It's hard for someone engaged in public policy to understand that most people just live their lives and have a basic and vague understanding of most policy issues. If you ask people about marine fishing limits, they'll say there are probably some national and some international rules to prevent overfishing. But they're not going to know the specifics, and aren't going to know the problem of overfishing by fleets from certain countries.
The same thing is going to apply to every other sphere of policy. We on HN believe that tech privacy is important and follow the developments on this website, but it's a stretch to expect regular people to know this stuff. And it's not a knock on regular people! They're experts in their domains, everyone is - from car mechanics to baristas to hobbyist knitters. People are too busy resting from work, taking care of their families, and pursuing their interests.
So where do you go from there? If you're engaged in the policy world, it helps to create institutions regular people can delegate policy expertise to, like the EFF or the Humane Society. Intense lobbying by small groups gets results (in both good and bad ways). And having a large "laity" of people that support the institution and expect it to do the nitty-gritty is ok.
I think protecting privacy to prevent the government from becoming oppressive tyrant seems like it applies to more people and in more indirect way than fishing limits. But maybe my priorities just aren't right.
I think what the OP is getting at is that not knowing about something in great detail doesn't mean it's not important. Folks'll hew to what they find immediately pressing or have an inclination toward. Which is to say, the world is monstrously complicated and we are small and there's only so much an individual can focus on in their life. The collapse of fish populations due to overfishing will cause starvation, a lot of it. The erosion of personal privacy will abet a certain kind of tyranny. I don't think these are different scales of important but they are different problems that require detailed knowledge to comprehend to a good degree, which implies time and interest.
It seems that way to you because you're mired in it. But to someone who isn't, such policy doesn't have a tangible impact on their life, or more accurately it doesn't seem to.
In much the same way that the impact of overfishing doesn't feel like it impacts you.
I agree. I think we (the "tech" crowd) overestimate how important these things are. If privacy intrusions were harming people it would be a bigger issue that more people know about.
I don't think we overestimate it, but definitely assume more awareness than there actually is. Harm is also real, but much less visible than you'd think and thus mure easier ignored, especially if the negative effects are asynchronous and take a long time to have an impact.
If people don't know to what degree they are being manipulated, for how long, and what for, they'll probably also not care for the cause of it.
>Harm is also real, but much less visible than you'd think and thus mure easier ignored, especially if the negative effects are asynchronous and take a long time to have an impact.
I agree with this but I think you're missing why people still don't care (as much as you).
Lots of people are worried about things that are much more urgent let alone visible, synchronous and immediate.
As an example, I avoid social media very staunchly for privacy reasons. I was recently unemployed and when that situation became more urgent, I started a LinkedIn account.
My online data has been mined for over a decade, and I'm still not seeing the harm to me. If anything, the reaction of a cookies warning on every single news article has been more annoying. I also don't see my theoretical risk of being manipulated by the media, but if I'm wrong, like you said, worst case I also won't care. I get being concerned about censorship, keeping guns at home, etc, but this is way down there on my list of concerns.
The question actually asked about privacy laws is one to which the answer is actually yes, not no: the US has (several) federal privacy laws that impact what companies can do with personal data they collect, they provide radically different coverage for different kinds of data and impose little to no restrictions on many kinds of datat that might be important, but the question doesn't ask about the adequacy of federal laws on data use, only whether at least one such federal law exists. (And “internet-era” isn’t part of the question, despite the headline, though several of the applicable laws were passed in the “internet era”, and even with the internet specifically in mind.)
So a more accurate headline would be “vast majority of Americans aware that the US has some federal data privacy laws”, but that’s not as useful for the PR purpose this is put together for.
The question is "Does the United States have a national privacy law that sets common standards for what companies can do with all data their products and services collect?" The key word, but tricky, is the word "all". I think this makes the "no" answer correct but is not a great form of the question. If the answers were "all, some, none, not sure" it would have been more illuminating.
The word "all" doesn't appear in the version of the question in the story I see. It just says this: "The U.S. does not have a national privacy law addressing how companies can use the data they collect"
Even still, "all" wouldn't falsify the statement. There are some laws enumerating illegal things you could use data for. Anything not prohibited by law is legal. That's how the US legal system works.
