Slashdot Mirror

← Back to Stories (view on slashdot.org)

Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent (arstechnica.com)

Posted by BeauHD on from the fill-in-the-box dept.

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

136 comments

  1. Consent by Anonymous Coward · · Score: 5, Insightful

    The consent shouldnâ(TM)t be for using or sharing your data, it should be for collecting it in the 1st place

    1. Re:Consent by Anonymous Coward · · Score: 0

      IMHO, only the truly ignorant could be unaware that by signing up for a free service they are implicitly, if not explicitly as written in the TOS, opting-in.

    2. Re:Consent by Anonymous Coward · · Score: 1

      "shouldnâ(TM)t" Congratulation it's 2018 and we have lost the ability to write normal text. While James Burke's connections series is running on the 2nd. screen and is talking about the 500 years old printing press and typesetting.

    3. Re:Consent by Anonymous Coward · · Score: 0

      The consent shouldnâ(TM)t be for using or sharing your data, it should be for collecting it in the 1st place

      Well under the TOS of most of these websites, they tell you they are going to do this and idiots give up all their personal info just the same! Hard to feel sorry for them.

    4. Re:Consent by scdeimos · · Score: 2

      I blame the guy that invented the plough 12,000 years ago.

    5. Re:Consent by MoaDweeb · · Score: 1

      Him and the guy that invented fire will be arraigned next week.

      --
      New Zealanders are well balanced with a chip on each shoulder. One represents Australia, the other the rest of the world
    6. Re:Consent by dohzer · · Score: 1

      Do you mean like that sentence in the Terms and Conditions that you agree to without reading?

    7. Re: Consent by q_e_t · · Score: 1

      There needs to be permission to collect the data to be able to operate a social media service, and creating an account would seem to fulfil your criterion in relation to information volunteered. This is a pretty standard term in existing laws relating to data processing.

    8. Re:Consent by Anonymous Coward · · Score: 0

      It doesn't matter. All websites will just ask you for your consent and all we'll have accomplished is creating yet another annoyance on the web.
      The EU cookie law didn't put a dent in the amount of cookies at all.

    9. Re:Consent by rtb61 · · Score: 1

      No more like the laws governing psychotherapists, you know they can not publish your details. So more in that regard, you start to gather too much data and that data constitutes a potential harm to the individuals psychology via manipulation, would be considered excessive and banned. Pretty much tie all data to what the individual, individually approves, no blanket approvals. Approvals sought and confirmed for all data types and specifically renewed once a year with details provided for what information is already stored and the requirement to delete any non-legally required transactional information at that time.

      --
      Chaos - everything, everywhere, everywhen
    10. Re:Consent by Anonymous Coward · · Score: 0

      Exactly. If you want to use Facebook you have to Opt-In. Want to borrow money, to apply you have to Opt-In. Want to use a credit card somewhere? You've Opt'ed In.
      This bill does absolutely nothing. And I bet there are nice cave outs for political organizations that collect voter data and PACs, because that's how congress does business.

    11. Re:Consent by Sumus+Semper+Una · · Score: 1

      Honest question here: How do you propose being able to use Facebook for people who want to refuse to consent to them collecting their data? Isn't that a bit like telling someone to build a website for you but forbidding them from storing the text you want to display on the pages?

    12. Re:Consent by Anonymous Coward · · Score: 0

      I think they already get consent for collecting the data. (The user's decision to send the data to Facebook, is how Facebook gets it.) I thought the whole Facebook drama was about people not reading the fine print about how it would be used, and so they want a more explicit opt in/out for that part.

      If people seriously suggesting Facebook didn't get users' consent or that it was buried in ToS, I think we have a major honesty problem here.

      Suppose I want your widget. I point at your widget and wave my gadget. "Trade?" I say. At this point, you hand me the widget and I hand you the gadget. People are apparently objecting to the handing-of-the-widget as non-consensual, because the widget-bearer did not first say the word "Yes" in response to the trade offer, and instead, they simply handed it over? Fuck that. If you knowingly hand it over, then you consented, whether you actually said so or not. You sure acted like you consented, since you're the person who made the move to hand it over. That's what's happening with Facebook. People deliberately send the data to Facebook.

      The problem is just that they didn't understand the consequences and now they want backsies. And while normally our policies are that people just have to accept the consequences of their decisions, we're trying to move away from that type of thinking, where people are no longer held responsible for their decisions. It's other peoples' decisions that our society is trying to hold people accountable for.

    13. Re:Consent by slavdude · · Score: 1

      The way the tech companies will get around it is to have an Opt-In checkbox that will be checked by default and buried somewhere in the EULA/TOS, so when users say that they agree to the EULA/TOS without actually having read the legalese, the companies can say that the customers agreed to have their data mined.

    14. Re:Consent by x_t0ken_407 · · Score: 1

      Did you miss this part? Right in TFS?

      Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

    15. Re:Consent by martinfb · · Score: 1

      Absolutely!

      Yet, it'd be interesting to see how this all can be enforced.

      --


      Self-importance and self-indulgence is the root of ALL evil.
  2. Worthless by Anonymous Coward · · Score: 1

    A good effort in principle but ultimately worthless, all websites/apps will do is add "you explicitly consent to allow X" in their TOS and carry on as usual. a firmer action would be to make any TOS that is over 1 A4 page long legally invalid.

    1. Re:Worthless by BradyB · · Score: 4, Informative

      A good effort in principle but ultimately worthless, all websites/apps will do is add "you explicitly consent to allow X" in their TOS and carry on as usual. a firmer action would be to make any TOS that is over 1 A4 page long legally invalid.

      Precisely what I came into here to comment on. You nailed it. No teeth.

      --

      Good is never enough, when you dream of being great!
    2. Re:Worthless by Anonymous Coward · · Score: 0

      From TFS:
      "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

      That would seem to preclude inserting such clauses into their ToS.

    3. Re:Worthless by Anonymous Coward · · Score: 0

      Read the last paragraph of the summary.

    4. Re:Worthless by iamhassi · · Score: 1, Insightful

      Exactly. How can legislators not see that this is worthless? We will have a pop up on every website/app demanding CONSENT and if we click NO the website/app won't let us have access. Congratulations on passing a law to add another pop up to all websites and apps.

      --
      my karma will be here long after I'm gone
    5. Re:Worthless by pak9rabid · · Score: 2, Insightful

      Because they don't care. This is just a song-and-dance to their constituents to look like give a shit.

    6. Re:Worthless by HeckRuler · · Score: 4, Informative

      When you're the minority party in congress you can make a bunch of "good effort" bills that sound great to the voting masses but have no prayer of passing so as to not anger your donors.

