset and add it to xkeyscore.
They only need a court order (which can be from a secret court providing secret guidance, and can be a infinite standing order that covers vast amounts of arbitrary collection AUMF-style) to force companies to turn things over. Companies can just hand your data over because they don't want to be retaliated against (or in return for favors), and nobody needs a warrant, nobody ever has to tell anyone. Depending on agency internal rules, they may not even have to keep a record themselves of having done it (if they break their rules, they'll be responsible for punishing themselves though, I'm sure they'll be harsh.)
That's your targeted ads (and your cellphone tracking, and your transaction records.)
Companies collecting data on you directly or indirectly is a problem, even if they don't do anything malevolent with it (and some already do). The issue is that eventually they'll be breached, and then that data can end up in the hands of malicious actors that might use it in a way that could harm you (e.g. identity theft, compromising other accounts thanks to peronal info, etc.).
This poses an interesting question: if the government mandates a company to collect data, are they exempt from this? What's stopping them from using that data for commerical purposes?
Section 101 part b "Permissible Purposes," defines when data is allowed to be collected. The sixth such purpose: "To comply with a legal obligation imposed by Federal, Tribal, Local, or State law..."
A close reading of the wording implies this only covers requests backed by a law, i.e. it does not cover "polite requests" from a government agency. However that is a theoretic protection, practice could be different.
The ADPPA seems like a great example of regulatory capture and gridlock of the federal government by rich corporations and individuals and how federalism (state's rights) is a crucial and increasingly fragile element in holding our economy and our society together. Privacy is a particularly fraught area. SCOTUS says it's not a constitutional right at all (unless it's your money, in which case it's speech), which means states will have to define not data privacy and the limits of the surveillance economy but abortion and marriage and contraception too.
because of the "war on drugs" was supposed to be about the health of americans, which turned out to be a lie...
I think this is not about protecting the rights to data and privacy of american indivudal citizens...the other kind of american citizen, the american corporation, on the other hand, stands to gain a lot from this.
> To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.
ah, so corporations can well-foundedly and meaningfully consume the data of 'consumers' (an euphenism for fuel) in a way such that the historic shadow suckers of everything's energy (banks) can continue to partake on the sucking down of everybody's data/information (with real time measurements, which is a novelty in this ancient system build around trade, commerce, insurance, and power-authority concentration).
So far five states have passed local Data Privacy laws (CA, VA, UT, CT, MA). They are all different. This situation makes it much more likely that federal data privacy legislation will happen: while companies wish they could have 0 laws, they would still much rather prefer 1 law rather than 5 (trending towards 50) different laws that contradict each other.
There's a whole buncha specifics about what data is covered and what companies are covered and bleh blah bluh. That's not the most important thing. There are two things which are more important than that. These two issues also happen to be the topics most hotly debated between Dems & Repubs.
1. Private Right of Action, aka "Can I, a private citizen, sue someone?"
Everyone violates GDPR a dozen ways to Sunday, and nothing happens. Why? Because no one can actually enforce the law except for the local regulators who are underfunded. By contrast, the ADA lets anyone sue over violations, and as a result companies care a lot about handicap accessibility.
To my understanding the current negotiations are trending towards a limited Private Right of Action. Meaning it will exist for some violations but not others. This is how CCPA works in California right now: private citizens can sue over data breaches, but any other violation can only be enforced by the Office of the Attorney General.
2. Pre-emption, aka "Does this repeal CCPA."
Can states give additional protections to their residents, or is the Federal government removing the ability of states to define additional requirements for businesses. Again, the current state of negotiations seems to trend towards partial, but not total, pre-emption.
> they would still much rather prefer 1 law rather than 5 (trending towards 50) different laws that contradict each other
A perfect example of how these megacorps destroy the fabric of our political process. The fact that dealing with state regulations is a burden isn't our (the people's) problem, we have a right to have our state's reflect our will. They want to scale up to this massive size raking in billions of dollars, that should come with the territory.
