Hollings Introduces Privacy Bill

Dynedain writes "Senator Disney (aka Hollings) is apparently trying to get on techies' good side. ZDnet is reporting he is proposing a bill for 'net privacy' requiring opt-in agreements when companies want to sell 'sensitive' information (medical history, sexual preference, etc.) and opt-out agreements when selling non-sensitive (buying habits). US Chamber of Commerce is opposing this." Another article on Newsbytes notes that there are likely to be several privacy bills floating around, offering different levels of actual protection.

Great...

[Deluge]

Now /. has another guy to have a love/hate relationship with.

Anyways, he's not trying very hard. All information that could be shared should be opt-out. Sharing very private information, like medical histories, is already well protected, and people's tendency to not notice opt-out options for buying habits and such will do nothing to stem the flow of spam and junk mail. Oh well.

Re:Great...

[Stephen+Samuel]

As someone else said: This legislation does very little other than place in stone what the DMA is already doing. Not many people have the sensitive information that he's requiring the opt-in for, anyways (it's the nature of 'sensitive' information). In any case it doesn't matter.

They can't tell me your sexual preference or your medical history, but they can tell me that:

• You are male,
• You visit 'beefcake' porn sites a lot
• you buy AZT on the 'net because it's cheaper.

I can figure out the rest from there.

Re:Great...

[gclef]

True. In fact, one thing I'd like to make sure this law does *not* do is to override the protections put in place for medical information by HIPAA. The privacy protections put in by HIPAA are actually pretty well done. I'd rather they not be weakened by a "We got you to click ok, so we're spamming the globe with your surgery results now" rule.

History Repeats itself

[plemeljr]

"I fear the Greeks, even when bringing gifts"
-Virgil (70-19 BC)

What Disney wants...

[WinPimp2K]

Nope, Eisner is sweating bullets that someone will access Walt's medical data and find out that he was scheduled for revival in 2001, but that some one named M. Eisner MD, delayed the procedure till a date (in true MD handwriting) that looks suspiciously like "hell freezes over"

Don't hold a grudge!!!

[lkaos]

Listen, if Hollings is sponsering this bill because he wants to "make-up" with the tech-community, then the worst thing the tech-community can do is continue to boycott him.

Make the message clear, that the community will support good bill but go ape-shit crazy on bad ones. If he gets a bad reaction still, he's just going to write off the tech community as a special interest group that he has no chance of winning over. In that case, he'll say screw you to all of us and just go on taking blood money from disney.

Don't make it personal, it's simply politics. We just have to play the game.

Re:Don't hold a grudge!!!

[anthony_dipierro]

Listen, if Hollings is sponsering this bill because he wants to "make-up" with the tech-community, then the worst thing the tech-community can do is continue to boycott him.

If he wants to make up with me he needs to denounce the SSSCA as blatently unconstitutional and vow to never sponsor a bill remotely like it again. Then he'll graduate into my "I won't vote for you but I won't do everything in my power to stop you" category.

Don't make it personal, it's simply politics. We just have to play the game.

And the rules of the game say that once you sponsor nonsense like the SSSCA you're ejected. And you can't get back in no matter how much you apologize. It's too late. You lose. If you want a place in politics, apologize for your misdeeds and go work for someone else's campaign. If you apologize I'll consider voting for someone you support.

Non-sensitive privacy?

[irony+nazi]

Hmmm. Let's see if the irony nazi can understand this...

Sensitive private characteristics:
Sexual Preference: Heterosexual
Medical History: Pretty healthy, alcoholism runs in family.
Crinimal record: One speeding ticket, not much else.

Yeah, those are pretty private

Non-sensitive private information:
Buying habits: Alcohol, Straight Pr0n, exercise stuff & vitamins, no medicine
Web browsing habits: /., weightlifting websites, finance, and geeky websites. straight pr0n.

Whoa. My non-sensitive information is extremely suggestive of my sensitive information, wouldn't you think? What gives? Is it more complicated to make all privacy information opt-in? It seems like it would be less complicated to the irony nazi.

Re:Well Even markiting information should be opt i

[SirSlud]

This got me thinking that when you go into a store, in the very least, employees and gauge the demographics they are catering to, and adjust the way the store operates accordingly.