      Both sides do it. I'm honestly not sure why we even let minority parties propose bills when the answer is just going to be "haha, no." Even if it was a damn good bill that everyone agreed on, they'd still block it simply so they could propose it themselves. Passing a bill is a good metric on your record. Hell, remember how much they fought over RomneyCare? They'd even fight it on the principle that the other side proposed it.

    7. Re:Worthless by sexconker · · Score: 2

      Reeeeeeeeeeeeeeetaaaaaaaaaaaaaaaaard

      "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

    8. Re: Worthless by denis.goddard · · Score: 1

      No matter what the details of any such legislation, you and I both know it wonâ(TM)t matter one damn to the NSA

    9. Re:Worthless by thomst · · Score: 4, Informative

      iamhassi blathered:

      How can legislators not see that this is worthless? We will have a pop up on every website/app demanding CONSENT and if we click NO the website/app won't let us have access. Congratulations on passing a law to add another pop up to all websites and apps.

      From TFS:

      Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

      If you're going to opine about something, you might want to try knowing what the fuck you're talking about ...

      --
      Check out my novel.
    10. Re:Worthless by burtosis · · Score: 1

      a firmer action would be to make any TOS that is over 1 A4 page long legally invalid. Wouldn't they just use an insanely small font then and call it a win?

    11. Re:Worthless by thomst · · Score: 5, Informative

      pak9rabid snorted:

      Because they don't care. This is just a song-and-dance to their constituents to look like give a shit.

      No. No, it's not.

      First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp. Secondly, there really hasn't been any groundswell of demand for such protections. Most of the outrage has been generated by journalists - some of whom actually do know a little bit about the implications of data breaches.

      More to the point, both Markey and Blumenthal are among the most tech-savvy legislators in Congress. They've both been opponents of restrictions on encryption and the efforts of law enforcement to get Congress to mandate back doors for their convenience. They're both suspicious of stingray cell phone data collection. They genuinely give a damn about their constituents' rights online and off - not because that plays well with voters, but because it's a subject that goes to the heart of Constitutional protections against unjustified government intrusion on individual liberty.

      Oh, and because corporate intrusions on individual privacy are, in the age of AI, potentially an even greater threat to civil liberties, as evidenced by Cambridge Analytica's conveyance of FB users' private information to the ethical black hole that now occupies the Oval Office.

      How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

      --
      Check out my novel.
    12. Re: Worthless by Phydeaux314 · · Score: 1

      Last I checked, the NSA did not run popular large-scale social media web sites...

      --
      Never underestimate the stupidity inherent in all human beings.
    13. Re: Worthless by HeckRuler · · Score: 1

      Right, just "THE PHONE SYSTEM". I hear some people use it to, like, talk to people and stuff. Although I hear even with that massive farm out in Utah, they can still only store 3 days of traffic.

    14. Re: Worthless by Phydeaux314 · · Score: 1

      But... this bill doesn't target phone calls. It targets hosts of web sites. I'm not trying to say the NSA doesn't collect information - they obviously do. I'm saying they don't have any real reason to care about *this* bill, because it doesn't affect their affairs.

      --
      Never underestimate the stupidity inherent in all human beings.
    15. Re:Worthless by Athanasius · · Score: 1

      Indeed, GP shows they didn't even RTFS let alone RTFA.

      However that clause is exactly the part of this proposed bill that I'd be surprised if it survived through to eventually being signed into law.

    16. Re: Worthless by Anonymous Coward · · Score: 0

      As a Markey constituent, you're wrong. I am informed

    17. Re:Worthless by Opportunist · · Score: 1

      I can print any TOS on one A4 page.

      Provided I have a good enough printer with enough resolution, that is...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    18. Re:Worthless by mvdwege · · Score: 1

      How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

      Because it is the kind of fact-free libertard ranting "Tuh Govemment is bad!1!!1!" that appeals to the basement dwelling nerds that resent living under their parents' authority but are too much of a failure to make it out on their own.

      And lots of these losers read Slashdot and ipso facto have mod points.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
    19. Re:Worthless by mvdwege · · Score: 1

      Thank goodness that shit is going to be illegal in the EU soon.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
    20. Re: Worthless by Anonymous Coward · · Score: 0

      Exactly, I listened to part of the hearing, and my thoughts on the privacy outrage, and mistrust of govt whining.. well, then don't allow the damn government to do all the things, with impunity, that you think Facebook did or does.

    21. Re:Worthless by Anonymous Coward · · Score: 0

      corporate intrusions on individual privacy are, in the age of AI, potentially an even greater threat to civil liberties

      Not possible. Only government can actually threaten you with anything. Corporations either provide a service...or don't. They cannot prosecute you, they cannot send cops to your home to no-knock raid you in the middle of the night, they cannot shoot you for "fearing for my(their) life". Only government can do all of those things.

      Any corporation on the planet can collect literally every bit of information about me that they want, they still won't be a bigger threat to my liberty than the cops munching donuts in the police station down the street from my house.

    22. Re:Worthless by Anonymous Coward · · Score: 0

      No, no, no! You don't understand this at all.
      In order to restrict people's freedoms, first you must declare that the "freedom" or "right" exists.
      Right to Privacy -- check
      Next you must declare that this right or freedom is under attack.
      Right to Privacy under attack by nasty websites -- check
      Now you must define exactly what this right or freedom is and write it all down in legalese
      Right to Privacy Bill created -- check
      After that it's simply a matter of having Congress page through the bill to make sure of two things:
      1) It won't cost the US Government a red cent to enforce, but it will cost them plenty to adjudicate.
      2) Someone, somewhere can make a metric ass-ton of cash from the new law.
      Viola! We have a new right.

      Please compare this to the non-existent right to Housing and the kerfuffle over the damaged law ensuring the right to Health Care.

    23. Re: Worthless by HeckRuler · · Score: 1

      Right, which is why the NSA doesn't care and none of this matters to them. Do try and keep up.

    24. Re:Worthless by Anonymous Coward · · Score: 0

      Corporations can buy the laws that will let them send the policemen knocking to tour door or sue into oblivion for whatever reason that suits them.

    25. Re:Worthless by desdinova+216 · · Score: 1

      I would add a minimum text size to that.

    26. Re:Worthless by Gibgezr · · Score: 1

      Except they state: "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

    27. Re:Worthless by Dragonslicer · · Score: 1

      First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp.

      I agree with most of your post, but I somewhat disagree with this part. Markey represents Massachusetts, and there is a pretty large number of intelligent, technically-knowledgeable people there.