Spam email, yes, due to the CAN-SPAM Act explicitly authorizing it. I believe that at least one individual has literally made a living out of pursuing such lawsuits.
Only if it's not a highly contentious issue. Otherwise the bigger states just go "We control X amount of the American population/economy, and thus we are going to enforce our own law anyway"
Granted they would be in the wrong since this is clearly and unambiguously interstate commerce, but that hasn't stopped them before
Its not unambiguous. Google is based in CA, I am based in CA. Packets may go across state lines, but the commercial transaction (a search query) has occurred between two CA entities and should fall under state law.
It doesn't work like that. Once Congress enacts something then it can be preempted by federal law. Just because the activity took place in a single state doesn't mean that the Federal courts don't have jurisdiction. Erisa is a good example.
I wasn't arguing that, I was saying that it's not an unambiguous case of interstate commerce. Congress shouldn't be pre-empting the laws of California insofar as they apply to intrastate commerce. You can set a federal minimum and let each state enhance laws as they see fit.
Agreed, but as we've seen with many other federal laws once you have preemption then it is usually interpreted to the broadest extent and not the minimum.
> Everyone violates GDPR a dozen ways to Sunday, and nothing happens. Why? Because no one can actually enforce the law except for the local regulators who are underfunded.
Individuals can enforce GDPR in court:
---------------
Art. 79 GDPR
Right to an effective judicial remedy against a controller or processor
1. Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77, each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
2. Proceedings against a controller or a processor shall be brought before the courts of the Member State where the controller or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its public powers.
SEC. 203. INDIVIDUAL DATA OWNERSHIP AND CONTROL.
(e) Verification And Exceptions.—
(1) REQUIRED EXCEPTIONS.—A covered entity shall not permit an individual to exercise a right described in subsection (a), in whole or in part, if the covered entity—
(C) determines that the exercise of the right would require access to or correction of another individual’s sensitive covered data; or
Simple: store all your user data in an intermingled fashion, such that a read or update of any individual record necessarily involves a read or update of one or more unrelated records. Now you don't need to act on data access requests.
Can't read legalese much, and -judging by how these things tend to go- I bet it's butchered beyond recognition before it gets to a vote (if at all). Instead, we should consider a constitutional amendment that enshrines digital privacy as a fundamental human right.
For any enterprising young legal authors, I'm sure a "rewritten for laypeople" paragraph-by-paragraph blog post would garner a large volume of views and impressions to your site...
Why would a constitutional amendment be less prone to getting butchered beyond all recognition? An amendment may not have its text butchered, but there's no guarantee at all that it will be interpreted the way you hope.
No way. The threshold of consensus required to put a constitutional amendment through is far higher than that of passing a bill (maybe too high, but that's another conversation). The fact that such an ammendment would consist of terse, high-level, abstract statements rather than pages and pages concrete specifics would also make it harder to achieve consensus because too many people would be afraid of it getting read by SCOTUS in a way they didn't want.
We need to work on federal laws here and not wait for a pie-in-the-sky constitutional ammendment. (State-by-state laws don't make a whole lot of sense on this topic. Glad CA has been test-driving some, but we need a unified approach.).
You do realize that you can waive your constitutional rights like a jury trial, and that these companies would just make that part of their standard terms of service... Right?
Hm, I have 10 years worth of emails in my dovecot, on my metal, in my basement, online. Can you please describe how can it be read without a warrant by people who don't have my imap password or wheel ssh key to my server?
Well that's the "proper" version of the clinton email server in the basement.
But I meant the major services all must give access to virtually any federal government entity on request, warrantless. I think they even have portals, imagine how that is abused by anyone and everyone.
Not sure how it would be enforced but I would guess if the feds wanted access to your server, even without a warrant, you'd be forced to give it to them.
Ten years or so ago, I was participating in a small business roundtable discussion with one of our state senators. At the time, I ran a consumer research agency and would often have multinational projects involving consumer data collection in both the US and EU; this is before GDPR had become ratified, but Safe Harbor was failing and there was ambiguity about what the future state would look like.
