Slashdot Mirror

← Back to Stories (view on slashdot.org)

Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent (arstechnica.com)

Posted by BeauHD on from the fill-in-the-box dept.

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

85 of 136 comments (clear)

  1. Consent by Anonymous Coward · · Score: 5, Insightful

    The consent shouldnâ(TM)t be for using or sharing your data, it should be for collecting it in the 1st place

    1. Re:Consent by Anonymous Coward · · Score: 1

      "shouldnâ(TM)t" Congratulation it's 2018 and we have lost the ability to write normal text. While James Burke's connections series is running on the 2nd. screen and is talking about the 500 years old printing press and typesetting.

    2. Re:Consent by scdeimos · · Score: 2

      I blame the guy that invented the plough 12,000 years ago.

    3. Re:Consent by MoaDweeb · · Score: 1

      Him and the guy that invented fire will be arraigned next week.

      --
      New Zealanders are well balanced with a chip on each shoulder. One represents Australia, the other the rest of the world
    4. Re:Consent by dohzer · · Score: 1

      Do you mean like that sentence in the Terms and Conditions that you agree to without reading?

    5. Re: Consent by q_e_t · · Score: 1

      There needs to be permission to collect the data to be able to operate a social media service, and creating an account would seem to fulfil your criterion in relation to information volunteered. This is a pretty standard term in existing laws relating to data processing.

    6. Re:Consent by rtb61 · · Score: 1

      No more like the laws governing psychotherapists, you know they can not publish your details. So more in that regard, you start to gather too much data and that data constitutes a potential harm to the individuals psychology via manipulation, would be considered excessive and banned. Pretty much tie all data to what the individual, individually approves, no blanket approvals. Approvals sought and confirmed for all data types and specifically renewed once a year with details provided for what information is already stored and the requirement to delete any non-legally required transactional information at that time.

      --
      Chaos - everything, everywhere, everywhen
    7. Re:Consent by Sumus+Semper+Una · · Score: 1

      Honest question here: How do you propose being able to use Facebook for people who want to refuse to consent to them collecting their data? Isn't that a bit like telling someone to build a website for you but forbidding them from storing the text you want to display on the pages?

    8. Re:Consent by slavdude · · Score: 1

      The way the tech companies will get around it is to have an Opt-In checkbox that will be checked by default and buried somewhere in the EULA/TOS, so when users say that they agree to the EULA/TOS without actually having read the legalese, the companies can say that the customers agreed to have their data mined.

    9. Re:Consent by x_t0ken_407 · · Score: 1

      Did you miss this part? Right in TFS?

      Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

    10. Re:Consent by martinfb · · Score: 1

      Absolutely!

      Yet, it'd be interesting to see how this all can be enforced.

      --


      Self-importance and self-indulgence is the root of ALL evil.
  2. Worthless by Anonymous Coward · · Score: 1

    A good effort in principle but ultimately worthless, all websites/apps will do is add "you explicitly consent to allow X" in their TOS and carry on as usual. a firmer action would be to make any TOS that is over 1 A4 page long legally invalid.

    1. Re:Worthless by BradyB · · Score: 4, Informative

      A good effort in principle but ultimately worthless, all websites/apps will do is add "you explicitly consent to allow X" in their TOS and carry on as usual. a firmer action would be to make any TOS that is over 1 A4 page long legally invalid.

      Precisely what I came into here to comment on. You nailed it. No teeth.

      --

      Good is never enough, when you dream of being great!
    2. Re:Worthless by iamhassi · · Score: 1, Insightful

      Exactly. How can legislators not see that this is worthless? We will have a pop up on every website/app demanding CONSENT and if we click NO the website/app won't let us have access. Congratulations on passing a law to add another pop up to all websites and apps.

      --
      my karma will be here long after I'm gone
    3. Re:Worthless by pak9rabid · · Score: 2, Insightful

      Because they don't care. This is just a song-and-dance to their constituents to look like give a shit.

    4. Re:Worthless by HeckRuler · · Score: 4, Informative

      When you're the minority party in congress you can make a bunch of "good effort" bills that sound great to the voting masses but have no prayer of passing so as to not anger your donors.

      Both sides do it. I'm honestly not sure why we even let minority parties propose bills when the answer is just going to be "haha, no." Even if it was a damn good bill that everyone agreed on, they'd still block it simply so they could propose it themselves. Passing a bill is a good metric on your record. Hell, remember how much they fought over RomneyCare? They'd even fight it on the principle that the other side proposed it.