    28. Re:Worthless by thomst · · Score: 1

      I asserted:

      First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp.

      Prompting Dragonslicer to observe:

      I agree with most of your post, but I somewhat disagree with this part. Markey represents Massachusetts, and there is a pretty large number of intelligent, technically-knowledgeable people there.

      Obviously including you. (I say "obviously" because you used the appropriate state-of-being verb construction to agree in number with the subject of your final clause. Most people would've used the incorrect "are.")

      The thing is, Markey also represents all the Southies, and other high-school dropouts, near-dropouts, and people who barely managed to obtain their GEDs in Massachusetts. And, Harvard, Yale, and other such institutions notwithstanding, they outnumber you, especially when you consider retirees, most of whom are barely computer literate, much less knowledgeable about the privacy considerations of their online presence.

      I'm not disparaging those folks. I'm just stating a fact: most people, regardless of the state in which they reside, don't know jack shit about online privacy. Nor do they particularly care. It's something of a "where ignorance is bliss, 'tis folly to be wise" situation, and still more of a "What? Me worry?" one.

      Americans, on the whole, are some of the world's most proudly ignorant, incurious people on the planet. You pretty much have to go all the way to Australia to find a bigger bunch of knobs. I mean, we let ourselves be bamboozled into electing an obvious con man as president, after all. (I say "we" here in the collective sense. I certainly didn't vote for that oafish narcissist.) Not wanting to deal with complex, subtle, and more than a little obscure topics is baked into our DNA. In fact, our countrymen, by and large, will resist being educated on such subjects with determined ferocity and unwavering resentment.

      I blame TV for that. Most Americans were reared on it from infancy - and it has trained them to expect any problem, however recondite, to be wrapped up with a neat bow on it inside of a single hour (two at the most), including commercial breaks. It requires no imagination on their part, no broad or deep education, no grasp of subtlety or nuance - not even mere literacy, for the most part. And our public educational system, with its bizzare, cultish devotion to whole-word reading, and the more recent advent of "teaching the test" (thanks to W's "no test left behind" initiative), is pratically designed to churn out reading-averse, uncritical drones by the millions.

      They make great consumers, though ...

      --
      Check out my novel.
    29. Re:Worthless by Desirsar · · Score: 1

      Actually, I could see them offering an opt-out tier of service - limited function, limited bandwidth, and far, far more ads.

    30. Re:Worthless by thomst · · Score: 1

      I confessed:

      How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

      Prompting mvdwege to explain:

      Because it is the kind of fact-free libertard ranting "Tuh Govemment is bad!1!!1!" that appeals to the basement dwelling nerds that resent living under their parents' authority but are too much of a failure to make it out on their own.

      And lots of these losers read Slashdot and ipso facto have mod points.

      You are, of course, correct, sir.

      (I'm certain you were aware that I knew that to begin with, but - taking your .sig into account - posted your explanation anyway, for the edification and amusement of the /. masses. And to bait the bears, obviously ... )

      --
      Check out my novel.
    31. Re:Worthless by thomst · · Score: 1

      I stated:

      corporate intrusions on individual privacy are, in the age of AI, potentially an even greater threat to civil liberties

      Prompting an Anonymous Coward to contradict me, thusly:

      Not possible. Only government can actually threaten you with anything. Corporations either provide a service...or don't. They cannot prosecute you, they cannot send cops to your home to no-knock raid you in the middle of the night, they cannot shoot you for "fearing for my(their) life". Only government can do all of those things.

      Any corporation on the planet can collect literally every bit of information about me that they want, they still won't be a bigger threat to my liberty than the cops munching donuts in the police station down the street from my house.

      I'll break my rule of not responding to ACs this one time, as a public service.

      You fail to grasp the threat.

      First, as we have seen again and again, corporate online databases are not secure. FB allowed Cambridge Analytica to collect tens of millions of its users' information, Equifax permitted black hats to siphon off essentially their entire credit database, including more than enough information on ALL of its users to easily allow anyone willing to pay for that information to steal the identities of most of the adults in the USA, the Impact Team did the same thing to Ashley Madison, obtaining blackmail material on its entire user base. The list goes on and on and ON.

      Second, National Security Letters, FISA warrants, and other deliberately-secret means of prying information on an unlimited number of users out of social media and other online sites - very much including information that would be excluded from traditional search warrants - mean any data collected by AI-driven data miners is freely available to the government you insist is the only credible threat to individual liberty. If social media sites have your data, the FBI can get it - and, if it can, it will.

      Because "terrorists" ...

      --
      Check out my novel.
    32. Re:Worthless by mvdwege · · Score: 1

      I confess I did feel like trolling a little.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
  3. DOA by mikeiver1 · · Score: 1

    This will never happen as there are simply to many of the politicians from both sides on the take from the parties that make billions a year from our stolen/ proffered data. I like the concept but in the end regardless of who controls the government this will never make it out of committee.

    1. Re:DOA by TheGratefulNet · · Score: 0

      well, the R's will butcher it more than the D's will.

      the R's sold us all out with the loss of net-neutrality (plus about a billion other things since the orange idiot has begin his plunder). they are clearly not for 'the people'. never really were, in recent memory.

      the D's are bought and sold, too; but they aren't quite as blatant about selling our privacy. I don't hold much hope, but if any party is going to fix this, its the D and not the R.

      --

      --
      "It is now safe to switch off your computer."
  4. Facebook response: Oh wait, you're serious by rsilvergun · · Score: 2

    let me laugh even harder.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Facebook response: Oh wait, you're serious by AmiMoJo · · Score: 2

      Well they are going to have obey the new European rules that are coming in, or get heavily fined and eventually shut down. So if the US simply adopted very similar rules, it would be as easy for Facebook to comply as adding the US to the list of places where it has to respect privacy.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Take it or leave it. by Anonymous Coward · · Score: 0

    Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

    What if it's required to use the service?

  6. Zuck is cockblocking others to get their share. by ezdiy · · Score: 4, Insightful

    Presumably the bill doesn't cover data already farmed without consent, only further farming from now on.

    It could be argued that FB has farmed as much data as possible already (since its popularity is more or less shrinking now). Zuck's move is "I got mine, now let's make sure nobody else gets hands on it".

    Reminder that this discussion isn't about privacy, but straight competition between data brokers. Massive, and accurate human behavior corpuses, of which FB is one of the largest repository will be monetized in machine learning models soon enough.

    I also wonder if google search will become pay service now, or what?

    1. Re:Zuck is cockblocking others to get their share. by AmiMoJo · · Score: 3

      The EU's GDPR rules cover old data too. These last few months I've been getting emails from companies asking for permission to keep my data on file. If I ignore them (don't give consent) they have to delete that data.