Of the 15 or 20 business owners in the room, I was the only "pro privacy" voice. People were very focused on what would be the perceived additional cost of complying with any GDPR-style rules in the US, and weren't yet thinking about the negative effects of having different privacy rules in different markets. "Different markets have different rules all the time," in short.
I maintain that it would be less complicated, less expensive, and more human-friendly to use data privacy rules as globally universal as can be achieved. There will always be capitalism leeches that drain money through arbitrage between the policy gaps, yes, but it would help.
(Also: there is zero chance this gets through the current US Senate. Would never clear filibuster.)
I'm mostly just projecting based on the current 48+2+50 state of the Senate where virtually everything gets held up. If the Democrats brought it forward, I would expect the Republicans to filibuster just on principle.
Slight historical aside here: for those too young to have been politically aware before the Obama era, the filibuster (a) is in the modern form a relatively recent invention (b) was rarely used prior to the Mitch McConnell era. McConnell and the Fox News generation of the Republican Party turned what was meant to be a tool for a last-resort veto into a sledgehammer continuously used to bludgeon the other side.
> I maintain that it would be less complicated, less expensive, and more human-friendly to use data privacy rules as globally universal as can be achieved.
I think this is a bit naive. As someone who has had to dwell a lot on the specific nuances of German privacy laws vs GDPR or South Korea's, I have come to the conclusion that conflicting privacy laws are a designed feature.
I think lawmakers certainly have consumer protection as one of their goals, most privacy legislation has many features intended to benefit domestic industries at the expense of foreign ones. Or to benefit national security in some way (such as requirements for certain types of data to be stored on servers inside the country).
Even if the US was to homogenize with GDPR in some way, I wouldn't doubt that the EU would fast follow with a slightly different spin on it just to give US tech companies an extra set of hoops to jump through.
In a way, this is already how safety regulations work in the automobile industry.
I agree that we're not going to see a US privacy framework that's identical to GDPR and where all players have the same obligations and enforcement mechanisms. What is extremely problematic, IMHO, is the US having _no_ privacy framework to speak of while the rest of the world does. Beyond HIPPA and COPPA (and CCPA if you happen to live in Cali), there's really not much recourse for US citizens besides their collection of company-paid credit monitoring after each security breach.
If one outcome of GDPR is that 10-15 years later, the US adopts some sort of national privacy framework that motivates industry to reevaluate their data monetization business models, that's a good outcome.
Reading the tea leaves a bit, Speaker Pelosi seems dead set against it and I dont think will allow it to be moved as is. she has publicly stated that "states must be allowed to address rapid changes in technology", IE, the bill preempts to many state privacy regulations, esp in California. But as a rule my default assumption for the "real reason" why Pelosi is against something is because she thinks it will harm chance of caucus holding majority in house.
The ACLU also does a lot of great privacy work, so donating to them is also a good idea if you care about this stuff. National ACLU does a lot of great work, but I personally suggest giving to your local affiliate https://www.aclu.org/about/affiliates, as they are often the ones who work on local issues that are likely to directly impact you. We do privacy lobbying at the municipal and state level and our local ACLU affiliate has been a huge, huge ally.
There are also other great privacy orgs that are not quite as big but are also fantastic in their own ways, like Restore the Fourth (which also has local chapters like shameless plug) rt4mn) Fight for the Future, Demand Progress, Cato, and Privacy International
Also, If you want to do more then just donate, you can help the EFF with its lobbying efforts by joining the Electronic Frontier Alliance https://www.eff.org/fight We participate, its pretty great.
> We do privacy lobbying at the municipal and state level and our local ACLU affiliate has been a huge, huge ally.
I disagree with them on a whole range of issues, but when it comes to privacy and mass surveillance they are almost always spot on. Most of my disagreements in that area have to do more with political tactics and messaging then anything else.