"Common standards" also doesn't exist in the version of the question in the article. However, setting common standards would prevent states from pass stronger restrictions, with the effect of actually weakening privacy law.
[edit: Flipping some negations around, I think your version of the question is logically equivalent to "In the US, state and local governments do not have the authority to pass any laws addressing how companies can use any of the data they collect."]
It's a short blurb, so excerpt below is essentially the entire post, but it's not inaccurate:
>> [...] the U.S.’ ongoing failure to pass even a basic privacy law or meaningfully regulate data brokers. We haven’t done those things for two reasons.
>> One, the dysfunctional status quo (where companies mindlessly over-collect data and fail to secure it, resulting in endless privacy scandals) is hugely profitable to everybody in the chain.
>> Two, the government long ago realized it can abuse the barely regulated info-hoovering user tracking system we’ve built to avoid having to get warrants.
In being most charitable towards the piece, I'd put an emphasis on basic (as in, basic privacy law).
The GDPR largely starts from first principles (these are private things) and then assigns ownership explicitly to the person they stem from, along with personal rights that can be exercised to control those things.
US privacy law, on the other hand, generally carves out a specific piece of data (health and financial information, information about children) and then imposes regulation on that data.
HIPAA is the closest general US approach I'm aware of, in that it assigns rights over that data to individuals, but it's a travesty that a similar approach doesn't extend outside of the healthcare space.
The onus should be on companies to prove their data isn't PII, if they expect to be able to use and sell it freely.
FERPA is older than HIPAA, but only covers education, so not as noticable for young adults. It's very strict on who can view and share student information, and how to opt out of directories, etc.
HIPAA doesn't even completely accomplish that. It it pretty narrow in the types of businesses it covers. There are a lot of retailers, tech companies, and health-adjacent businesses that aren't covered under HIPAA.
Also, as someone who works in the Pharma advertising space, trust me, HIPAA doesn't matter when private non-healthcare companies (read- entities that fall outside the regulations) are able to hoover up so much personal information that anyone who wants to cobble together your profile can.
And again, at it's core the issue is that the US government wants to be able to access as much information about as many people as possible in order to "freedom" or something. It's the reason nobody has been able to pull back the "War on Terror" era civil rights abuses everyone gleefully ran towards. There's not enough political will because everyone wants to fight about gay beer and bathroom usage and not esoteric ideas like "government overreach as it exists to benefit the 2-party system, and not as an attempt to punish the other party for doing what your party is doing now that it's in power".
The fact that police can access a private database to circumvent warrants also helps create a perverse feedback loop from within the public sector side as well, I promise.
The call to preserve the status quo of massive data brokerage is coming from inside the house.
From the outside, I don't understand what privacy HIPAA even protects for health. My insurance still knows everything, and school/employers aren't restricted from it (as we tested with vaccinations). It's probably restricting more specific usages, but so what, the ones that really matter appear to be exempt.
The point of HIPAA, afaict, was to ring-fence who could exchange health data, so they could do their business efficiently.
Otherwise, already reluctant healthcare entities would be even less likely to digitize (any change = more risk).
I.e. "this type of entity okay, for these purposes" vs "this type of entity not okay"
There's definitely a zoo of different business classifications, but it's not "anyone can do anything with anything" (unless you want to risk some serious fines if you're caught).
So it's more about creating an efficient ecosystem with clearly defined lines (that are still murky in areas, because reality is complicated) instead of increasing the amount of privacy for individuals.
Sort of like Section 230: lay out the laws of the land, so that risk for everyone decreases and everyone stays in their lane.
> The U.S. does not have a national privacy law addressing how companies can use the data they collect
when it is clearly false. I only need one counter-example, so here's one: HIPPA exists, and addresses how [some] companies can use [some of] the data they collect.
Also, when overturning Roe v. Wade, the supreme court ruled that there is no federal right to privacy in the US, which impacted a wide range of privacy related federal laws in the US.
HIPPA protects medical records, which isn't so much as 'collected' as much as they are generated (and held) on behalf of the patient.
So, I'd say this is a pretty disingenuous reading. They're clearly talking about something more akin to GDPR. Conflating HIPPA (or, say, top secret document classification) is not a productive vector of discussion.