      In fact my own company is scrambling to get all the people on it's spam^H^H^H^H marketing mailing lists to agree to continue receiving emails, otherwise their email addresses have to be scrubbed.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Zuck is cockblocking others to get their share. by Gavagai80 · · Score: 1

      This is about selling/sharing, not collecting. Collection of data will continue same as ever. You can certainly make an argument that it's in the interests of Facebook to stop sharing people's personal info and start protecting their data hoard. That's the approach Google has taken all along -- Google doesn't like to share your info, they like to make advertisers pay to benefit from proprietary Google data that won't be shared with them.

      --
      This space intentionally left blank
    3. Re:Zuck is cockblocking others to get their share. by ezdiy · · Score: 1

      > Collection of data will continue same as ever.

      I didn't read the bill, only TFA summary, and the way I grok it is that sure, they can continue capture data all they want, but it won't longer be useful for arbitrary purpose as it is now. Meaning if the bill passes, and somebody puts scrapped data to some commercial use beyond the scope of the original service, they could be facing class action lawsuit should this come out to light.

      Indeed this looks like 180 pivot into google direction, just more evil. Before the pivot, Facebook threw small scraps via it's API to attract the likes of Tinder, which boosted FB as a platform. Such apps are now facing the bait and switch which was coming all along - now tinder has to obtusely present opt-in forms to the user, or scram. While Facebook can now safely launch their own Tinder clone, with no annoying opt-ins. Gotta hand it to Zuck, the dude is the king of fucking everyone over, while making it look like he has suddenly seen the light, and cares about your privacy.

  7. Why just on-line providers by Anonymous Coward · · Score: 1

    These rules should apply to all businesses (and people) who obtain private information for a particular purpose.

  8. EU and Canada have stronger rights by WillAffleckUW · · Score: 2

    This is, at best, a half measure.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:EU and Canada have stronger rights by Anonymous Coward · · Score: 0

      There are not many things that I admire when I think of the EU, but I do appreciate their consumer data rights.

      It's odd, though. Privacy and yet you can get sent to prison for Pug Nazi. I don't get it...

    2. Re: EU and Canada have stronger rights by bursch-X · · Score: 1

      Welcome to the cognitive dissonance of the New Hypocritic Generationâ

      --
      There are two rules for success:
      1. Never tell everything you know.
    3. Re: EU and Canada have stronger rights by Zontar+The+Mindless · · Score: 1

      Pug Nazis are not very amusing to people who remember real Nazis.

      --
      Il n'y a pas de Planet B.
  9. Make it compatible with the GDPR by markjhood2003 · · Score: 4, Insightful

    The proposed US legislation looks weak compared to the EU General Data Protection Regulation (GDPR). Why should people in the US have weaker protection? Facebook and other data collectors should be required to conform to a GDPR equivalent in the US and North America.

    1. Re:Make it compatible with the GDPR by Anonymous Coward · · Score: 1

      Why should people in the US have weaker protection?

      Greed.

      Facebook and other data collectors should be required to conform to a GDPR equivalent in the US and North America.

      American: "no durn tootin' way some otha' country's gonna tell ME what to do. DON'T TREAD ON ME."

    2. Re:Make it compatible with the GDPR by Anonymous Coward · · Score: 0

      Why should people in the US have weaker protection?

      Because US citizens value is based on their wealth. If you don't have Facebook money you are simply worth less.
      Try to be Facebook rich and you won't have any problems. (It is easier if you have rich parents.)

  10. bets anyone? by Anonymous Coward · · Score: 0

    I know I'm posting as ac here, but still...

    bet both testicles and $20k to $5 this never makes it to the floor for a vote. it's just a gesture to make it look like government works for the Plebeians (net worth less than a few million and not a politician).

    This bill is a freaking joke

    1. Re:bets anyone? by iamhassi · · Score: 1, Insightful

      Are you kidding? Facebook probably wrote the law. It's just a pop up and if you click NO I do not give CONSENT they just won't give you access to Facebook. Great job congress, now we have to give them more permission to steal our data

      --
      my karma will be here long after I'm gone
    2. Re:bets anyone? by Anonymous Coward · · Score: 1

      now we have to give them more permission to steal our data

      Why?

      Because you need to use Facebook? Because you deserve it? You have a right to use it?

      Shit, the nutters are right, we have raised a fucking gibmedat entitlement generation.

    3. Re:bets anyone? by Anonymous Coward · · Score: 0

      Are you kidding? Facebook probably wrote the law. It's just a pop up and if you click NO I do not give CONSENT they just won't give you access to Facebook. Great job congress, now we have to give them more permission to steal our data

      You did not RTFSummary!

              Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

      According to that they would be required to permit access anyway, just not use the data,

    4. Re:bets anyone? by Athanasius · · Score: 1

      I may mostly be looking through the comments to find people who didn't catch that part of the summary. Indeed, the bill as proposed covers this. I'd expect that to be the first clause to be killed in any revisions though.

  11. But then they couldn't compete with ISPs! by pots · · Score: 3, Interesting

    The principle excuse trotted out for stripping away privacy protections from ISPs, was that those protections didn't apply to websites or other tech firms. So protecting peoples' privacy wasn't fair or something... I didn't really follow that argument, but I don't think that was the point. They just needed some nonsense that they could repeat over and over again until some people started to believe it.

    Now we have a bill doing the opposite, I'm interested to see the argument they make in opposition to this one. Granted, since they're not overturning an existing rule they don't need to work as hard in justifying it, so they'll probably just trot out one of their old standbys. Something like: "Regulations bad! Thog smash responsible government!"

    However, I would love it if they just flipped that shit around and went full doublethink on us.

  12. Exceptions are made for high quality acronyms by HeckRuler · · Score: 5, Interesting

    Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act

    Initially I balked at the introduction of a new bullshit term like "edge-provider", but that's a mighty fine acronym.

    And why do online services get specific punishment? Why not apply this to grocery stores? I don't want HyVee telling anyone I buy 10lbs vats of mayonnaise. (don't judge me).

    How about we extend "Browsing history" to the real world. I don't think we want companies tracking and who entered their store and what they looked at. The age of ubiquitous cameras, face-recognition, and customer databases is upon us. With a high enough resolution camera, they could even track where your eyeballs are pointed.

    Do you want a list of everyone who ever entered a gun store? Do you want to see who shops at the thrift-mart AND the ... gucci-emporium? Do you want your health insurance provider to know how often you stop at McDonalds?

    If you're going to squawk at Facebook abusing "customer" data, you might as well take a closer look at the potential abuse of everyone else's databases.