One of the logistical issues with a law like this, and with the CCPA, is verification of the user requesting things such as account deletion. How are people supposed to do that without providing KYC-level details to every service provider?
Why on earth would we want MORE restrictions and government interference / intrusion in our affairs? Especially in this era of worldwide creeping authoritarianism?
The only way implement these sorts of mandates is stomping all over a developer's right to freedom of expression. I'm a firm believer that code is speech and that limiting what a developer can do is infringing on his own right to free speech.
Maybe I'm too romantic, but I'd like to see an american GDPR (not saying that the eu name or the bill itself is better), and then an Asian and so on till we have one global GDPR protecting all consumer data.
GDPR is a horrible horrible solution and only helps the big corporations who can afford all the extra work to ensure that users who actually end up agreeing to the terms are locked in.
It helps no one besides politicians who now have create more work for them selves, and is an abomination just like the cookie policy.
Not sure what y'all are complaining about. The amount of privacy work that happens with governments at big tech companies is substantial. The language in this doc seems like a better, less oppressive version of GDPR.
The effort put in is commendable but this doesn't yet reach the levels of GDPR and the US market is too large for it to be likely to pass. Maybe eventually ...
Maybe politics would be better if people didn't jump to stereotypes (which don't always hold true, as evidenced by your comment and the replies pointing out your error), and instead of blaming/attacking each other, we could focus more efforts on making things better.
I can't remember the last time I saw a non-iroinic reference to 1984.
Have you read the book? It's nothing at all like how we live today, and (as far as I can tell) this would do nothing towards making our lives more like how the lives of Winston and Julia were in the novel.
Telescreen, newspeak, mass surveillance, perpetual war, "officials" acting as if what they are saying now is always what they said, etc. It's almost easier to list the things that we don't have in common.
1984 was published in 1949. It is partially science fiction. Tricorders are not literally the same as cell phones, either, but if you ignore the parrelels you are doing a disservice to the important role and lessons of good sci-fi.
The thing I tell most people is that we currently live under more surveillance then folks in 1984. "You had to live—did live, from habit that became instinct—in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized." nowadays your movement is not safe even in darkness.
We would be even more screwed then folks living in that fictional regime if we backslide away from rights based democratic rule of law.
I do worry about being killed by the government. I worry about everything related to government abuse of power and surveillance. I wear my tinfoil with with pride, thank you very much.
On a more serious note (in case it was not clear that I was being facetious), you are absolute correct that an important theme (and, arguably, the primary / key message) of 1984 is to highlight the horror and dangers of a totalitarian government, and to push back against the very, very pressing danger of Nazi Germany and the Soviet Union.
But one of the great things about sci-fi / dystopian / utopian fiction is that it lets us look at a potential future, ask ourselves if thats a world we want to live in, and if its not, we can think about what it might take for us to go down that path, and what steps we should take if we want to avoid it.
You are right to point out that we dont live an a totalitarian surveillance state run by elites without respect for the rule of law. But my point is that we could, and that we currently do live in a surveillance state. It just happens to be a democratic surveillance state run by elected representatives of the people with a strong culture of respect of the rule of law. But its a surveillance state nevertheless.
Or at least the last paragraph: "Our president has only just recently had the law changed so that he can stay in power until 2036, but his program of repression didn’t start out this blatantly. These things happen in pieces, bit by bit, small acts. And each one may even seem relatively benign at first, perhaps bad, but not fatal. You get angry, maybe you speak out, but you get on with your life. The promise of our democracy was chipped away in pieces, one by one: corrupt cronies appointed, presidential orders issued, actions taken, laws passed, votes rigged. It happens slowly, intermittently; sometimes we couldn’t see how steadily. Autocracy crept in, like the coward it is."
Persistent mass surveillance is not mentioned. Abusive government surveillance tends to fly under the radar. But one of the lessons of 1984 is that you ignore it at your peril.