    5. Re:Worthless by sexconker · · Score: 2

      Reeeeeeeeeeeeeeetaaaaaaaaaaaaaaaaard

      "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

    6. Re: Worthless by denis.goddard · · Score: 1

      No matter what the details of any such legislation, you and I both know it wonâ(TM)t matter one damn to the NSA

    7. Re:Worthless by thomst · · Score: 4, Informative

      iamhassi blathered:

      How can legislators not see that this is worthless? We will have a pop up on every website/app demanding CONSENT and if we click NO the website/app won't let us have access. Congratulations on passing a law to add another pop up to all websites and apps.

      From TFS:

      Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

      If you're going to opine about something, you might want to try knowing what the fuck you're talking about ...

      --
      Check out my novel.
    8. Re:Worthless by burtosis · · Score: 1

      a firmer action would be to make any TOS that is over 1 A4 page long legally invalid. Wouldn't they just use an insanely small font then and call it a win?

    9. Re:Worthless by thomst · · Score: 5, Informative

      pak9rabid snorted:

      Because they don't care. This is just a song-and-dance to their constituents to look like give a shit.

      No. No, it's not.

      First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp. Secondly, there really hasn't been any groundswell of demand for such protections. Most of the outrage has been generated by journalists - some of whom actually do know a little bit about the implications of data breaches.

      More to the point, both Markey and Blumenthal are among the most tech-savvy legislators in Congress. They've both been opponents of restrictions on encryption and the efforts of law enforcement to get Congress to mandate back doors for their convenience. They're both suspicious of stingray cell phone data collection. They genuinely give a damn about their constituents' rights online and off - not because that plays well with voters, but because it's a subject that goes to the heart of Constitutional protections against unjustified government intrusion on individual liberty.

      Oh, and because corporate intrusions on individual privacy are, in the age of AI, potentially an even greater threat to civil liberties, as evidenced by Cambridge Analytica's conveyance of FB users' private information to the ethical black hole that now occupies the Oval Office.

      How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

      --
      Check out my novel.
    10. Re: Worthless by Phydeaux314 · · Score: 1

      Last I checked, the NSA did not run popular large-scale social media web sites...

      --
      Never underestimate the stupidity inherent in all human beings.
    11. Re: Worthless by HeckRuler · · Score: 1

      Right, just "THE PHONE SYSTEM". I hear some people use it to, like, talk to people and stuff. Although I hear even with that massive farm out in Utah, they can still only store 3 days of traffic.

    12. Re: Worthless by Phydeaux314 · · Score: 1

      But... this bill doesn't target phone calls. It targets hosts of web sites. I'm not trying to say the NSA doesn't collect information - they obviously do. I'm saying they don't have any real reason to care about *this* bill, because it doesn't affect their affairs.

      --
      Never underestimate the stupidity inherent in all human beings.
    13. Re:Worthless by Athanasius · · Score: 1

      Indeed, GP shows they didn't even RTFS let alone RTFA.

      However that clause is exactly the part of this proposed bill that I'd be surprised if it survived through to eventually being signed into law.

    14. Re:Worthless by Opportunist · · Score: 1

      I can print any TOS on one A4 page.

      Provided I have a good enough printer with enough resolution, that is...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    15. Re:Worthless by mvdwege · · Score: 1

      How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

      Because it is the kind of fact-free libertard ranting "Tuh Govemment is bad!1!!1!" that appeals to the basement dwelling nerds that resent living under their parents' authority but are too much of a failure to make it out on their own.

      And lots of these losers read Slashdot and ipso facto have mod points.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
    16. Re:Worthless by mvdwege · · Score: 1

      Thank goodness that shit is going to be illegal in the EU soon.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
    17. Re: Worthless by HeckRuler · · Score: 1

      Right, which is why the NSA doesn't care and none of this matters to them. Do try and keep up.

    18. Re:Worthless by desdinova+216 · · Score: 1

      I would add a minimum text size to that.

    19. Re:Worthless by Gibgezr · · Score: 1

      Except they state: "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

    20. Re:Worthless by Dragonslicer · · Score: 1

      First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp.

      I agree with most of your post, but I somewhat disagree with this part. Markey represents Massachusetts, and there is a pretty large number of intelligent, technically-knowledgeable people there.