    1. Re:Exceptions are made for high quality acronyms by Ichijo · · Score: 2

      I don't think we want companies tracking and who entered their store and what they looked at.

      That's what exactly salesmen do whenever you walk into a store, only instead of storing the information magnetically, they store it in their own grey matter. But I like your way of thinking--let's ban salesmen!

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    2. Re:Exceptions are made for high quality acronyms by HeckRuler · · Score: 2

      If they develop mentats that can remember a timestamp of every customer that walks in through the door for decades, then YES, that should be addressed.

      But as for now, we should probably acknowledge that computers fundamentally change the nature of the game and keeping databases of everyone's movements turns what was a perfectly normal and more or less unabuseable tidbit of knowledge into the building block of a dystopian nightmare.

      AND, remember, this bill is NOT about what people remember or what databases companies have. It's about them SELLING that information. Otherwise Netflix couldn't suggest movies based on your browsing history, and Amazon could keep track of your purchase history. So you can shove your strawman right up your ass.

    3. Re: Exceptions are made for high quality acronyms by Anonymous Coward · · Score: 0

      When you wrote that you buy "10 gallon bags of mayo" i checked your account name to see if creamy dumpty was back posting under his own account again...
      Bet I'm not the only one.

    4. Re:Exceptions are made for high quality acronyms by kevmeister · · Score: 1

      ... Do you want your health insurance provider to know how often you stop at McDonalds?

      Hey, I stop at McDonald's almost every time I take bike ride. That's usally 3-4 stops a week. I get all the iced tea I want for $1 and no fat or calories. (Well, maybe one or two from the lemon juice I squeeze into it.) With the temperature at 98F (36C) today, I drank quite a bit of tea for my $1 and my insurer would think it's great. Just don't eat anything there!

      And, FWIW, the term "edge" has been standard networking jargon for decades... all the way back to the old ARPANET.

      --
      Kevin Oberman, Network Engineer, Retired
    5. Re:Exceptions are made for high quality acronyms by Zontar+The+Mindless · · Score: 0

      Initially I balked at the introduction of a new bullshit term like "edge-provider", but that's a mighty fine acronym.

      INAA*.

      I don't want HyVee telling anyone I buy 10lbs vats of mayonnaise. (don't judge me).

      I suggest that, next time, you try reversing the order in which you present those two particular fragments.

      *It's Not An Acronym.

      --
      Il n'y a pas de Planet B.
    6. Re: Exceptions are made for high quality acronyms by Anonymous Coward · · Score: 0

      Bet I'm not the only one.

      Bet you're wrong about that. Nobody cares about him except you, apparently.

    7. Re:Exceptions are made for high quality acronyms by HeckRuler · · Score: 1

      CONSENT. The bill is an acronym. They needed an "E".

    8. Re: Exceptions are made for high quality acronyms by Anonymous Coward · · Score: 0

      Back in the 1980s, I knew a Waffle House waitress that got US$500 in tips,on a bad shift. Good shifts were US$1,500+.

      Walk into that Waffle House twice,when she was working, and if your order was the same both times, on the third occasion she'd ask if you wanted your usual, if you were in her seating area. Didn't matter how many years earlier those visits had been.

    9. Re:Exceptions are made for high quality acronyms by Anonymous Coward · · Score: 0

      edge-provider
      https://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/10/31/does-the-fcc-really-not-get-it-about-the-internet/?noredirect=on&utm_term=.02ed3a3e0844

      That article is from 2014, so its not that new of a bullshit term.

    10. Re:Exceptions are made for high quality acronyms by Anonymous Coward · · Score: 0

      Where I live it's becoming more common for even liquor stores to demand an e-mail address. When I refused to give mine to one where I've been a regular customer for years that just instituted such a program they asked for phone number. I told them I didn't know my phone number as I had just gotten a new phone which was bullshit of course although I really had just gotten a 2nd phone and still haven't memorized the number (it's a burner anyway).

      My throwaway email address for such nonsense is way overused.

      They accepted a fake name instead - the same one I use at the marijuana store which also has such a program.

      What's worse some of the liquor stores are outsourcing their loyalty programs with 3rd party vendors. I don't really mind if a store track my purchases at just their store under a made-up name but when they outsource it to 3rd parties that can come up with more complete data on my shopping habits I will object.

      Sure, Amazon has a good picture of my purchases (except for booze and pot) but in that case I've made a conscious decision to trade privacy for convenience. Amazon actually does need a valid address to ship to so they know who I am.

      It's a real problem. For some reason making up a fake name on the fly is hard. You don't want to appear to be thinking too hard about what your own name is and you also want to pick something that sounds plausible and also that you will remember.

      At least one of the "budtenders" at the pot store had the good sense to suggest to customers they could use a pseudonym if they were concerned about privacy.

    11. Re: Exceptions are made for high quality acronyms by No+Longer+an+AC · · Score: 1

      I actually appreciate that kind of service, but such knowledge is limited to that employee who recognizes you by appearance and not by name.

    12. Re: Exceptions are made for high quality acronyms by HeckRuler · · Score: 1

      And the WaffeHouse CEO didn't interrogate her every week for a list of all clients and ordering history so he could sell it.

  13. You left out how incumbent pols also benefit by Anonymous Coward · · Score: 0

    Incumbent politicians also benefit more than challengers from ubiquitous data scraping because they already have more power to influence shady/corrupt social-media decision-makers such as Fuckerburg - making those pols already in power loathe to give that up.

  14. What isn't an edge service? by Cajun+Hell · · Score: 1

    When I read the definition of "edge service" it's suspiciously specific, but [excuse]my imagination is tired right now[/excuse]. What kinds of things are not edge services under this bill? (i.e. Who bought an exemption?)

    --
    "Believe me!" -- Donald Trump
    1. Re:What isn't an edge service? by Anonymous Coward · · Score: 0

      oddly enough, a shave with a straight razor is not considered to be an edge service.

    2. Re:What isn't an edge service? by Rockoon · · Score: 1

      Thats the point. This is how Markey and Blumenthal are paying back to their donors. All the corporations that arent an "edge provider" becomes indemnified with the same stroke of the pen that pretends to be for your benefit.

      --
      "His name was James Damore."
  15. Just another Trump attack by Anonymous Coward · · Score: 0, Troll

    This is just another sideways attack on Trump. It's almost like they didn't know that Facebook makes their money by ads and selling your personal information as it says on their consent form.

    One of Obama's greatest strengths in his 2012 campaign was data driven microtargeting of ads. The republicans weren't able to target nearly as efficiently. There was news at one point of their econometrics system failing altogether. Where did that info come from that the Democrats used so successfully? Many, many sources likely including Facebook.

