Obama May Toughen Internet Privacy Rules

CWmike writes "The Obama administration is considering plans to step up policing of Internet privacy issues and to establish a new position to direct the effort, reports the WSJ, which cites unnamed sources. Any push for stronger federal oversight over online privacy is likely to be welcomed by privacy advocates increasingly concerned about the data-collection and data-sharing practices of big Internet and marketing companies. High profile cases such as the uproar over Facebook's personal data collection habits and the public reaction to Google's continuing problems over its Street View Wi-Fi snooping have created a broader awareness of online privacy issues. The big question, though, is just how successful any fresh attempt at enforcing new privacy strictures on the Internet will be with Republicans soon to be in charge of the House."

What we really need is punishment for violation

[gurps_npc]

Right now, when your privacy is violated, they say "My bad" and keep on going. We need a law that says something like: 1. For violating all non-medical, non-sexual privacy, (revealing Social Security information, bank account information, phone numbers, etc.) each incident costs the violater $100 fine per person 2. For violating medical privacy, each incident costs the violater $800 fine per person 3. For violating sexual privacy, each incident costs the violater $5,000 fine per person Having the fines go to the EFF (to avoid spurious lawsuits) This would be in addition to the legal right to sue for damages.

My Privacy Anecdote

[BJ_Covert_Action]

So, that's nice that the government wants to crack down on sites like Facebook, but I think there are data mining things going on that most folk (even some on slashdot) are unaware of. For instance, awhile back I decided to switch my car insurance policy from company A to company B. When I contacted company B and had them quote me a rate, they said there was an at-fault accident on my record that shouldn't have been there. I asked them where they got that information because my DMV record was clean. They explained that they got their info. from a third party company that gets that kind of information from DMV. They told me I could contact the company to have the accident removed from my record, as there seemed to be no problem with the insurance company disputing the alleged incident (in other words, I am not paying for the accident). Well, I did some Googling and internet browsing and found the company. They list themselves as a data aggregation company (one that I had never heard of) that will sell information to any party interested (information like my personal driving record). There was a whole process you could go through to "opt-out" of their aggregation service, effectively limiting them from collecting information on you. I started the process which involved a few forms asking for personal information. Not wanting to give this company much more information, I just decided to call them instead.

I talked to a customer service rep. and they helped me get though the opt-out process without giving up much more in the way of personal info. The rep. quipped, however, that my efforts were pretty futile because there were countless other companies providing the same services. So I asked for those company names and, sure enough, eventually found their web presence with similar business-descriptions and opt-out policies. All of this data aggregation was happening unbeknown to myself and probably most folk that are not in the car insurance industry. Many of them had outdated records (they only mine DMV so often), and showed various false information about my driving record in their records. This was the info. that would be used to analyze my driving habits for insurance rates. All in all, it was breathtaking how flawed and vast this info. gathering network was.

So, long story short, the privacy thing goes a lot deeper than Facebook. Frankly, I have a Facebook profile and I couldn't give a damn about my privacy settings on there (I never want to work for someone that takes things I say on a site like Facebook seriously). What I do give a damn about is companies that turn a profit off of data-mining me without my permission (I NEVER requested any of these company's services, why the hell do they have the right to gather a profile on me?)

Anyways, I would much prefer to see legislation regarding issues like mine rather than crap directed at Facebook or Google. Either way, it was a few months back that I went through all of this and I forget the name of the first company I contacted. I think I still have it written on a post-it note at home. I'll try to find it and dig it up to post in a response to this message later.

Google broke privacy laws

[Vainglorious+Coward]

Actually, where I live, the collection of personal information is regulated by law, and Google is/was in flagrant violation of that law. It doesn't matter that the data was available in the clear, over the air : personal data is protected by law, and hand-waving excuses about technical errors or artifacts of collection process are irrelevant. I realise that the US has no proper privacy laws, but many other places (and all other industrialised nations) do have such legislation. Google simply ignored those laws, which is why they were called to task by the Canadian Privacy Commissioner and EU data regulators.