    21. Re:Worthless by thomst · · Score: 1

      I asserted:

      First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp.

      Prompting Dragonslicer to observe:

      I agree with most of your post, but I somewhat disagree with this part. Markey represents Massachusetts, and there is a pretty large number of intelligent, technically-knowledgeable people there.

      Obviously including you. (I say "obviously" because you used the appropriate state-of-being verb construction to agree in number with the subject of your final clause. Most people would've used the incorrect "are.")

      The thing is, Markey also represents all the Southies, and other high-school dropouts, near-dropouts, and people who barely managed to obtain their GEDs in Massachusetts. And, Harvard, Yale, and other such institutions notwithstanding, they outnumber you, especially when you consider retirees, most of whom are barely computer literate, much less knowledgeable about the privacy considerations of their online presence.

      I'm not disparaging those folks. I'm just stating a fact: most people, regardless of the state in which they reside, don't know jack shit about online privacy. Nor do they particularly care. It's something of a "where ignorance is bliss, 'tis folly to be wise" situation, and still more of a "What? Me worry?" one.

      Americans, on the whole, are some of the world's most proudly ignorant, incurious people on the planet. You pretty much have to go all the way to Australia to find a bigger bunch of knobs. I mean, we let ourselves be bamboozled into electing an obvious con man as president, after all. (I say "we" here in the collective sense. I certainly didn't vote for that oafish narcissist.) Not wanting to deal with complex, subtle, and more than a little obscure topics is baked into our DNA. In fact, our countrymen, by and large, will resist being educated on such subjects with determined ferocity and unwavering resentment.

      I blame TV for that. Most Americans were reared on it from infancy - and it has trained them to expect any problem, however recondite, to be wrapped up with a neat bow on it inside of a single hour (two at the most), including commercial breaks. It requires no imagination on their part, no broad or deep education, no grasp of subtlety or nuance - not even mere literacy, for the most part. And our public educational system, with its bizzare, cultish devotion to whole-word reading, and the more recent advent of "teaching the test" (thanks to W's "no test left behind" initiative), is pratically designed to churn out reading-averse, uncritical drones by the millions.

      They make great consumers, though ...

      --
      Check out my novel.
    22. Re:Worthless by Desirsar · · Score: 1

      Actually, I could see them offering an opt-out tier of service - limited function, limited bandwidth, and far, far more ads.

    23. Re:Worthless by thomst · · Score: 1

      I confessed:

      How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

      Prompting mvdwege to explain:

      Because it is the kind of fact-free libertard ranting "Tuh Govemment is bad!1!!1!" that appeals to the basement dwelling nerds that resent living under their parents' authority but are too much of a failure to make it out on their own.

      And lots of these losers read Slashdot and ipso facto have mod points.

      You are, of course, correct, sir.

      (I'm certain you were aware that I knew that to begin with, but - taking your .sig into account - posted your explanation anyway, for the edification and amusement of the /. masses. And to bait the bears, obviously ... )

      --
      Check out my novel.
    24. Re:Worthless by thomst · · Score: 1

      I stated:

      corporate intrusions on individual privacy are, in the age of AI, potentially an even greater threat to civil liberties

      Prompting an Anonymous Coward to contradict me, thusly:

      Not possible. Only government can actually threaten you with anything. Corporations either provide a service...or don't. They cannot prosecute you, they cannot send cops to your home to no-knock raid you in the middle of the night, they cannot shoot you for "fearing for my(their) life". Only government can do all of those things.

      Any corporation on the planet can collect literally every bit of information about me that they want, they still won't be a bigger threat to my liberty than the cops munching donuts in the police station down the street from my house.

      I'll break my rule of not responding to ACs this one time, as a public service.

      You fail to grasp the threat.

      First, as we have seen again and again, corporate online databases are not secure. FB allowed Cambridge Analytica to collect tens of millions of its users' information, Equifax permitted black hats to siphon off essentially their entire credit database, including more than enough information on ALL of its users to easily allow anyone willing to pay for that information to steal the identities of most of the adults in the USA, the Impact Team did the same thing to Ashley Madison, obtaining blackmail material on its entire user base. The list goes on and on and ON.

