> "Every industry sector [that] has looked at this initiative considers it a very serious threat to the ability to do business in California," says Robert Callahan, vice president of state government affairs for the Internet Association. The group represents major tech companies, including Google, Facebook and Netflix.
It's not hard if you don't base your businesses doing what many people consider creepy.
Maybe they should have thought of that before doing so.
Some companies don't sell ads or user data at all, but use related user information to detect things like scam rings on dating sites, spam rings on forums, and fraud rings on finance sites. If that information can just be deleted at the request of the user, say hello to way worse user experiences on sites like those, and many more you haven't yet thought of. The only way around it is to lock down signups, provide constricted service, or let the communities rot.
Data privacy laws generally don't give blanket opt-out options, and this proposal doesn't seem to include an opt-out. (Think about it: eg criminals obviously can't opt out of police databases).
> A. Giving California consumers the right to know what categories of personal information a business has collected about them and their children.
> B. Giving California consumers the right to know whether a business has sold this personal information, or disclosed it for a business purpose, and to whom.
> C. Requiring a business to disclose to a California consumer if it sells any of the consumer's personal information and allowing a consumer to tell the business to stop selling the consumer's personal information.
> D. Preventing a business from denying, changing, or charging more for a service if a California consumer requests information about the business's collection or sale of the consumer's personal information, or refuses to allow the business to sell the consumer's personal information.
> E. Requiring businesses to safeguard California consumers' personal information and holding them accountable if such information is compromised as a result ofa security breach arising from the business's failure to take reasonable steps to protect the security of consumers' sensitive information.
I don't think the sky is going to fall if this gets passed.
But why can't users be asked and given the option? If that's the result of their data being deleted, then I'm sure the company in question would make users well aware of the consequences of opting out.
If you read the article you would know that this is perfectly legal under the proposition. It's selling your data to third parties without user consent that it makes illegal.
Consumer perception of what is and isn’t “creepy” has somewhat shifted in light of recent issues, however. Many of the businesses to which this law would apply have established their business models in a time when privacy may have been less in the front of a consumer’s mind.
Businesses just starting out have an easier time knowing which lines not to cross in their business models than those who began their journies sometimes over a decade ago.
>Many of the businesses to which this law would apply have established their business models in a time when privacy may have been less in the front of a consumer’s mind.
I think the degree to which your business model is future proof in the face of changing preferences of consumers should be on the mind on entrepreneurs, and if it isn't I think it's a good thing that new companies will eventually supplant them.
Not different at all from companies that had their eye on increasing environmental standards and planned accordingly.
I think a lot of people have always considered some of the practices employed in the tech sector to be creepy and unwelcome. It's just that awareness has increased, and now there's a sense that you don't just have to put up with the intrusions and abuses to live a normal life any more.
The subjective nature of the term creepy is exactly what is important here because it all depends on context. Most people would consider it creepy when Target knows their daughter is pregnant before they do. [1] I would also bet most people would be perfectly happy if Target figures out they have a new puppy and starts sending coupons for dog food. Those things are fundamentally the same when it comes to what data is collected and what process predicted it. However the human element of privacy makes those two situations worlds apart. That human context is what is important and why it is so hard to come up with universal algorithms or rules that can adequately handle any privacy situation.
> Mactaggart recalls the moment about four years ago that turned him into a privacy advocate. He asked a Google engineer at a cocktail party whether he should be worried about his privacy. "He said, 'Oh if you just knew how much we knew about you, you'd be really worried,' " recalls Mactaggart.
It's not like we don't know that they don't know but if they did know they would not like it, and we know that too.
Creepy: doing something to someone that you know they would not like if they knew about it but doing it anyway.
What the tech industry et. al. is doing is deeply creepy and the only reason we're not up against the wall is that people haven't quite understood yet what's going on. It's so egregious that people are incredulous, but as they start to get a clue it will eventually be pitchforks and torches time. (Ahem, GDPR...)
I think a fair number of people would agree that the Google pre-G+ is not the same Google post-G+.
The businesses can survive and do well without needing to know every habit of everyone and target ads based on knowing everyone's predilections and peccadilloes. Sure it would be more like classical Newspaper ads and broadcast TV ads; which, while they worked, are acknowledged not to be as effective, but still effective enough to support the ad and consumerist economies.
It's probably not to late to return to that business model, if people demand it enough and legislators don't cave-in to business demand.
So the standard of illegality now is what people consider creepy or cringey? Maybe this is actually the solution to the Fermi Paradox, technological civilizations dwindle as they engage in navel gazing and precautionary restraints.
Yup, by and large societies determine the parameters in which they would like to operate. These take the form of social agreements, laws, constitutions etc...
