> "Every industry sector [that] has looked at this initiative considers it a very serious threat to the ability to do business in California," says Robert Callahan, vice president of state government affairs for the Internet Association. The group represents major tech companies, including Google, Facebook and Netflix.
It's not hard if you don't base your businesses doing what many people consider creepy.
Maybe they should have thought of that before doing so.
Some companies don't sell ads or user data at all, but use related user information to detect things like scam rings on dating sites, spam rings on forums, and fraud rings on finance sites. If that information can just be deleted at the request of the user, say hello to way worse user experiences on sites like those, and many more you haven't yet thought of. The only way around it is to lock down signups, provide constricted service, or let the communities rot.
Data privacy laws generally don't give blanket opt-out options, and this proposal doesn't seem to include an opt-out. (Think about it: eg criminals obviously can't opt out of police databases).
> A. Giving California consumers the right to know what categories of personal information a business has collected about them and their children.
> B. Giving California consumers the right to know whether a business has sold this personal information, or disclosed it for a business purpose, and to whom.
> C. Requiring a business to disclose to a California consumer if it sells any of the consumer's personal information and allowing a consumer to tell the business to stop selling the consumer's personal information.
> D. Preventing a business from denying, changing, or charging more for a service if a California consumer requests information about the business's collection or sale of the consumer's personal information, or refuses to allow the business to sell the consumer's personal information.
> E. Requiring businesses to safeguard California consumers' personal information and holding them accountable if such information is compromised as a result ofa security breach arising from the business's failure to take reasonable steps to protect the security of consumers' sensitive information.
I don't think the sky is going to fall if this gets passed.
"D" is surprising to me. It's either going to create a high incentive for dark patterns or it will kill the business of selling data. Why doesn't the proposal make it illegal to sell data if that's the case?
Past that, it's also surprising that a lot of this is about selling data, but what about using it internally? It seems like Facebook and Google don't want to sell your data as they consider it their proprietary asset.
That's cool, and I agree. Though as mentioned in another comment, I wasn't referencing the article, I was responding to the criticism that collecting user data doesn't serve a real purpose, and that it's just "creepy."
But why can't users be asked and given the option? If that's the result of their data being deleted, then I'm sure the company in question would make users well aware of the consequences of opting out.
I don't think you can expect users to be anything but selfishly motivated, and concerned with their own experience only. I don't think most will care about the experience of others. Certainly not if they're deleting their own account from the service. Plus the point is that in these cases, potentially the users who would most want to delete are the ones most motivated to do so: the scam/spam/fraud ringsters.
If you read the article you would know that this is perfectly legal under the proposition. It's selling your data to third parties without user consent that it makes illegal.
I wasn't referencing the article, I was responding to the criticism that collecting user data doesn't serve a real purpose, and that it's just "creepy." Also, I could be wrong, but GDPR does mandate data deletion on request, so even if it isn't a concern for this bill as written right now, it's still something to think about, since these regulations are headed in that direction.
Consumer perception of what is and isn’t “creepy” has somewhat shifted in light of recent issues, however. Many of the businesses to which this law would apply have established their business models in a time when privacy may have been less in the front of a consumer’s mind.
Businesses just starting out have an easier time knowing which lines not to cross in their business models than those who began their journies sometimes over a decade ago.
>Many of the businesses to which this law would apply have established their business models in a time when privacy may have been less in the front of a consumer’s mind.
I think the degree to which your business model is future proof in the face of changing preferences of consumers should be on the mind on entrepreneurs, and if it isn't I think it's a good thing that new companies will eventually supplant them.
Not different at all from companies that had their eye on increasing environmental standards and planned accordingly.
I agree that we're somewhat overdue for a shakeup, although I'm not entirely sure any companies founded 10+ years ago could have anticipated the changing of the tide with respect to consumer privacy. I think the larger companies (notably Facebook) are learning as they go. And, frankly, doing a fairly good job of that.