      Second, National Security Letters, FISA warrants, and other deliberately-secret means of prying information on an unlimited number of users out of social media and other online sites - very much including information that would be excluded from traditional search warrants - mean any data collected by AI-driven data miners is freely available to the government you insist is the only credible threat to individual liberty. If social media sites have your data, the FBI can get it - and, if it can, it will.

      Because "terrorists" ...

      --
      Check out my novel.
    25. Re:Worthless by mvdwege · · Score: 1

      I confess I did feel like trolling a little.

      --
      "I know I will be modded down for this": where's the option '-1, Asking for it'?
  3. DOA by mikeiver1 · · Score: 1

    This will never happen as there are simply to many of the politicians from both sides on the take from the parties that make billions a year from our stolen/ proffered data. I like the concept but in the end regardless of who controls the government this will never make it out of committee.

  4. Facebook response: Oh wait, you're serious by rsilvergun · · Score: 2

    let me laugh even harder.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Facebook response: Oh wait, you're serious by AmiMoJo · · Score: 2

      Well they are going to have obey the new European rules that are coming in, or get heavily fined and eventually shut down. So if the US simply adopted very similar rules, it would be as easy for Facebook to comply as adding the US to the list of places where it has to respect privacy.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. Zuck is cockblocking others to get their share. by ezdiy · · Score: 4, Insightful

    Presumably the bill doesn't cover data already farmed without consent, only further farming from now on.

    It could be argued that FB has farmed as much data as possible already (since its popularity is more or less shrinking now). Zuck's move is "I got mine, now let's make sure nobody else gets hands on it".

    Reminder that this discussion isn't about privacy, but straight competition between data brokers. Massive, and accurate human behavior corpuses, of which FB is one of the largest repository will be monetized in machine learning models soon enough.

    I also wonder if google search will become pay service now, or what?

    1. Re:Zuck is cockblocking others to get their share. by AmiMoJo · · Score: 3

      The EU's GDPR rules cover old data too. These last few months I've been getting emails from companies asking for permission to keep my data on file. If I ignore them (don't give consent) they have to delete that data.

      In fact my own company is scrambling to get all the people on it's spam^H^H^H^H marketing mailing lists to agree to continue receiving emails, otherwise their email addresses have to be scrubbed.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Zuck is cockblocking others to get their share. by Gavagai80 · · Score: 1

      This is about selling/sharing, not collecting. Collection of data will continue same as ever. You can certainly make an argument that it's in the interests of Facebook to stop sharing people's personal info and start protecting their data hoard. That's the approach Google has taken all along -- Google doesn't like to share your info, they like to make advertisers pay to benefit from proprietary Google data that won't be shared with them.

      --
      This space intentionally left blank
    3. Re:Zuck is cockblocking others to get their share. by ezdiy · · Score: 1

      > Collection of data will continue same as ever.

      I didn't read the bill, only TFA summary, and the way I grok it is that sure, they can continue capture data all they want, but it won't longer be useful for arbitrary purpose as it is now. Meaning if the bill passes, and somebody puts scrapped data to some commercial use beyond the scope of the original service, they could be facing class action lawsuit should this come out to light.

      Indeed this looks like 180 pivot into google direction, just more evil. Before the pivot, Facebook threw small scraps via it's API to attract the likes of Tinder, which boosted FB as a platform. Such apps are now facing the bait and switch which was coming all along - now tinder has to obtusely present opt-in forms to the user, or scram. While Facebook can now safely launch their own Tinder clone, with no annoying opt-ins. Gotta hand it to Zuck, the dude is the king of fucking everyone over, while making it look like he has suddenly seen the light, and cares about your privacy.

  6. Why just on-line providers by Anonymous Coward · · Score: 1

    These rules should apply to all businesses (and people) who obtain private information for a particular purpose.

  7. EU and Canada have stronger rights by WillAffleckUW · · Score: 2

    This is, at best, a half measure.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re: EU and Canada have stronger rights by bursch-X · · Score: 1

      Welcome to the cognitive dissonance of the New Hypocritic Generationâ

      --
      There are two rules for success:
      1. Never tell everything you know.
    2. Re: EU and Canada have stronger rights by Zontar+The+Mindless · · Score: 1

      Pug Nazis are not very amusing to people who remember real Nazis.

      --
      Il n'y a pas de Planet B.
  8. Make it compatible with the GDPR by markjhood2003 · · Score: 4, Insightful

    The proposed US legislation looks weak compared to the EU General Data Protection Regulation (GDPR). Why should people in the US have weaker protection? Facebook and other data collectors should be required to conform to a GDPR equivalent in the US and North America.