    This bill is BS.

  16. First Amendment? by mi · · Score: 4, Interesting

    This is, quite literally, an attempt by Congress to make a law limiting the Freedom of Speech: prohibiting them from telling others something they've learned... Learned without any prior promise not to tell others...

    If the Amendment protects the right of newspapers to publish state secrets , why wouldn't it also protect "social media" companies' right to publish our private little ones?

    --
    In Soviet Washington the swamp drains you.
    1. Re:First Amendment? by sexconker · · Score: 3, Insightful

      Try again. This is informing users and requiring them to give that data up willingly int he first place. Currently, Facebook et al rape it out of you surreptitiously.

    2. Re:First Amendment? by fibonacci8 · · Score: 3, Informative

      Signing a digital contract saying that a business may study my information but may not share additional copies with other people doesn't have anything to do with the first amendment issue at all. Nor does the bill outlining civil recourse for businesses failing to provide adequate security to uphold their side of such contract.
      What the bill actually seems to describe: Businesses that obtain information based on a digital contract have a responsibility to maintain adequate security to justify their claims of who they will and will not share that information to. Third parties obtaining information in bad faith are also the responsibility of the business. The Federal Trade Commission is defining some of the terms that apply to such digital contracts and making legal distinctions between some of them. There's more to it than that, but it's Democrat sponsored and it's unlikely to be passed. So I don't recommend anyone actually read it.

      --
      Inheritance is the sincerest form of nepotism.
    3. Re:First Amendment? by Anonymous Coward · · Score: 0

      The First Amendment is not absolute. There are still such things as trade secret laws, NDAs, libel laws, copyright and public safety laws (yelling fire in a crowded theatre, encouraging others to undertake illegal acts etc), all of which have been found to be constitutional.

    4. Re:First Amendment? by Anonymous Coward · · Score: 0

      This is, quite literally, an attempt by Congress to make a law limiting the Freedom of Speech: prohibiting them from telling others something they've learned... Learned without any prior promise not to tell others...

      If the Amendment protects the right of newspapers to publish state secrets , why wouldn't it also protect "social media" companies' right to publish our private little ones?

      Not quite. What these companies do is analogous to stalking. They follow you around as you live your (online) life and note down everywhere you go and everything you do. No one is suggesting preventing the stalker from talking about what he leaned while peeping in your window, what IS being suggested is that maybe he shouldn't be looking in your window in the first place without your explicit consent.

    5. Re:First Amendment? by mi · · Score: 1

      Try again.

      Why, thank you kindly for the encouragement...

      This is informing users and requiring them to give that data up willingly int he first place.

      What does "this" refer to in the quoted sentence? The proposed law? The bill is informing users — and requiring them to do something?

      Currently, Facebook et al rape it out of you surreptitiously.

      The "surreptitious rape" metaphor does not add any clarity to the already convoluted text. Try again, perhaps...

      --
      In Soviet Washington the swamp drains you.
    6. Re:First Amendment? by mi · · Score: 1

      What these companies do is analogous to stalking.

      No, it is not.

      what IS being suggested is that maybe he shouldn't be looking in your window in the first place without your explicit consent.

      First of all, so long as the stalker does not trespass on my property, he is entitled to watch — and record — anything he can see, hear, or otherwise perceive.

      Second, unfortunately, you are 100% wrong. The proposed law, according to both TFA and the write-up, would ban just that — sharing, not collecting:

      Two Democratic US senators today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent.

      There is nothing about collecting data in the proposal, other than informing the customer about the fact of collection.

      There are still such things as trade secret laws, NDAs, libel laws, copyright and public safety laws

      Trade secrets only lower in importance than state secrets — and newspapers are allowed to publish those. NDAs are entered into voluntary — and that's why they have an effect. "Public safety" is bullshit in this context — your very example about "shouting fire" comes from the 100 year old case of a man convicted of arguing against US participation in the WWI! Obviously, if we allow the government to ban speech based on "public safety", we may as well abolish the Amendment entirely.

      So, no, for better or worse, the Amendment does cover "sharing" any and all information a company has with whoever it pleases... Unless, maybe, we are willing to revise that earlier decision...

      --
      In Soviet Washington the swamp drains you.
    7. Re:First Amendment? by Anubis+IV · · Score: 2

      Great question, but this is actually quite similar to existing restrictions on free speech. For instance, according to federal wiretapping laws it’s already illegal in all states to record a private conversation without consent (the question of whose consent is necessary varies from state to state). In a sense, this law is proposing to extend that restriction to various forms of asynchronous communication, rather than just synchronous, real-time communication, ensuring that what you say in “private conversation” to a Facebook or Google stays between the two of you unless you consent for them to share it with others.

      More broadly, while the First Amendment is incredibly important, it’s also important to remember that it has never been universal. Whether it’s shouting “Fire!” in a theater, slandering or libeling a political opponent, swatting an online foe, or falsely claiming that your quack medicine is proven to cure all ailments, we’ve had restrictions on the right to free speech from the every beginning. The fact that we allow state secrets to be published shows you just how important it is, but that doesn’t mean it isn’t without limitations, and that’s a very good thing

    8. Re:First Amendment? by Anonymous Coward · · Score: 0

      ... right of newspapers to publish state secrets ...

      Because the state, for the most part, is public information, or should be.

      ... protect "social media" companies ...

      For the same reason your doctor can't publish the diseases you've had: It's not 'his' facts. The USA spends most of its time pretending that information isn't owned via the 'third-parties have no responsibilities' doctrine. That rule magically disappears when information is created by Columbia, Paramount, Microsoft, Apple and handed to third-parties.

      There's also the 'free speech' rule that one can repeat whatever one knows, excepting 'privileged knowledge' cases such as a medical history, corporate insider dealings and legal proceedings. Non-US countries originally had a right-to-know doctrine which limited the ability to publish private information.

    9. Re: First Amendment? by Anonymous Coward · · Score: 0

      Because there's a difference between the government and the citizen. The government is supposed to be transparent to the people, not the other way around. Private citizens have a right to privacy.

    10. Re:First Amendment? by Phydeaux314 · · Score: 2

      Counterpoint: HIPAA exists, and places limits on speech. California has an extension of it, called CMIA, that goes further. The first amendment is massive, and the supreme court has been very leery of any reductions in its power, but there are a few limits that the court is willing to accept.

      --
      Never underestimate the stupidity inherent in all human beings.
    11. Re:First Amendment? by Anonymous Coward · · Score: 0

      Can newspapers sell state secrets to third parties without consent?