We definitely have federal privacy laws. They are inadequate, but that the survey asked if they exist, not if they are sufficient.
It doesn't matter what they are talking about in the article, since this is an article about how people responded to the survey question, not about how they responded to the article (before it was even written).
That is such a shameless linguistic copout you should feel ashamed. "Generated" my ass, you could argue all digital data is "generated". It sure ain't lying on the streets to be collected by trucks.
Hold on; the US government should not prevent me from willingly giving my data away in exchange for goods or services. Maybe make it clearer that’s what is happening, but if you truly believe my data is mine, then you don’t get to tell me what I’m allowed to do with it, including giving that data to China in exchange for some dancing videos, if that’s what I want to do (god help me).
Despite the many protestations otherwise on this site and others, the line between "remove kidney" and "inflict harm" is a hell of a lot clearer and brighter than "give up some privacy" and "inflict harm".
They’re both transactions yes, but one has actual medical consequences, whereas the other has precisely zero concrete harms.
This is the fundamental problem with privacy alarmists; despite the dire warnings, millions upon millions of people walk around consequence free after having experienced what the alarmists claim to be utterly fatal and wildly harmful.
There just aren’t the bodies piling up like these alarmists claim there ought to be.
Not similar at all. Restrictions on organ selling is because if it were legal, it would become very difficult to prevent human trafficking crimes or other cases where someone is coerced into selling their organs to some rich person who really needs a specific transplant.
There is no such risk of people be abducted or blackmailed with violence to share their personal data to websites.
The government wouldn't tell you that you couldn't do what you please with your data.
It is far more effective to make a law that would tell companies that they couldn't use the data you gave them for any commercial purposes. With draconian fines for any violation. (Which fines to be meted out per violation rather than per user.)
But that’s paternalistic; you are disallowing me from doing what I want with my data. I should be allowed to sell it to corporations in return for services, knowing full well they intend to sell my data to others. That’s what makes my data worth the services I receive in return!
The government is paternalistic by nature, so just say "I don't want government" instead of some weird statement that most people would likely feel is fundamentally opposite of how privacy should work (Most private by default, opt OUT).
Do you believe that most consumers fit your description? That most people fully comprehend what selling their data represents? If so, how do you reconcile that belief with the date presenting by the polling? Is the polling bad, and if so why not attack their methodology? Is there an alternative conclusion you're able to come to?
> most people would likely feel is fundamentally opposite of how privacy should work
I don’t know. I agree with Zetice. I would prefer least private by default and opt-in to more privacy. Most private by default is how we ended up with those annoying “accept all cookies” nag screens everywhere, and it will only get worse with most private as default.
The internet isn’t the physical world, and I don’t think a reasonable expectation of physical privacy equates to the same thing as digital privacy.
I think this is your perspective on what the government should be, and it is not "by nature".
I myself have the view that the government serves the people. For example, one of the responsibilities of the government is to make sure road/transportation works good. When they repair the road, to me that's kind of like when the plumber comes to fix my sink. And I don't think of the plumber as a parent.
I don’t think the state has excised itself from moral dictation to the individual based on the desires of the representatives anywhere on a national level, so the current government is not a plumber, it’s a collection of people who tell you what you can and can’t do.
I also do not think of a plumber, or a construction worker (why not just stick with your example) as a parent. But I do think of a cop or judge or congressman as similar to a step-father.
> The government wouldn't tell you that you couldn't do what you please with your data
Technically true, but I think it is just semantics. Factually, it doesn't feel like it really matters, and the grandparent comment seems to be aware of it.
To elaborate: sure, technically the government won't tell me what I can do with my data, it will just offload that job to the companies by telling them what kind of data transactions I cannot engage in with them.
The end result is, meaningfully, the same. Without those restrictions, I was able to willingly and knowingly trade my data in exchange for some service XYZ (in lieu of paying for it with money). With those restrictions in place, I cannot do that anymore. Whether I personally am not allowed to, or whether it is the companies that aren't allowed to engage in such exchange with me, is just a distinction without a meaningless difference.
Personally, I disagree with these restrictions on the principle of not allowing me (as an individual) to willingly engage in such exchanges with businesses. However, I agree with you that such restrictions make infinitely more sense (and are way more enforceable) when implemented through placing them on companies rather than individuals.