    1. Re:Make it compatible with the GDPR by Anonymous Coward · · Score: 1

      Why should people in the US have weaker protection?

      Greed.

      Facebook and other data collectors should be required to conform to a GDPR equivalent in the US and North America.

      American: "no durn tootin' way some otha' country's gonna tell ME what to do. DON'T TREAD ON ME."

  9. Re:bets anyone? by iamhassi · · Score: 1, Insightful

    Are you kidding? Facebook probably wrote the law. It's just a pop up and if you click NO I do not give CONSENT they just won't give you access to Facebook. Great job congress, now we have to give them more permission to steal our data

    --
    my karma will be here long after I'm gone
  10. But then they couldn't compete with ISPs! by pots · · Score: 3, Interesting

    The principle excuse trotted out for stripping away privacy protections from ISPs, was that those protections didn't apply to websites or other tech firms. So protecting peoples' privacy wasn't fair or something... I didn't really follow that argument, but I don't think that was the point. They just needed some nonsense that they could repeat over and over again until some people started to believe it.

    Now we have a bill doing the opposite, I'm interested to see the argument they make in opposition to this one. Granted, since they're not overturning an existing rule they don't need to work as hard in justifying it, so they'll probably just trot out one of their old standbys. Something like: "Regulations bad! Thog smash responsible government!"

    However, I would love it if they just flipped that shit around and went full doublethink on us.

  11. Exceptions are made for high quality acronyms by HeckRuler · · Score: 5, Interesting

    Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act

    Initially I balked at the introduction of a new bullshit term like "edge-provider", but that's a mighty fine acronym.

    And why do online services get specific punishment? Why not apply this to grocery stores? I don't want HyVee telling anyone I buy 10lbs vats of mayonnaise. (don't judge me).

    How about we extend "Browsing history" to the real world. I don't think we want companies tracking and who entered their store and what they looked at. The age of ubiquitous cameras, face-recognition, and customer databases is upon us. With a high enough resolution camera, they could even track where your eyeballs are pointed.

    Do you want a list of everyone who ever entered a gun store? Do you want to see who shops at the thrift-mart AND the ... gucci-emporium? Do you want your health insurance provider to know how often you stop at McDonalds?

    If you're going to squawk at Facebook abusing "customer" data, you might as well take a closer look at the potential abuse of everyone else's databases.

    1. Re:Exceptions are made for high quality acronyms by Ichijo · · Score: 2

      I don't think we want companies tracking and who entered their store and what they looked at.

      That's what exactly salesmen do whenever you walk into a store, only instead of storing the information magnetically, they store it in their own grey matter. But I like your way of thinking--let's ban salesmen!

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    2. Re:Exceptions are made for high quality acronyms by HeckRuler · · Score: 2

      If they develop mentats that can remember a timestamp of every customer that walks in through the door for decades, then YES, that should be addressed.

      But as for now, we should probably acknowledge that computers fundamentally change the nature of the game and keeping databases of everyone's movements turns what was a perfectly normal and more or less unabuseable tidbit of knowledge into the building block of a dystopian nightmare.

      AND, remember, this bill is NOT about what people remember or what databases companies have. It's about them SELLING that information. Otherwise Netflix couldn't suggest movies based on your browsing history, and Amazon could keep track of your purchase history. So you can shove your strawman right up your ass.

    3. Re:Exceptions are made for high quality acronyms by kevmeister · · Score: 1

      ... Do you want your health insurance provider to know how often you stop at McDonalds?

      Hey, I stop at McDonald's almost every time I take bike ride. That's usally 3-4 stops a week. I get all the iced tea I want for $1 and no fat or calories. (Well, maybe one or two from the lemon juice I squeeze into it.) With the temperature at 98F (36C) today, I drank quite a bit of tea for my $1 and my insurer would think it's great. Just don't eat anything there!

      And, FWIW, the term "edge" has been standard networking jargon for decades... all the way back to the old ARPANET.

      --
      Kevin Oberman, Network Engineer, Retired
    4. Re:Exceptions are made for high quality acronyms by HeckRuler · · Score: 1

      CONSENT. The bill is an acronym. They needed an "E".