An example is Facebook's reaction to racial profiling in the real estate and renters market. In my opinion, they handled that as well as could be reasonably expected.
I think a lot of people have always considered some of the practices employed in the tech sector to be creepy and unwelcome. It's just that awareness has increased, and now there's a sense that you don't just have to put up with the intrusions and abuses to live a normal life any more.
You have the choice not to use the major tech companies. In fact, a favorite pastime of HN is recommending all of the alternatives to use.
Another example, you don't have to buy an Amazon Echo or Google Assistant. If you find cloud connected microphones in your home creepy, don't do it. Why is that not sufficient? Or do the people who are creeped out want to make the choice for other people and remove products from the market they'd like to use?
You have the choice not to use the major tech companies.
Sure, but it is increasingly the case that by doing so you are excluded from normal daily activities, because in some cases these technologies are now how our society communicates.
For example, you can no longer park legally in many UK streets or public car parks without using a smartphone app, which means working with Apple or Google (Android) technology for the device, and working with a mobile network operator for the data connection. In theory, you can usually call or text from a feature phone instead, which means you only have to deal with the mobile network, but typically those facilities are among the worst user experience you will ever encounter, and taking upwards of 15 minutes to make a simple payment is not unusual, if you can even pay successfully at all. You no longer have any option to pay quickly, reliably and anonymously in cash the way we used to.
In situations where you have no choice, I agree. This has long been an issue with credit card payments too. But IMHO, the government could fix this by simply having their own payment mechanism. I mean, every store has their own rewards card, why can I just buy a parking card for the whole city that I top-off once in a while and just at the meters?
But IMHO, the government could fix this by simply having their own payment mechanism.
Honestly not sure if you're joking here... The government in my country has a somewhat well-established payment mechanism, which relies on small metallic or paper-plastic tokens to represent value, and that is what we used to pay for parking until these new-fangled things came along.
I'm not joking, physical coins and tokens are irritating and inconvenient to carry. Cash has other portability annoyances. A cash card that can be refilled electronically is more convenient than having to hit ATMs constantly or deal with merchants having exact change.
If you tell me to give up credit cards or mobile payments, I won't. I'd rather credit cards and mobile payments be made secure and private, but in the worse case, I'll trade convenience for marginal loss of privacy, since in decades of walking this earth, I've yet to have been harmed by it.
I'd be more concerned if I lived in a country with a more fascist authoritarian government, but the cost/benefit tradeoff for me, personally, it well worth it. Other people have the choice of not doing so, they just have to suffer the irritation of cash and loss of convenience.
Well, that's fair enough, if you're choosing to accept that trade-off. My concern here is that often it is no longer a meaningful choice, and everyone else is being forced to accept the same trade-off whether they favour their privacy and security or not. In that particular case, with a simple payment card or the like, perhaps it's not such a big deal. However, when something like your phone, your home or your car is compromised, the potential harm is more significant.
The subjective nature of the term creepy is exactly what is important here because it all depends on context. Most people would consider it creepy when Target knows their daughter is pregnant before they do. [1] I would also bet most people would be perfectly happy if Target figures out they have a new puppy and starts sending coupons for dog food. Those things are fundamentally the same when it comes to what data is collected and what process predicted it. However the human element of privacy makes those two situations worlds apart. That human context is what is important and why it is so hard to come up with universal algorithms or rules that can adequately handle any privacy situation.
Somewhat unrelated, but is anyone else having trouble loading that consumerist page? It keeps redirecting me off to https://consumerist.com/remote-login.php?login=.... which 404s. Looks like a WordPress plugin (WPRemoteLogin) gone amok.
EDIT: looks like this is because I'm logged into my own Wordpress blog. Weird that that should have any bearing on my ability to load this blog.
> Mactaggart recalls the moment about four years ago that turned him into a privacy advocate. He asked a Google engineer at a cocktail party whether he should be worried about his privacy. "He said, 'Oh if you just knew how much we knew about you, you'd be really worried,' " recalls Mactaggart.