GDPR doesn’t prevent people from trading data for services, it just makes it so that companies are not allowed to assume everyone is willing to without asking.
The article seems a bit breathless to me, but I didn’t catch it saying anything about not being able to use your data. Did I miss something? it’s just pointing out that we haven’t yet made it illegal in the US for companies to use your data even when you are unwilling.
I’m responding to a number of top level comments that seem to presume the idea that the government ought to restrict what happens to my data, without consideration for what I want.
Any polls or surveys of voters’ level of information about policy and function of government is disheartening. And usually really, really easy to manipulate with how you ask the question.
Check out surveys of how many US voters understand how marginal income tax rates work, if you want to be sad. I’m aware of at least one fucking tax accountant who doesn’t get it. Confusion on this pretty simple point that most people deal with in some fashion is widespread, let alone less-directly-encountered stuff like in TFA.
Reading much of this kind of research will make you wonder how democracy’s not even worse than it is.
What this, and the article leaves out, is the US is a collection of 50 states. With 50 separate legislatures and 50 separate law enforcement mechanisms. That's why our republic isn't "worse than it is," we're not bound by waiting for the federal government to solve problems, and probably shouldn't examine the situation through that lens either.
Furthermore, I'm not sad because they don't understand, I'm sad because they weren't _taught_ these subjects in school. If the purpose of public education is to produce public citizens, then we've failed miserably. Meandering articles castigating unfounded notions of "corruption" are looking in entirely the wrong direction.
A lot of people don't realize that this sort of privacy right (ownership of data about you) is in direct conflict with free speech rights (which are far more protected than in Europe). We don't have a clear definition of what constitutes "the press" either.
Basically, anything that requires the general public to delete data at someone else's request is problematic.
Over 50% said "not sure", and the question was worded in a complicated way:
"Does the United States have a national privacy law that sets common standards for what companies can do with all data their products and services collect?'
The "wrong" answers to all the questions were <25% and had similar rates.
(Founder of B2B SaaS startup here) my perspective is GDPR, CCPA, and similar laws haven’t really done much to benefit consumers.
They provide an illusion of protection, but I haven’t really seen concrete cases where the regulation has benefited broad swaths of people.
GDPR definitely makes it harder for new companies and startups to sell to larger companies (GDPR creates a lot of paperwork required to sell to large companies, which results in lawyer fees and efforts to comply that are largely superficial)
Meanwhile, Google/Facebook/etc are finding loopholes and ways to work around the regulation to “comply” (more of less) without meaningfully improving user privacy, IMO.
I’m 100% supportive of privacy advocates, but I have a sinking feeling regulation in place today is more of a charade that makes people feel good, rather than something that is actually improving online privacy in any meaningful way.
I personally don’t mind more regulation because our company can afford to comply with anything thrown at us (and we already treat and protect user data with extreme care), but I don’t think more regulation is guaranteed to have meaningful impact in practice.
Many people already know this, but things like SOC 2, ISO 27001, CCPA, GDPR, and lots of other security + privacy compliance frameworks are largely just a matter of getting your paperwork and internal procedures in order. I’ve run into a lot of people who think SOC 2 (for example) means we’ll have to secure our servers better, but the reality is auditors aren’t looking at your servers, they look at your paperwork. Paperwork typically does very little to actually make data more secure.
> I don’t think more regulation is guaranteed to have meaningful impact in practice
"Guaranteed?" Of course it's not "guaranteed." What would that even mean? Obviously we would have to debate that once the legislation is drafted. Seriously what are you even talking about? Why does your comment exist?
Why is HN so full of these stuffy comments that read like press releases authored by an LLM?
My comment exists because I’ve read the text of the GDPR in full, and have signed hundreds of DPA contracts in order to comply with GDPR. And I had a spare moment to share my thoughts.
The TLDR of my comment is I think too many people see GDPR as some sort of blessing without realizing it doesn’t actually do as much to protect privacy as they assume.
You’re welcome to downvote my comment if you don’t like it! But why post this from a throwaway?
> Why is HN so full of these stuffy comments that read like press releases authored by an LLM?