      Because it's not about publishing info, but selling it. So try again, again.

    12. Re:First Amendment? by Anonymous Coward · · Score: 0

      The stalker can record. Selling that content, or even just publishing it, depending on the case, is a different matter.

    13. Re:First Amendment? by mi · · Score: 1

      Subjects to HIPAA promise people to never reveal their secrets to anyone not allowed by the law. It is this promise, that then bars them from disclosing your information... It does impose quite a limitation on this companies — and the cost of proving compliance is non-negligible — but, at least, it is justified by people being compelled to reveal their secrets in order to get medical care.

      There is no such pressure to use "social media". People do that voluntarily.

      Of course, maybe, the Supreme Court's earlier decision regarding newspapers and state secrets was wrong — and it should be possible for Congress to ban distribution of some secrets. But, as long as newspapers can do as they please — including publishing your health history, HIPAA be damned — everyone else ought to have the same right too.

      --
      In Soviet Washington the swamp drains you.
    14. Re:First Amendment? by mi · · Score: 1

      Selling that content, or even just publishing it, depending on the case, is a different matter.

      It is a different matter, and it is protected by the First Amendment. As long as news media can publish anything they choose to, including people's tax-returns and unproven crime-allegations, so can anyone else, "social media" (however defined) included.

      --
      In Soviet Washington the swamp drains you.
    15. Re:First Amendment? by Anonymous Coward · · Score: 0

      This is, quite literally, an attempt by Congress to make a law limiting the Freedom of Speech: prohibiting them from telling others something they've learned... Learned without any prior promise not to tell others...

      If the Amendment protects the right of newspapers to publish state secrets [theatlantic.com], why wouldn't it also protect "social media" companies' right to publish our private little ones?

      Indeed, this is properly something that should be handled under state law. The 1st Amendment only limits Congress: application to the states occurs only to the extent that the 14th Amendment is applicable.

      Of course, the right to privacy arises under the 9th Amendment - and nothing prevents the application of 9th Amendment rights to private entities. Thus, the storage and transmission of private data by non-government entities in violation of the right to privacy is - and has always been - a Bill of Rights violation. The Bill of Rights is a higher legal authority than Congress, and it CAN infringe freedom of speech while Congress can not.

      The Founding Fathers were well aware of the potential threat private organizations and groups could become to individual freedom - it was well established in the Greek and Roman history they carefully studied, and was also something present in their own time (for example, the East India Company, which ruled India and had it's own army and navy). This is why they limited some items in the Bill of Rights to apply only to Congress, while others were more general and had no limitations.

      Actual enforcement against violations of the 9th Amendment right to privacy should be a matter of state law, with cases able to be brought in ANY state where the data is available or the business operates.

      Further, for legal professionals accept general work for any business known to violate fundamental rights (such as the right to privacy) is appropriately viewed as unethical practice of law, and a violation of the legal professional's oath to uphold the law (the right to ethical practice of law also arises under the 9th Amendment). The same would apply to accepting general work on behalf executives of such businesses, or majority owners, so long as their is a reasonable possibility that the individuals involved are complicit in the policies leading to the violation of fundamental rights. I suppose we could exclude some things, such as defence against criminal charges, but aside from that no long term relationship should be maintained as long as a business is violating fundamental rights.

  17. File sharing by ebonum · · Score: 2

    Once something digital is out of your control it is gone. Everything from electronic medical records to the new AC/DC cd. Gone. Trying to regulate it into a box is futile. Collecting, copying, storing, sending costs almost nothing. No barrier. Everything will eventually be leaked or hacked.
    The answer is to keep the electronic records/data from being created in the first place (offline storage= very very good). That means someone like me will never use or touch Facebook and will block every IP address connected to Facebook. Even if that means I can't watch a few videos.

    1. Re:File sharing by burtosis · · Score: 2

      My favorite part today was the "we asked CA to delete data and they said they did at which point we considered the matter closed". As if the data couldn't be copied and sent around the world within the space of just his response. The very notion that you ever could get all copies of the data back is fanciful beyond belief.

  18. Payment Gateways by Anonymous Coward · · Score: 0

    How will this work with eCommerce websites using PayPal checkout (or Stripe, or Moneris, or...)?

    Users/Customers are stupid, they have no idea how it all works. Are we going to need to add notices explaining how payment gateways work to checkout pages for US customers? How will this affect conversions/sales? Customers will not understand, be scared off, and will just go to Amazon instead (probably why this legislation is being proposed, like most law, it is likely bought and paid for).

    Politicians should not be allowed anywhere near this. They are not qualified to draft such legislation.

  19. How it will go down... by burtosis · · Score: 4, Insightful

    Senator: Do you even understand how serious the data privacy breach is here? It's almost as if your entire business model is simply selling private data to anyone for any reason regardless of user settings. If Facebook doesn't get it together we will regulate each and every one of your competitors into bankruptcy! Are you even listening to us Mr. Zuckerberg?

  20. And how would it be enforced? by RightwingNutjob · · Score: 0

    Would every website with user profiles be required to pay for a privacy monitor to be stationed at their offices and datacenters, same way commercial fishermen have to pay for compliance officers to monitor their catches?

  21. Frauds by Anonymous Coward · · Score: 0

    This is a neat trick to get techs running to fill the dems reelection coffers!

  22. The Most Important Thing! by Anonymous Coward · · Score: 0

    Truly great legislation needs a cutesy acronym. But it's too bad they can't call it Little Billy's Law or something with real bathos.

  23. like that's going to make a difference by ooloorie · · Score: 1

    Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent

    This will end up being some variant of: "You want to see hot naked girls? We'll even share your stats with them, you gorgeous hunk! Just click OK!"

  24. Payment Gateways by Anonymous Coward · · Score: 0

    How will this work with eCommerce websites using PayPal checkout (or Stripe, or Moneris, or...)?

    Users/Customers have no idea how it all works. Are we going to need to add notices explaining how payment gateways work to checkout pages for US customers? How will this affect conversions/sales? Customers will not understand, be scared off, and will just go to Amazon instead (probably why this legislation is being proposed, like most law, it is likely bought and paid for).

    Politicians should not be allowed anywhere near this. They are not qualified to draft such legislation.

  25. Will this apply to the Governments? by I75BJC · · Score: 1

    Local Governments, State Governments, Federal Governments all gather information in the USA. These Governments ALL Sell this information to Business. Will this Bill stop the Governments from sharing PII and HIPPA information without an Opt-In decision from the persons/citizens? If not, this Bill is a publicity stunt!