In the olden days it was normal and legal to own people. Then (most) societies "decided" that they are not comfortable with the idea anymore and the norms and laws changed.
I'm wondering if they did think of that, but were all rushing to cash out as much and as quickly as possible before the inevitable public backlash. A creepy-ness bubble, if you will.
> But Callahan [VP of a tech industry group] doesn't think a privacy law should be written by advocates like Mactaggart and put on the ballot.
> "Without any sort of process ... the proponents came up with this law," Callahan says. "[Mactaggart is] suggesting [this] should be the law of the land without any sort of public vetting or scrutiny and we think that's irresponsible and dangerous."
Isn't the ballot initiative process the "public vetting or scrutiny" this guy is talking about? Seems like he's unhappy his group didn't get a chance to water down or kill the measure behind the scenes.
The public aren't lawyers. One of the points of representative democracy is supposed to be that legislators are more experienced with the practice of writing effective laws - laws that will have their intended effect and stand up in court. With the initiative process, it's easy to find text that sounds nice when you describe it in 30 seconds to people on the street but is either ineffective or has awful unexpected consequences.
That's not to say that there's no place for the initiative process, but it's not without its problems.
If laws can't be easily written and understood, that's a problem with the legal system (and the media explaining said laws and initiatives).
The CA implementation seems terrible, but in general direct democracies end up with better laws, and the populace in such democracies ends up being better than a bunch of self selected politicians (who happen to not be experts anyway). US and UK lawmaking processes are a perfect example of why you need to give citizens more control (but you still want legislative bodies to do the grunt work).
> Isn't the ballot initiative process the "public vetting or scrutiny" this guy is talking about? Seems like he's unhappy his group didn't get a chance to water down or kill the measure behind the scenes.
This is the same electorate that banned gay marriage (prop 8) and caused the worst housing crisis in decades (prop 13). Even if his opinion is wrong, his criticism of the the process is spot on.
California ballot initiates have a pretty wonky history.
I'm not a legal expert or legislative one but I do think there is good reason for public vetting as in a ballot initiative, and other things that require a bit more / or different type of vetting, such as something that goes through a legislature and maybe has the input of some folks who pay attention for longer than a tv advert.
This law seems much more reasonable compared to GDPR.
"(b) "Business" means:
(1) a sole-proprietorship, partnership, limited-liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that collects consumers' personal information, that does business in the State of California, and that satisfies one or more of the following thresholds: (A) has annual gross revenues in excess of $50,000,000, as adjusted pursuant to paragraph (5) of subdivision (a) of section 1798.115; or (B) annually sells, alone or in combination, the personal information of 100,000 or more consumers or devices; or (C) derives 50 percent or more of its annual revenues from selling consumers' personal information; ..."
And the definition of "selling" is also clearly defined.
"
(q)(l) "Sell," "selling," "sale," or "sold," means:
(A) selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration; or (B) sharing orally, in writing, or by electronic or other means, a consumer's personal information with a third party, whether for valuable consideration or for no consideration, for the third party's commercial purposes."
There are many business that “sell” data under the second clause TO both Facebook and Google which could be impacted.
The Facebook Pixel is definitely disclosing data to Facebook, even if they aren’t being paid for it. And they probably use data from the Facebook Pixel across many advertisers for Facebook’s own business purposes.
Letting smaller businesses off the hook here is not a good idea, since the larger businesses could just buy data off of the smaller ones, or both could belong to the same umbrella corporation and the data could be shared for nothing.
What incentive would such a small business have for operating. They would have to deliberately cap their revenue in order to maintain the business size and not run afoul of the regulation. The moment their revenue tips over, the profit maximizing behavior would be for facebook and google to use home-grown compliant solutions. Once they have a home-grown solution that complies with the law, they'd have no reason to ever again contract out the collection work.
Not only would this not affect Google and Facebook, who "sell your data" to their own internal marketing products (let's not pretend they aren't actually selling your data, they just have the marketing company in-house), but that minimum revenue bar also likely exempts your Unroll.mes who do literally sell your data, because they probably don't bring in enough revenue to cross the line. Companies burning investment money and not bringing in actual revenue would also be exempt.
By choosing “I agree” below, you agree that NPR’s sites use cookies, similar tracking and storage technologies, and information about the device you use to access our sites to enhance your viewing, listening and user experience, personalize content, personalize messages from NPR’s sponsors, provide social media features, and analyze NPR’s traffic. This information is shared with social media services, sponsorship, analytics and other third-party service providers.