Clearly I struck a cord given the insults. If you’re able to articulate a real question I’d be happy to have a healthy debate!
I don't have concrete examples but almost everytime there was an outcry about some new experiment Microsoft was subjecting Windows 11 users to (I think one of them might have been ads in Windows Explorer?), that misfeature was not to be found in European Windows 11 installations.
I have also recently seen a video (I think it was on Twitter but I might be wrong) where the setup dialog for some Microsoft service had a dark pattern where it would change an option from opt-in to out-out in real-time depending on which country you selected from a dropdown box. For countries where the GDPR applied, the option changed to opt-in, and it immediately reverted to opt-out if you chose another country with less strong consumer and data protection laws. I'll try to find the video again but no promises.
If GDPR and related regulation caused Microsoft not to add those features in their European releases, I think it is but an illusion that we're now better of than without those features. Are thinks perfect? Hell no. Are they better than before? I'd say yes, definitely.
I have performed significant academic and practical work in the privacy space. The US has a fundamentally different (and, frankly, better) approach to privacy compared to the EU.
The US tends to view privacy, in general, as freedom from unwelcome perception, often construed as "the right to be let alone", following Warren and Brandeis. The EU tend to define privacy as a specific type of control, as "control over how your personal information is collected and used." More recently, the terms "information privacy" or "data privacy" is used to reflect the European approach [1]. I personally detest calling the European approach "privacy" in any manner; it's just data control, plain and simple.
Freedom and control are both related to the expression of free will, yet their outcomes are quite different. These two approaches to "privacy" are fundamentally divergent from each other. That being said, a freedom-loving nation must use government to exercise some forms of control. This tension between freedom and control is behind so many conflicts in the world, though I believe it is most pronounced with the issue of privacy, perhaps moreso than even with security.
The US government, serving a nation historically oriented toward the maximization of personal liberty, decided that providing strict, well-defined controls on certain types of information is better than not. As a result, three primary FEDERAL data control laws have been enacted: FERPA (educational data), HIPAA (health data), and COPPA (children's Internet data). In addition, some states have passed data control laws, such as California's CCPA. However, the US Constitution provides extremely robust "privacy protections" which do not explicitly refer to privacy, most directly so with the 3rd, 4th, and 5th Amendments, while the 1st, 9th, and 10th are more indirect.
The EU, on the other hand, appears to place control as a value of higher importance. As such, they passed the GDPR, though EU-US agreements like Safe Harbor and Privacy Shield attempted to accomplish similar goals in more modest terms. The GDPR is massively complex. I know at least one privacy scholar who believes that machine learning may no longer be viable in the EU because of the GDPR's data reuse provisions. If a data controller needs to get permission from the data producer every time that information is used as part of a machine learning process, ML research may become too burdensome.
Now, some European governments state that their citizens "have a right to privacy." This situation highlights the difference between a positive and negative right, which I argue is a meaningful distinction (though not all agree).
For example, the US Constitution generally provides rights to citizens in the negative form, such as, "Congress shall make no law...abridging the freedom of speech". A positive form of that same right is Article 35 of the PRC Constitution, which is: "Citizens of the People's Republic of China enjoy freedom of speech, of the press, of assembly, of association, of procession and of demonstration" [2]. In the former case, the nation ultimately defines what "freedom of speech" means; in the latter case, the government ultimately defines the meaning of "freedom of speech." Granted, not everyone agrees with this interpretation, but I believe history generally shows this to be true.
So, the question is, is a European, positive-right formulation of privacy better for the nation or the government? I argue the government. For these reasons, I cannot stress enough the importance of grasping the difference between the US and EU approaches to "privacy".
> The US tends to view privacy, in general, as freedom from unwelcome perception, often construed as "the right to be let alone", following Warren and Brandeis
Sure, but the US still doesn't have any concrete legal implementation of privacy in general, outside of the three narrowly scoped laws you've listed. There is whole lot of "unwelcome perception" I'd like to avoid of the surveillance industry amassing and acting on dossiers kept about me, yet I've got essentially zero recourse while these companies build what are essentially parallel governmental systems that I'm forced to interact with. In your estimation, what is a workable "negative rights" framing that would allow me to be left alone?