    5. Re: Exceptions are made for high quality acronyms by No+Longer+an+AC · · Score: 1

      I actually appreciate that kind of service, but such knowledge is limited to that employee who recognizes you by appearance and not by name.

    6. Re: Exceptions are made for high quality acronyms by HeckRuler · · Score: 1

      And the WaffeHouse CEO didn't interrogate her every week for a list of all clients and ordering history so he could sell it.

  12. What isn't an edge service? by Cajun+Hell · · Score: 1

    When I read the definition of "edge service" it's suspiciously specific, but [excuse]my imagination is tired right now[/excuse]. What kinds of things are not edge services under this bill? (i.e. Who bought an exemption?)

    --
    "Believe me!" -- Donald Trump
    1. Re:What isn't an edge service? by Rockoon · · Score: 1

      Thats the point. This is how Markey and Blumenthal are paying back to their donors. All the corporations that arent an "edge provider" becomes indemnified with the same stroke of the pen that pretends to be for your benefit.

      --
      "His name was James Damore."
  13. Re:bets anyone? by Anonymous Coward · · Score: 1

    now we have to give them more permission to steal our data

    Why?

    Because you need to use Facebook? Because you deserve it? You have a right to use it?

    Shit, the nutters are right, we have raised a fucking gibmedat entitlement generation.

  14. First Amendment? by mi · · Score: 4, Interesting

    This is, quite literally, an attempt by Congress to make a law limiting the Freedom of Speech: prohibiting them from telling others something they've learned... Learned without any prior promise not to tell others...

    If the Amendment protects the right of newspapers to publish state secrets , why wouldn't it also protect "social media" companies' right to publish our private little ones?

    --
    In Soviet Washington the swamp drains you.
    1. Re:First Amendment? by sexconker · · Score: 3, Insightful

      Try again. This is informing users and requiring them to give that data up willingly int he first place. Currently, Facebook et al rape it out of you surreptitiously.

    2. Re:First Amendment? by fibonacci8 · · Score: 3, Informative

      Signing a digital contract saying that a business may study my information but may not share additional copies with other people doesn't have anything to do with the first amendment issue at all. Nor does the bill outlining civil recourse for businesses failing to provide adequate security to uphold their side of such contract.
      What the bill actually seems to describe: Businesses that obtain information based on a digital contract have a responsibility to maintain adequate security to justify their claims of who they will and will not share that information to. Third parties obtaining information in bad faith are also the responsibility of the business. The Federal Trade Commission is defining some of the terms that apply to such digital contracts and making legal distinctions between some of them. There's more to it than that, but it's Democrat sponsored and it's unlikely to be passed. So I don't recommend anyone actually read it.

      --
      Inheritance is the sincerest form of nepotism.
    3. Re:First Amendment? by mi · · Score: 1

      Try again.

      Why, thank you kindly for the encouragement...

      This is informing users and requiring them to give that data up willingly int he first place.

      What does "this" refer to in the quoted sentence? The proposed law? The bill is informing users — and requiring them to do something?

      Currently, Facebook et al rape it out of you surreptitiously.

      The "surreptitious rape" metaphor does not add any clarity to the already convoluted text. Try again, perhaps...

      --
      In Soviet Washington the swamp drains you.
    4. Re:First Amendment? by mi · · Score: 1

      What these companies do is analogous to stalking.

      No, it is not.

      what IS being suggested is that maybe he shouldn't be looking in your window in the first place without your explicit consent.

      First of all, so long as the stalker does not trespass on my property, he is entitled to watch — and record — anything he can see, hear, or otherwise perceive.

      Second, unfortunately, you are 100% wrong. The proposed law, according to both TFA and the write-up, would ban just that — sharing, not collecting:

      Two Democratic US senators today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent.

      There is nothing about collecting data in the proposal, other than informing the customer about the fact of collection.

      There are still such things as trade secret laws, NDAs, libel laws, copyright and public safety laws

      Trade secrets only lower in importance than state secrets — and newspapers are allowed to publish those. NDAs are entered into voluntary — and that's why they have an effect. "Public safety" is bullshit in this context — your very example about "shouting fire" comes from the 100 year old case of a man convicted of arguing against US participation in the WWI! Obviously, if we allow the government to ban speech based on "public safety", we may as well abolish the Amendment entirely.

      So, no, for better or worse, the Amendment does cover "sharing" any and all information a company has with whoever it pleases... Unless, maybe, we are willing to revise that earlier decision...