  26. Re:Stupid fucking Democrats by Anonymous Coward · · Score: 0

    fuck off ivan

  27. Like Email by wolfheart111 · · Score: 1

    The double opt in... how well did that work?

    --
    [($)]
  28. Website Popup by Anonymous Coward · · Score: 0

    Privacy Policy:
    You don't have any.
    Click OK to continue.

  29. Isn't this the same as the GDPR ? by Anonymous Coward · · Score: 0

    See https://www.eugdpr.org/

  30. Change the economy of data collection. by dweller_below · · Score: 4, Interesting

    Attempts to legislatively say: "Thou Shalt NOT" will probably be ineffective when the underlying economy strongly favors collecting, storing, and using private information.

    The most effective legal protections against invasive data collection are to change the economy of personal information. This sounds harsh and invasive, but it may be the only workable protection from widespread privacy threats and manipulation.

    • 1st, we need to increase the expense of collecting and storing personal data.
    • 2nd, we need to decrease the value of using personal data.

    For example, we can increase the expense of collecting, storing and exchanging personal data by:

    • * Require accurate tracking information on the collection, storage and exchange of personal data. This should include identifying information for every entity that handled the data. This should be coupled with large mandatory fines for any data that is missing past transaction history. Currently, data brokers have low overhead and bear no responsibility for their behavior. They are selling goods worth billions. Their activity should be tracked as completely as credit card transactions. Requiring accurate documentation of the personal data marketplace will increase the expense of reselling personal data.
    • * Impose aggressive taxes on collected, stored and exchanged personal information. It obviously has value. It is a major asset of Google and Facebook. It should be taxed like real estate or an economic transaction. The higher the taxes, the less incentive to collect, store and exchange personal information.
    • * Forbid exporting personal information from the country of origin. If an entity wishes to collect, store, or exchange personal information, they must do it in the country of origin.
    • * Add more teeth to "data breach" legislation. Remove any "due diligence" protection. Impose mandatory fines for data breach. Fines should be based on the number and severity of personal "facts". The higher the fines, the less incentive to collect and store personal information.
    • * Impose full breach liability on every upstream entity in the data collection stream. Currently, data collectors and brokers get rich by selling to a wide market and experiencing no liability. Imposing liability for the behavior of down-stream purchasers of personal data will greatly increase the expense of collecting, storing and exchanging personal data.

    Then we must work to harden our society against the manipulative effects of collected personal data. This is a continual challenge. Things we might consider include:

    • * Require search engines and social media to unmistakably indicate if we are viewing "Relevant, tailored for us illusion" or "Consensus Reality".
    • * Consistently penalize search engines and social media when they inaccurately represent "Consensus Reality"
    • * Require search engines and social media to provide a simple, always on-screen method to easily switch between "Relevant, tailored for us illusion" or "Consensus Reality".
    • * Impose meaningful, effective restrictions on our government's ability to attempt to manipulate "Consensus Reality"
    • * Require our government to protect it's citizens from other government's or corporation's attempts to manipulate "Consensus Reality"
    • * Impose mandatory penalties on the enabling parties for every occurrence of identity theft. This means penalize the banks, the credit reporting agencies, and even the IRS. If identity theft occurred, then their process must have immediate, corrective feedback.
    • * Require multi-factor authentication when authenticating to critical resources.
    • * Educate our society that biometrics might be identifiers, but should never be an authentifier.

    Ultimately, dealing with the problem of privacy abuse and invasive data collection will take much more than a legislative "Thou Shalt Not".

    1. Re: Change the economy of data collection. by Anonymous Coward · · Score: 0

      Forget consensus reality.

      If there is a data breach, each non-employees whose data is breached, recieves 1,000 KrugerRands plus interest compounded at 40% per annum, on the average daily balance of the previous 180 days, with the due date being the date of the initial breach. That is a minimum of 1.01 KR per day in interest. Payment is to be physically made to the no-employee.

  31. Too little and too late by skovnymfe · · Score: 1

    Too little and too late. If it ever becomes law, it will change nothing.

  32. Take it or leave it by Daralantan · · Score: 1

    Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

    My first thought was "Here comes the TOS people have to sign to use the service. And this will be buried in the middle of millions of pages somehow."

  33. Slipery slope by Anonymous Coward · · Score: 0

    I am American and many people are saying that making privacy a right will hurt the economy and should not happen.

  34. What a sick joke by Anonymous Coward · · Score: 0

    First, these jokers get grandiose and call it a bill of rights. Next they limit it to "edge" providers so "non-edge" providers (ATT etc) aren't regulated. Then they allow the collection and only limit the distribution.

    What a sick joke.

    All we need is some basic protections. All we need is some actual representation in our government. The foul corruption is plain as day.

  35. As is typical by kilodelta · · Score: 1

    It takes legislators years to tumble to the fact that something is out of control.

  36. What about the NSA etc? by Anonymous Coward · · Score: 0

    If we're discussing a "Privacy Bill of Rights" then let's get real about it. Congress needs to grow a pair and address the 4th Amendment violations happening as proven in the Snowden leaks. Also regulating data miners like Facebook is a good idea, but let's not forget the 1000lb monster in the corner.

  37. great idea...maybe by autlycus · · Score: 1

    I think this is a great idea, as long as no government institution is exempted.

  38. Joke by Anonymous Coward · · Score: 0

    It's a joke. Everyone already opts in when they agree to EULA or privacy notice. This law will change nothing, because nearly everyone will still thoughtlessly opt in.

    Opt in is not the answer. It might be an answer for spam emails or texts, but not for this. Data collection needs to have laws saying EXACTLY what is permitted and what is forbidden. Not "informed" decision-making that is really a no-op.

    1. Re: Joke by Anonymous Coward · · Score: 0

      Informed permission is extremely difficult.

      If the court rules "informed consent" legally means "fully informed consent", then you can rest assured that none of the edge network providers will get it right.

      That coupled with the prohibition of "take it or leave it" clauses, means that the court cases will be expensive --a minimum of US$2,000,000 per day, per side,that court is in session.

  39. I have an essay on this topic now by yuhong · · Score: 1

    http://yuhongbao.blogspot.ca/2...

  40. Sauce, goose, gander by eric_harris_76 · · Score: 1

    How about having something similar for the information that the government gathers -- without the person's consent -- for one purpose that is used for another?

    And don't say it never happens. Here's some reminders of one especially awful one. Census Bureau. Japanese. FDR. Internment camps.

    And simple failure to safeguard information. Sensitive personal information about me is now in China, thanks to the federal government's failure. And of millions of others, of course.

    --
    There's no time like the present. Well, the past used to be.