Options:
- Agree and continue
- Decline and visit plain text site
Decline takes you to the homepage, which is literally plain text. Apparently it was too hard for them to provide some css. You have to search around for the content you were going to, ultimately ending up at this plain text page: https://text.npr.org/s.php?sId=614419275
Your essay is a bit of a wall of text, I would suggest adding headers and cutting up the paragraphs into smaller chunks to make it easier to read.
Also I feel like the general essay format that is taught to you in grade school is actually a bad format. Grade school project style reports are usually easier to read and easier to write.
Essays contorts most people's writing into a very awkward form. If people were allowed write without the restrictions of essays, they would usually be more clear.
Better yet, try the typical medium or journalistic article format to get better reading comprehension.
And maybe have it proofread by someone? I always do this and still end up with typos and grammar errors but a proofreading session will usually get rid of 90% or more of those.
You are using an older blogspot theme that is not mobile optimized. You can update it to one of the newer, streamlined and mobile optimized themes with one click. Since you currently have no background graphics, you might like Emporio.
This would likely help make it a bit more readable for very little effort, though a grammar and spell checker and shrinking some paragraphs would help as well.
I'd love a law that says [paraphrasing] "You must allow unsubscription via the same medium as subscription." Problem is there are far too many loopholes and potential issues, there's no way you could make the text of the law both exact enough but vague enough to work in most circumstances.
It would be better to just have a consumer watchdog that had the power to ask companies to change anti-consumer practices and use a jury to determine if something is anti-consumer (like dark patterns).
Yes I’ve thought about this too - especially with cell phone/internet/cable/magazines - silly how you can subscribe online or in-store but need to call to cancel. With digital subscriptions it should be as easy as unsubscribing from an email list.
this is their homepage https://www.caprivacy.org/about - they should at least implement the conspicuous "Do not sell my personal information" link on their own website. Just to get an idea about the extra work that they're asking millions of people to do.
*Edit: under the proposed law, websites like this wouldn't actually be required to post the 'Do not Sell' link
Upon closer inspection, it seems like this law would only apply to large business or businesses that actually sell personal information. If that's the case then it's more reasonable than I initially thought.
I was concerned that every blog and startup might need to implement the functionality, but it seems like that might not be the case.
Readit News
It's not hard if you don't base your businesses doing what many people consider creepy.
Maybe they should have thought of that before doing so.
The full text of the proposal is here: https://oag.ca.gov/system/files/initiatives/pdfs/17-0039%20%...
> A. Giving California consumers the right to know what categories of personal information a business has collected about them and their children.
> B. Giving California consumers the right to know whether a business has sold this personal information, or disclosed it for a business purpose, and to whom.
> C. Requiring a business to disclose to a California consumer if it sells any of the consumer's personal information and allowing a consumer to tell the business to stop selling the consumer's personal information.
> D. Preventing a business from denying, changing, or charging more for a service if a California consumer requests information about the business's collection or sale of the consumer's personal information, or refuses to allow the business to sell the consumer's personal information.
> E. Requiring businesses to safeguard California consumers' personal information and holding them accountable if such information is compromised as a result ofa security breach arising from the business's failure to take reasonable steps to protect the security of consumers' sensitive information.
I don't think the sky is going to fall if this gets passed.
Businesses just starting out have an easier time knowing which lines not to cross in their business models than those who began their journies sometimes over a decade ago.
I think the degree to which your business model is future proof in the face of changing preferences of consumers should be on the mind on entrepreneurs, and if it isn't I think it's a good thing that new companies will eventually supplant them.
Not different at all from companies that had their eye on increasing environmental standards and planned accordingly.
Deleted Comment
[1] - https://consumerist.com/2012/02/17/target-figures-out-teen-g...
It's not like we don't know that they don't know but if they did know they would not like it, and we know that too.
Creepy: doing something to someone that you know they would not like if they knew about it but doing it anyway.
What the tech industry et. al. is doing is deeply creepy and the only reason we're not up against the wall is that people haven't quite understood yet what's going on. It's so egregious that people are incredulous, but as they start to get a clue it will eventually be pitchforks and torches time. (Ahem, GDPR...)
The businesses can survive and do well without needing to know every habit of everyone and target ads based on knowing everyone's predilections and peccadilloes. Sure it would be more like classical Newspaper ads and broadcast TV ads; which, while they worked, are acknowledged not to be as effective, but still effective enough to support the ad and consumerist economies.
It's probably not to late to return to that business model, if people demand it enough and legislators don't cave-in to business demand.
In the olden days it was normal and legal to own people. Then (most) societies "decided" that they are not comfortable with the idea anymore and the norms and laws changed.