Philosophically, I'd say the US's framing of rights has run its course and reached its limits. Not because of the negative framing per se, but rather because it only narrowly construes rights as applying to the de jure government. So complexity-induced contradictions spring up all over the place, as institutions that aren't considered part of the bona fide government have grown large enough to exert coercive power yet don't have to respect our rights. This has led to a dynamic of fascist cheerleading when someone has their natural rights suppressed while interacting with some large business, and supporters line up to say things like "their business their rules" etc.
> In your estimation, what is a workable "negative rights" framing that would allow me to be left alone?
I believe the best form is: "Congress shall make no law abridging the freedom from unwelcome perception of the people by any legal entity, foreign or domestic."
Note that perception is not just sensing or observation. Sensing is to data as perception is to information. If, say, a home security system captured an image of something deemed inappropriate, it might "avert its gaze" in some way using various technological means, which is covered by "unwelcome perception." However, if using a camera in the home security system proved too perceptually challenging, the system designer might swap out the camera for a different sensor, depending on the intended goals of the system. The goal is not to limit the expression of perception but certain outcomes, just like protecting freedom of speech doesn't focus on the expression of speech but certain outcomes.
That formulation should settle out fairly well. Citizens should be protected from both corporations and governments. A government should still be able to conduct a wiretap in the course of an investigation (because committing crimes is unwelcome in our society), yet it should deter any unwelcome whole-of-citizenry surveillance programs. Following the Tenth Amendment, if the citizenry of a particular state or municipality wish for certain types of public surveillance to occur (e.g., police cameras in cities), the people of that polity will need to seek legislation to accomplish such, which is a strength and not a weakness of the Constitution.
> I've got essentially zero recourse while these companies build what are essentially parallel governmental systems that I'm forced to interact with.
Though you probably won't like this perspective, every interaction with these systems is a choice. My hope is, the above approach makes such choices far less conflicted.
> Philosophically, I'd say the US's framing of rights has run its course and reached its limits. Not because of the negative framing per se, but rather because it only narrowly construes rights as applying to the de jure government.
The negative framing ultimately works well, but yes, massive corporations have convinced the nation that they are more powerful than governments. A possible solution might be adding "by any legal entity" to existing statements of protections of natural rights.
> A possible solution might be adding "by any legal entity" to existing statements of protections of natural rights.
> Congress shall make no law abridging the freedom from unwelcome perception of the people by any legal entity, foreign or domestic
Err, how is this supposed to work? "shall make no law" works for freedom of speech because by default speech is unregulated. The framing doesn't work for preventing unwelcome perception even by the government, because unwelcome perception results from actions that are by default unregulated.
For this to make sense, the current surveillance economy would have to only been enabled by congressional law that allowed them to start creating dossiers. As far as I'm aware, outside of a few narrow laws (eg FCRA), this is not the case. Rather the surveillance economy is legal by default, and no laws have made it illegal.
Furthermore, to apply this general approach of reigning in government-like corporations, it would have to be something like "Congress or any legal entity shall make no law abridging the freedom ...". Which also seems fraught with problems depending on what "legal entity" ends up being construed as.
> Though you probably won't like this perspective, every interaction with these systems is a choice
How can I have a bank account, a practical necessity of the modern world, while choosing to avoid a dossier being built by the surveillance company "ChexSystems" ?
Sure, in a sense it is still a choice to have any bank account. Sometimes the framing of choice can be useful, but more often than not its used as justification for an illusion of consent, where actually doing the alternative requires one to be independently wealthy and live in an off grid cabin in the woods.
> massive corporations have convinced the nation that they are more powerful than governments
What does this "convincing" have to do with the logical implications of the law? I'd say the thing massive corporations have errently convinced us of is that they should have equivalent standing as individuals. This is what allows them to hide behind the US's framing of natural rights to claim those "rights" for themselves at scale, often at the expense of individuals' rights.
> "shall make no law" works for freedom of speech because by default speech is unregulated. The framing doesn't work for preventing unwelcome perception even by the government, because unwelcome perception results from actions that are by default unregulated.
I'm confused by your perspective here. Yes, they're both by default unregulated, and that's the point.
> For this to make sense, the current surveillance economy would have to only been enabled by congressional law that allowed them to start creating dossiers. As far as I'm aware...this is not the case. Rather the surveillance economy is legal by default, and no laws have made it illegal.