I don't disagree or agree with what you've written generally here, but specifically speaking 1984 is not a reflection of current reality for Americans, and you seem to agree with that.
That's an important point, and I think there are a lot of folks who would try to disagree. There are people in this very comment thread that believe 1984 is not a work of fiction, and that's silly. Those are the people I'm disagreeing with.
I'm not really interested in generic, "society is falling apart" conversations, as every society ever has been saying that about different things, and yes they even followed up with, "No but for us it's real!"
> specifically speaking 1984 is not a reflection of current reality for Americans, and you seem to agree with that
Of course 1984 is not a reflection of current reality. it was not a reflection of current reality back when it was written. Science fiction is not a fun-house mirror reflecting back a warped version of the present, its a kaleidoscope looking into the future.
I have not seen anyone in this thread say "1984 is totally real and not a work of fiction", or confusing that world with reality. I've only seen people using the novel as it was intended to be used (as a rhetorical and persuasive tool) and pointing out: "There are a number of very real parallels between the world we live in and the world of 1984, and the number of parallels is increasing. This is a giant blinking warning light, and we should change course"
> I'm not really interested in generic, "society is falling apart" conversations, as every society ever has been saying that about different things, and yes they even followed up with, "No but for us it's real!"
I sympathize with your lack of interest in that conversation, its not a fun one, but its important and your rational for avoiding it is flawed. True, very society every has had its doomsayers, and they were very often wrong. But a lot of them were right, too. Progress is not inevitable. Societal backsliding has happened many times throughout the course of human history, and democratic / rule of law backsliding has happened a lot in very, very recent history. Back when that opinion piece I linked too was written, the new york times had reporters based in russia. Now they don't.
Judge Doomsayers like me based on the specific doom we forsee, not on the fact that we are doomspeaking. (and now I promise I'm done editing, even for spelling, since thats gotten me hooked two bloody revisions ago)
> Telescreen, newspeak, mass surveillance, perpetual war, "officials" acting as if what they are saying now is always what they said, etc. It's almost easier to list the things that we don't have in common.
> The thing I tell most people is that we currently live under more surveillance then folks in 1984.
> In ~20 years you'll see how silly you are for welcoming totalitarianism. You won't care until it effects you.
Three examples from this thread (one by you) of folks claiming "1984 is totally real and not a work of fiction", at least to the degree of what I originally said (you're misconstruing what I wrote for rhetorical value, but if you look at what I actually claimed, these quotes fit).
There are not "a number of very real parallels between the world we live in and the world of 1984", this is a misremembering of the content of the novel. You don't get to just hand select a few things from the novel and say, "Look, 1984!" in the same way you don't get to cite "well the humans in Lord of the Rings breathed air so it's the same as today!"
For example, without the critical, "or else you die" consequences of misbehavior in the 1984 novel, none of the "scary" things in the novel carry anything remotely approaching the weight or meaningfulness.
> (you're misconstruing what I wrote for rhetorical value, but if you look at what I actually claimed, these quotes fit).
Your right, I am! Aint rhetoric grand? Its such a powerful tool, and 1984 was such a sublime and impactful example of rhetoric that more then 70 years later its still being routinely invoked to create discussion just like this one.
Although I guess I would say "deliberately exaggerating" rather then "misconstruing", but that's being too nitpicky right out the gate. being nitpicky should come in the middle of the comment, like so:
> what I originally said
was "It's nothing at all like how we live today". Which would be a valid criticism in the lord of the rings example, since it is fundamentally a work of fantasy. but not so with 1984. There are a number of incredibly striking parallels, some of which you helpfully highlighted.
> You don't get to just hand select a few things from the novel and say, "Look, 1984!" in the same way you don't get to cite "well the humans in Lord of the Rings breathed air so it's the same as today!"
I do actually get to do just that, depending on what those things are. Although I would look silly if did the lord of the rings thing. Everyone knows they breathe Aether.