It's not like we don't know that they don't know but if they did know they would not like it, and we know that too.
Creepy: doing something to someone that you know they would not like if they knew about it but doing it anyway.
What the tech industry et. al. is doing is deeply creepy and the only reason we're not up against the wall is that people haven't quite understood yet what's going on. It's so egregious that people are incredulous, but as they start to get a clue it will eventually be pitchforks and torches time. (Ahem, GDPR...)
I think a fair number of people would agree that the Google pre-G+ is not the same Google post-G+.
The businesses can survive and do well without needing to know every habit of everyone and target ads based on knowing everyone's predilections and peccadilloes. Sure it would be more like classical Newspaper ads and broadcast TV ads; which, while they worked, are acknowledged not to be as effective, but still effective enough to support the ad and consumerist economies.
It's probably not to late to return to that business model, if people demand it enough and legislators don't cave-in to business demand.
So the standard of illegality now is what people consider creepy or cringey? Maybe this is actually the solution to the Fermi Paradox, technological civilizations dwindle as they engage in navel gazing and precautionary restraints.
Yup, by and large societies determine the parameters in which they would like to operate. These take the form of social agreements, laws, constitutions etc...
In the olden days it was normal and legal to own people. Then (most) societies "decided" that they are not comfortable with the idea anymore and the norms and laws changed.
That's a rather bad analogy, considering that slavery is an initiation of force against an individual, giving them no choice, over a physical good (their own body). Information is a non-rival good, someone's possession of it doesn't diminish your possession of it, unlike say, a slave master possessing you on a plantation.
Philosophically, some of these regulations run afoul negative rights. When you interact with other people, or any entity, they will retain a memory of it. A lot of this data collection used to exist, but was informal, on pen and paper, or simply retained by the mind of the local establishments as their customers were locals. Saying that you own information that is by nature joint information like an entangled particle, and that another party must erase it, may be a pragmatic and utilitarian policy to deal with the increasing probability of bad actors (State or otherwise) misusing information, but the philosophy behind it rubs me the wrong way.
Let's say a run a video arcade, and I keep track of which games everyone plays when they come in through the door. Though I hold no PII on the people, through some mechanism I can assign them a unique ID and recognize them on return (e.g. token card). Why should this joint information: what entities playing my arcade cabinets, be exclusively owned by you, especially if I'm not even providing the games for free?
I'm asking this as a philosophical question, what's the moral justification that one side of a two sided exchange retains exclusivity to information? (and by exclusivity, I mean your right to ask me to delete it)
I was not comparing slavery to lack of data privacy. The point I was trying to make was that, in the greater scheme of things, there is no requirement for philosophical or moral motivation to change laws - only a critical mass of people who want the change.
In this context, the slavery example wasn't a good one as it is so charged with exactly that. Perhaps drug prohibition laws are a better example in general and Alcohol prohibition in the US in particular: https://en.wikipedia.org/wiki/Eighteenth_Amendment_to_the_Un...
With this in mind there is no need for moral justification that one side of a two sided exchange retains exclusivity to information (and given the way personal data is used and abused, I think that there is such justification) , only sufficient public opinion that this is how things should be.
> someone's possession of it doesn't diminish your possession of it
However someone's possession of data about you may indeed diminish other rights you hold and/or may be used to gain advantage at your expense. This is why we talk about data getting "into the wrong hands". I may not care for my employer to know about my sexual proclivities. I may not care for insurers to know my search history and draw (possibly incorrect) inferences from it.
The argument regarding privacy isn't about the potential that others' knowledge of your info diminishes the utility of the data to you (in most cases there is no _personal_ utility). It's about the power to restrict who can use that information as leverage in the advancement of their interests, often to the detriment of your own. It's about preserving agency.
I'm wondering if they did think of that, but were all rushing to cash out as much and as quickly as possible before the inevitable public backlash. A creepy-ness bubble, if you will.
It's not hard if you don't base your businesses doing what many people consider creepy.
Maybe they should have thought of that before doing so.