A principle factor in the development of speech protection is technology, starting with the printing press and moving into domains like clothing. Technology has enabled speech to flourish in more ways than anyone could possibly imagine. Yet, the protections on speech are some of the most robust that we have, even after 200+ years when certain forms of speech cause direct harm and conflict with other constitutionally-protected rights.
Perception is even more fundamental than speech. Consider that perception has been around for longer in human existence than speech; all animals and babies perceive, after all. From a technological standpoint, the camera has been around for less than 200 years, and the first modern considerations of privacy stem from an issue with public photography (see Warren and Brandeis). Frankly, I believe we're only just realizing the impacts of unwelcome perception because of the present state of technology. The impact of unwelcome perception can cause as much if not more pain than insults; I personally believe more it's more painful.
My point here is, both speech and perception are by default unregulated and changes how another human feels and therefore acts. When weaponized by large entities using technology, speech is used to oppress. Making freedom from unwelcome perception a constitutional principle would be revolutionary in the purest sense of the word, bringing much challenge to its implementation, but I resolutely believe it would prove as foundational to protecting liberty as protecting freedom of speech, if not even moreso.
If you would use a different word than "unwelcome," I'm interested to hear what it is and why you prefer it.
> definition of a legal entity
"An entity refers to a person or organization possessing separate and distinct legal rights, such as an individual, partnership, or corporation. An entity can, among other things, own property, engage in business, enter into contracts, pay taxes, sue and be sued. An entity is capable of operating legally, suing and making decisions through agents, e.g. a corporation, a state, or an association. A legal entity corresponds to the notion of a legal person. A legal entity holds rights, and each entity has a legal status" [1].
Perhaps "entity" is too broad. The term "artificial person" [2] is more targeted.
> I'd say the thing massive corporations have errently convinced us of is that they should have equivalent standing as individuals.
Great point. They're persons, but they're artificial persons, so a distinction should be made in the law.
> I'm confused by your perspective here. Yes, they're both by default unregulated, and that's the point.
Speech and perception are both unregulated actions by default. But we're not talking about trying to preserve the freedom of perception, but rather we're trying to regulate perception to prevent unwanted perception.
"Congress shall make no law" works for speech, because the goal is to preserve the basic legality of speech and prevent speech from being regulated. Whereas for perception, the default state is full of unwelcome perception (just as the default state of speech is full of unwelcome speech!). So it's not necessary for congress to make a law for there to be unwelcome perception, rather it's necessary for congress to pass laws to prevent unwelcome perception.
Ultimately I'd say that negation is very important, especially due to the negative framing of rights, as it creates a double negative with its associated uncertainty. Does this clear up what I'm saying?
Separately, I don't love "unwelcome" but I also don't see a straightforward replacement. I think "perception" is itself an interesting way to frame things, although I'd be extremely worried about things like surveillance companies claiming that their databases of dossiers aren't themselves perception, and it's only things like reports that are.
> For example, the US Constitution generally provides rights to citizens in the negative form, such as, "Congress shall make no law...abridging the freedom of speech". A positive form of that same right is Article 35 of the PRC Constitution, which is: "Citizens of the People's Republic of China enjoy freedom of speech, of the press, of assembly, of association, of procession and of demonstration" [2]. In the former case, the nation ultimately defines what "freedom of speech" means; in the latter case, the government ultimately defines the meaning of "freedom of speech." Granted, not everyone agrees with this interpretation, but I believe history generally shows this to be true.
I think your assigning some deeper meaning to semantics than there is, without evidence to back it up.just saying China does this and the US does that is not sufficient. The next article in the Chinese constitution defines a right much in the same way as the the US constitution.
Article 36 Citizens of the People’s Republic of China shall enjoy freedom of religious belief.
No state organ, social organization or individual shall coerce citizens to believe in or not to believe in any religion, nor shall they discriminate against citizens who believe in or do not believe in any religion.
Does that mean that Chinese have the same religious freedoms as Americans? No, if anything this proves that a constitution document doesn't really mean much just by itself if there isn't a robust system of protections build around it.
> The next article in the Chinese constitution defines a right much in the same way as the the US constitution.