> "Without any sort of process ... the proponents came up with this law," Callahan says. "[Mactaggart is] suggesting [this] should be the law of the land without any sort of public vetting or scrutiny and we think that's irresponsible and dangerous."
Isn't the ballot initiative process the "public vetting or scrutiny" this guy is talking about? Seems like he's unhappy his group didn't get a chance to water down or kill the measure behind the scenes.
That's not to say that there's no place for the initiative process, but it's not without its problems.
https://www.theatlantic.com/technology/archive/2010/10/googl...
The CA implementation seems terrible, but in general direct democracies end up with better laws, and the populace in such democracies ends up being better than a bunch of self selected politicians (who happen to not be experts anyway). US and UK lawmaking processes are a perfect example of why you need to give citizens more control (but you still want legislative bodies to do the grunt work).
This is the same electorate that banned gay marriage (prop 8) and caused the worst housing crisis in decades (prop 13). Even if his opinion is wrong, his criticism of the the process is spot on.
I'm not a legal expert or legislative one but I do think there is good reason for public vetting as in a ballot initiative, and other things that require a bit more / or different type of vetting, such as something that goes through a legislature and maybe has the input of some folks who pay attention for longer than a tv advert.
"(b) "Business" means: (1) a sole-proprietorship, partnership, limited-liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that collects consumers' personal information, that does business in the State of California, and that satisfies one or more of the following thresholds: (A) has annual gross revenues in excess of $50,000,000, as adjusted pursuant to paragraph (5) of subdivision (a) of section 1798.115; or (B) annually sells, alone or in combination, the personal information of 100,000 or more consumers or devices; or (C) derives 50 percent or more of its annual revenues from selling consumers' personal information; ..."
And the definition of "selling" is also clearly defined.
" (q)(l) "Sell," "selling," "sale," or "sold," means: (A) selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration; or (B) sharing orally, in writing, or by electronic or other means, a consumer's personal information with a third party, whether for valuable consideration or for no consideration, for the third party's commercial purposes."
[https://oag.ca.gov/system/files/initiatives/pdfs/17-0039%20%...]
The Facebook Pixel is definitely disclosing data to Facebook, even if they aren’t being paid for it. And they probably use data from the Facebook Pixel across many advertisers for Facebook’s own business purposes.
sounds like it would hurt equifax. that’s worth way more than google, which only gives access to demographic data and doesn’t directly share it.
Because I suspect that is what GDPR advocates truly want.
They aren't actually selling your data... Maybe if you decide to change the definition of the word "selling" they are selling your data.
https://text.npr.org/s.php?sId=614419275
What are you seeing? I didn't see any consent popups on Firefox or Chrome (even with uBlock & NoScript disabled).
It's full page, not a popup or modal. Text:
By choosing “I agree” below, you agree that NPR’s sites use cookies, similar tracking and storage technologies, and information about the device you use to access our sites to enhance your viewing, listening and user experience, personalize content, personalize messages from NPR’s sponsors, provide social media features, and analyze NPR’s traffic. This information is shared with social media services, sponsorship, analytics and other third-party service providers.
Options:
- Agree and continue
- Decline and visit plain text site
Decline takes you to the homepage, which is literally plain text. Apparently it was too hard for them to provide some css. You have to search around for the content you were going to, ultimately ending up at this plain text page: https://text.npr.org/s.php?sId=614419275
Something similar is what led me to write my essay on ad tracking and Google that tried to trace it back to Larry and Sergey:
http://yuhongbao.blogspot.ca/2018/04/google-doubleclick-mozi...
Also see:
https://twitter.com/berendjanwever/status/775366191078641664
Also I feel like the general essay format that is taught to you in grade school is actually a bad format. Grade school project style reports are usually easier to read and easier to write.
Essays contorts most people's writing into a very awkward form. If people were allowed write without the restrictions of essays, they would usually be more clear.
Better yet, try the typical medium or journalistic article format to get better reading comprehension.
Deleted Comment
This would likely help make it a bit more readable for very little effort, though a grammar and spell checker and shrinking some paragraphs would help as well.
I’m a practicalist.
It would be better to just have a consumer watchdog that had the power to ask companies to change anti-consumer practices and use a jury to determine if something is anti-consumer (like dark patterns).
What if you've agreed to a contract and want to exit early and there are fees?
What if the company wants to offer an incentive for you to keep your subscription?
Should all those things be illegal?
Deleted Comment
*Edit: under the proposed law, websites like this wouldn't actually be required to post the 'Do not Sell' link
Source: https://www.caprivacy.org/privacy-policy
I was concerned that every blog and startup might need to implement the functionality, but it seems like that might not be the case.