You have to admit, much of the information they want when you buy (where ya from, how old are you) is 'casually' available in physical stores. Online retailers have no such luxery of asking their sales force (cause there is none) who's buying, so I really dont think it's asking to much for the companies to want the provision of that kind of information to be standard procedure when buying online.

The physical retailers can provide this information based on sales data, the retailers physical location, and by virtue of the sales force being physically located where the buyer is. Virtual retailers arn't asking for anything new, other than potentially the granularity (IE, you live in this zipcode instead of you shop in this zipcode.)

The Direct Marketing Association (DMA) said it continues to support industry self-regulation on privacy.

I support segreating 'opt-in', 'opt-out' not by what information is collected, but by what you are allowed to do with that information. 'opt-out' collection should allow retailers to do internal aggregated sales analytics, while you MUST provide 'opt-in' collection when you wish to use that information to proactively contact the customer.

I'm Psychic

[4of12]

Holling's move makes more sense than you realize.

I commented several months ago about this but couldn't find it using the search engine, so I'll just repeat, roughly, what I said earlier.

Privacy advocates and advocates of Content Use Restriction (DRM) have a shared goal.

You, the liberty loving individual, don't want big bad governments and corporations using data about you without your permission. You want control over that data.

Purveyors of digitized content don't want tiny bad people "pirates" using their data without their permission. They want control over that data.

A rock-solid data tagging and protection system, (you know, the impractical kind) would provide a means to meet not only the needs of individuals seeking ownership and protection of their own data from duplication, but would simultaneously provide similar technology to media distributors seeking ownershop and protection of their data from duplication.

When I first realized this I was kind of taken aback, because, like many here, I've always place a higher value on the protection of my data than on the protection of someone else's data. That same disconnect will continue to confuse many advocates on both sides of the issue.

My own view is pragmatic: if it were easily possible to protect data this way, fine. But it's not. Once it's out there, it's beyond your control, just as for millenia, your spoken and written words have been able to disseminate beyond your control.

Medical Information

I don't see how the "selling" of medical information is legal at all. I worked for a company who made software for the health care industry, and there's some serious laws regarding protection of medical information. Both parties sending and receiving any information must have written signed guarentees that the information will be kept private. This act is the Health Care Protection and Acountability Act (HIPAA).
A simple opt-in (ala Yahoo! i'm asuming here) wouldn't abide by the laws set forth in HIPAA.

I'm surprised Hollins even brings medical information to the Internet. Most medical facilities I worked with had stricit protocols or strict seperation regarding sensitive data and the Internet. If any information was sent at all, it was either via FAX, hardcopy, or on a secure connection (via CarbonCopy, or similar program).

The only people who need my medical information are my health care providers.

Nope. Just hate-hate.

[bricriu]

How is this a good bill? On the plus side, yeah, we have to give someone permisssion to sell our "critical" data. But who's to say that won't be buried in an EULA?

And as Yahoo! has recently proved, automatically opting people in to recieve spam (since that's what the 2nd part of this legislations basically proposes, after all... they sell your info, you get spam) and making them opt-out leads to people getting bent out of shape. Why should companies get the right to ASSUME that I want to recieve spam from whoever they feel like hawking my info to?

A privacy law with teeth would have opt-ins across the board, and a clause saying that each opt-in must be clearly labelled as such, with no "bundling" of opt-ins implicit in any other action.

Observation

[AntiNorm]

ZDnet is reporting he is proposing a bill for 'net privacy' requiring opt-in agreements when companies want to sell 'sensitive' information (medical history, sexual preference, etc.) and opt-out agreements when selling non-sensitive (buying habits

An interesting observation I just made:

When the data belongs to the consumer, Hollings (D-Disney) wants the data to be copyable. He'd be committing political suicide to not ask for at least some restrictions, so he introduces bills like this. As for the 'non-sensitive' opt-out data, I don't consider opt-out to be a restriction at all. I'll still get the spam, and (especially seeing how email spammers work) it's not exactly easy to trust anybody to honor opt-out requests.

BUT...when the data belongs to a corporation, he doesn't want it to be copyable at all. Witness the DMCA and the SSSCA/CBDTPA.

Now. Try and tell me he isn't biased against consumers and towards corporations.