      --
      In Soviet Washington the swamp drains you.
    5. Re:First Amendment? by Anubis+IV · · Score: 2

      Great question, but this is actually quite similar to existing restrictions on free speech. For instance, according to federal wiretapping laws it’s already illegal in all states to record a private conversation without consent (the question of whose consent is necessary varies from state to state). In a sense, this law is proposing to extend that restriction to various forms of asynchronous communication, rather than just synchronous, real-time communication, ensuring that what you say in “private conversation” to a Facebook or Google stays between the two of you unless you consent for them to share it with others.

      More broadly, while the First Amendment is incredibly important, it’s also important to remember that it has never been universal. Whether it’s shouting “Fire!” in a theater, slandering or libeling a political opponent, swatting an online foe, or falsely claiming that your quack medicine is proven to cure all ailments, we’ve had restrictions on the right to free speech from the every beginning. The fact that we allow state secrets to be published shows you just how important it is, but that doesn’t mean it isn’t without limitations, and that’s a very good thing

    6. Re:First Amendment? by Phydeaux314 · · Score: 2

      Counterpoint: HIPAA exists, and places limits on speech. California has an extension of it, called CMIA, that goes further. The first amendment is massive, and the supreme court has been very leery of any reductions in its power, but there are a few limits that the court is willing to accept.

      --
      Never underestimate the stupidity inherent in all human beings.
    7. Re:First Amendment? by mi · · Score: 1

      Subjects to HIPAA promise people to never reveal their secrets to anyone not allowed by the law. It is this promise, that then bars them from disclosing your information... It does impose quite a limitation on this companies — and the cost of proving compliance is non-negligible — but, at least, it is justified by people being compelled to reveal their secrets in order to get medical care.

      There is no such pressure to use "social media". People do that voluntarily.

      Of course, maybe, the Supreme Court's earlier decision regarding newspapers and state secrets was wrong — and it should be possible for Congress to ban distribution of some secrets. But, as long as newspapers can do as they please — including publishing your health history, HIPAA be damned — everyone else ought to have the same right too.

      --
      In Soviet Washington the swamp drains you.
    8. Re:First Amendment? by mi · · Score: 1

      Selling that content, or even just publishing it, depending on the case, is a different matter.

      It is a different matter, and it is protected by the First Amendment. As long as news media can publish anything they choose to, including people's tax-returns and unproven crime-allegations, so can anyone else, "social media" (however defined) included.

      --
      In Soviet Washington the swamp drains you.
  15. File sharing by ebonum · · Score: 2

    Once something digital is out of your control it is gone. Everything from electronic medical records to the new AC/DC cd. Gone. Trying to regulate it into a box is futile. Collecting, copying, storing, sending costs almost nothing. No barrier. Everything will eventually be leaked or hacked.
    The answer is to keep the electronic records/data from being created in the first place (offline storage= very very good). That means someone like me will never use or touch Facebook and will block every IP address connected to Facebook. Even if that means I can't watch a few videos.

    1. Re:File sharing by burtosis · · Score: 2

      My favorite part today was the "we asked CA to delete data and they said they did at which point we considered the matter closed". As if the data couldn't be copied and sent around the world within the space of just his response. The very notion that you ever could get all copies of the data back is fanciful beyond belief.

  16. How it will go down... by burtosis · · Score: 4, Insightful

    Senator: Do you even understand how serious the data privacy breach is here? It's almost as if your entire business model is simply selling private data to anyone for any reason regardless of user settings. If Facebook doesn't get it together we will regulate each and every one of your competitors into bankruptcy! Are you even listening to us Mr. Zuckerberg?

  17. like that's going to make a difference by ooloorie · · Score: 1

    Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent

    This will end up being some variant of: "You want to see hot naked girls? We'll even share your stats with them, you gorgeous hunk! Just click OK!"

  18. Will this apply to the Governments? by I75BJC · · Score: 1

    Local Governments, State Governments, Federal Governments all gather information in the USA. These Governments ALL Sell this information to Business. Will this Bill stop the Governments from sharing PII and HIPPA information without an Opt-In decision from the persons/citizens? If not, this Bill is a publicity stunt!

  19. Like Email by wolfheart111 · · Score: 1

    The double opt in... how well did that work?