But as I said, the whole point of 1984 was to be a warning about the dangers of a world where totalitarianism wins. 1984 was a rhetorical tool. Taking a few things from the novel and highlighting the similarities in an effort to convince others of the potential danger of a all powerful government is pretty much exactly the function it was written to serve.
> without the critical, "or else you die" consequences of misbehavior in the 1984 novel, none of the "scary" things in the novel carry anything remotely approaching the weight or meaningfulness.
I am going to assume you dont mean this part literally and are exaggerating for effect (or maybe I'm just misunderstanding you) because I don't think you mean to say that making comparisons between 1984 and modern life would not be apt unless the US government had an active policy of killing people for dissenting speech/writing/thought-crime.
I think what you are trying to say is that the harsh brutality of 1984 is so distant from modern reality in the US, that any rhetorical arguments analogizing to it is de-facto excessive hyperbole?
I disagree, and to highlight why, let me ask two questions. first, as you say, in the novel:
> Keeping a diary is punishable by death (that's the premise of the entire story), it's kind of silly to compare that with our lives today.
But in Orwells time the UK (where he lived and where the novel takes place) did not punish people with death sentences and torture for writing "down with the king" in their private diaries. In your mind, would making comparisons between the status quo of the UK in 1948 when the book was published and the future world imagined by orwell have been apt?
To further clarify this question, what, In your view, would the status quo of civil rights and the rule of law need to be for a comparison to 1984 need to be to be apt? that is tosay, on the spectrum between "government punishes you with a fine, after a fair trial, for not paying taxes" and "government openly admits it kills people for thought crime" do we have to fall?
If I'm entirly off base, and you do think that making comparisons between 1984 and modern life would not be apt unless the US government had an active policy of killing people for dissenting speech/writing/thought-crime, then I would gently remind you again that the purpuse of 1984 was to serve as a rhetorical warning, and that a warning sign that you cant see until the danger is right on top of you is utterly useless.
Welcoming, not welcoming; you don't know my position on totalitarianism, you just know I've read 1984 and have opinions about the validity of parallels with modern day.
For all you know I prefer "Brave New World" analogies!
Speakwrites are coming. It'll be no time at all until your computer changes what you're typing to something more appropriate, or throws up a modal that reads:
"Most writers don't write things like this. You should consider for a moment whether this is how you want to present yourself to others. Press [suggestions] for alternate ways to express a similar idea, or press [submit] to become legally and socially liable for the consequences of your actions."
You mean stopping online crime, identity theft, and cyberbullying. Going after encryption is the goal, the stated goal is usually about more tangible, friendly concepts.
>(a) In General.—Nothing in this Act shall be construed to relieve or change any obligations that a covered entity or another person may have under the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.).
>(b) Updated Regulations.—Not later than 180 days after the enactment of this Act, the Commission shall amend its rules issued pursuant to the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.) to make reference to the additional requirements placed on covered entities under this Act, in addition to those already enacted under the Children’s Online Privacy Protection Act of 1998 that may already apply to some of such covered entities.
Not exactly new rules, but they're making sure this doesn't overwrite anything they already enacted "for the children".
Also, my understanding is that COPPA is actually pretty well-scoped to legitimately protecting children. I say this as someone who works on a product that is affected by COPPA.
This is the proverbial shaking of the tree, whereby elected officials will ask (threaten) tech lobbyists for campaign contributions in exchange for their vote against the act
It's also potentially a huge score for some Democratic politicians, because for every Republican that supports the bill, they're going to need a Democrat to defect.
Lol.. gotta love when they propose acts before even understanding technology. Things like this need to be collectively written by some of the best privacy advocates. Not a bunch of interns that have no clue how technology works.
If there's a piece of the bill that illustrates your objection, please do share. As is this feels like a canned response based on a stereotype, not a substantial objection.
And, here's EFF's position: " Americans Deserve More Than The Current American Data Privacy Protection Act" https://www.eff.org/deeplinks/2022/07/americans-deserve-more...