With respect, that is factually untrue. The full Article 36 is:
> Citizens of the People’s Republic of China shall enjoy freedom of religious belief. No state organ, social organization or individual shall coerce citizens to believe in or not to believe in any religion, nor shall they discriminate against citizens who believe in or do not believe in any religion. The state protects normal religious activities. No one may make use of religion to engage in activities that disrupt public order, impair the health of citizens or interfere with the educational system of the state. Religious bodies and religious affairs are not subject to any foreign domination.
Being more than mere spirituality and theology, religion provides a social environment for worldview development independent of the state. Across history, myriad outcomes arise from the exercise of religion: some good, some mixed, and some bad. The PRC, knowing that free expression of humanity creates much suffering, explicitly tries to control the expression of religion. To that end, the PRC only sanctions "normal religious activities" which do not "disrupt public order" or "interfere with the educational system of the state." Both of these restrictions work to subjugate the citizenry using a specific social control mechanism. As history will eventually show, these control mechanisms will both plant fear in the general population and push religion deeper underground.
The US Constitution protects freedom of religion in the following way: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof..." That's it. The US does not attempt to curtail the nature or expression of religion in a constitutional manner. From my own recollection, the only time the various governments of the US will interfere with religious practice is if it causes harm to others in some way, be it physical, mental, or legal. The US approach is vastly different, and to even attempt to equate the US and PRC constitutions will ultimately fall apart.
> No, if anything this proves that a constitution document doesn't really mean much just by itself if there isn't a robust system of protections build around it.
Yes, a robust system of protections is important, but constitutionality determines how that system may act.
Article 35 explicitly says PRC citizens currently possess freedom of speech. To challenge that fact is to challenge the validity of the PRC constitution, an action revolutionary in nature. At the same time, the world is well-aware that the PRC government engages in a vast censorship campaign and ensures its citizens know certain topics are not permissible for discussion under threat of penalty. If a PRC citizen disagrees with that position of the PRC government and seeks to speak out, the PRC government can simply point to the fact that the citizen indeed has freedom of speech and therefore no speech rights are being currently violated while the citizen is thrown in prison.
The US Constitution does not say, "Citizens of the United States possess freedom of speech." What government has the authority to make such a claim? Rather, it says, "Congress shall make no law...abridging the freedom of speech." Even if a federal law has the effect of "chilling" speech, it may be construed as abridging the freedom of speech if the effects are too pronounced. The constitution matters a great deal in the end.
This strikes me as a number porn trying to spin something by benchmarking against a distinct and unrelated question.
Of course the answer to “Do you know Elon Musk runs Twitter? Yes/No/I don’t know” is going to be skewed towards Yes or No much more frequently than something that requires much deliberation: “do you think the US lacks a meaningful national law on privacy?” Even if I am I supposed to answer that question as a legal expert, it may require sophisticated analysis to know whether it is meaningful, and as a layman do I know something is passed on a national level or not. Just too many moving parts.
The questions are the opposite of what you describe:
DKQ1 As of April 2023, which of the following companies did Elon Musk run?
- Tesla and Twitter {correct}
- Uber and Snapchat
- Twitter and Uber
- Snapchat and Tesla
- Not sure
DKQ10 Does the United States have a national privacy law that sets common standards for what companies can do with all data their products and services collect?
- Yes, it does
- No, it does not {correct} \
- Not sure
Thanks for posting the exact questions. I apologize if it came across as what the quotes means quoting from their questions. I was making a point with an example, which stands, that the answer to the latter question requires much more knowledge and deliberation than knowing a simple fact.
The same thing is going to apply to every other sphere of policy. We on HN believe that tech privacy is important and follow the developments on this website, but it's a stretch to expect regular people to know this stuff. And it's not a knock on regular people! They're experts in their domains, everyone is - from car mechanics to baristas to hobbyist knitters. People are too busy resting from work, taking care of their families, and pursuing their interests.
So where do you go from there? If you're engaged in the policy world, it helps to create institutions regular people can delegate policy expertise to, like the EFF or the Humane Society. Intense lobbying by small groups gets results (in both good and bad ways). And having a large "laity" of people that support the institution and expect it to do the nitty-gritty is ok.