    --
    [($)]
  20. Change the economy of data collection. by dweller_below · · Score: 4, Interesting

    Attempts to legislatively say: "Thou Shalt NOT" will probably be ineffective when the underlying economy strongly favors collecting, storing, and using private information.

    The most effective legal protections against invasive data collection are to change the economy of personal information. This sounds harsh and invasive, but it may be the only workable protection from widespread privacy threats and manipulation.

    • 1st, we need to increase the expense of collecting and storing personal data.
    • 2nd, we need to decrease the value of using personal data.

    For example, we can increase the expense of collecting, storing and exchanging personal data by:

    • * Require accurate tracking information on the collection, storage and exchange of personal data. This should include identifying information for every entity that handled the data. This should be coupled with large mandatory fines for any data that is missing past transaction history. Currently, data brokers have low overhead and bear no responsibility for their behavior. They are selling goods worth billions. Their activity should be tracked as completely as credit card transactions. Requiring accurate documentation of the personal data marketplace will increase the expense of reselling personal data.
    • * Impose aggressive taxes on collected, stored and exchanged personal information. It obviously has value. It is a major asset of Google and Facebook. It should be taxed like real estate or an economic transaction. The higher the taxes, the less incentive to collect, store and exchange personal information.
    • * Forbid exporting personal information from the country of origin. If an entity wishes to collect, store, or exchange personal information, they must do it in the country of origin.
    • * Add more teeth to "data breach" legislation. Remove any "due diligence" protection. Impose mandatory fines for data breach. Fines should be based on the number and severity of personal "facts". The higher the fines, the less incentive to collect and store personal information.
    • * Impose full breach liability on every upstream entity in the data collection stream. Currently, data collectors and brokers get rich by selling to a wide market and experiencing no liability. Imposing liability for the behavior of down-stream purchasers of personal data will greatly increase the expense of collecting, storing and exchanging personal data.

    Then we must work to harden our society against the manipulative effects of collected personal data. This is a continual challenge. Things we might consider include:

    • * Require search engines and social media to unmistakably indicate if we are viewing "Relevant, tailored for us illusion" or "Consensus Reality".
    • * Consistently penalize search engines and social media when they inaccurately represent "Consensus Reality"
    • * Require search engines and social media to provide a simple, always on-screen method to easily switch between "Relevant, tailored for us illusion" or "Consensus Reality".
    • * Impose meaningful, effective restrictions on our government's ability to attempt to manipulate "Consensus Reality"
    • * Require our government to protect it's citizens from other government's or corporation's attempts to manipulate "Consensus Reality"
    • * Impose mandatory penalties on the enabling parties for every occurrence of identity theft. This means penalize the banks, the credit reporting agencies, and even the IRS. If identity theft occurred, then their process must have immediate, corrective feedback.
    • * Require multi-factor authentication when authenticating to critical resources.
    • * Educate our society that biometrics might be identifiers, but should never be an authentifier.

    Ultimately, dealing with the problem of privacy abuse and invasive data collection will take much more than a legislative "Thou Shalt Not".

  21. Re:bets anyone? by Athanasius · · Score: 1

    I may mostly be looking through the comments to find people who didn't catch that part of the summary. Indeed, the bill as proposed covers this. I'd expect that to be the first clause to be killed in any revisions though.

  22. Too little and too late by skovnymfe · · Score: 1

    Too little and too late. If it ever becomes law, it will change nothing.

  23. Take it or leave it by Daralantan · · Score: 1

    Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

    My first thought was "Here comes the TOS people have to sign to use the service. And this will be buried in the middle of millions of pages somehow."

  24. As is typical by kilodelta · · Score: 1

    It takes legislators years to tumble to the fact that something is out of control.

  25. great idea...maybe by autlycus · · Score: 1

    I think this is a great idea, as long as no government institution is exempted.

  26. I have an essay on this topic now by yuhong · · Score: 1

    http://yuhongbao.blogspot.ca/2...

  27. Sauce, goose, gander by eric_harris_76 · · Score: 1

    How about having something similar for the information that the government gathers -- without the person's consent -- for one purpose that is used for another?

    And don't say it never happens. Here's some reminders of one especially awful one. Census Bureau. Japanese. FDR. Internment camps.

    And simple failure to safeguard information. Sensitive personal information about me is now in China, thanks to the federal government's failure. And of millions of others, of course.

    --
    There's no time like the present. Well, the past used to be.