The Nation's Strictest Privacy Law Goes Into Effect (arstechnica.com) 45
An anonymous reader quotes a report from Ars Technica: Californians are getting a new, supercharged way to stop data brokers from hoarding and selling their personal information, as a recently enacted law that's among the strictest in the nation took effect at the beginning of the year. [...] Two years ago, California's Delete Act took effect. It required data brokers to provide residents with a means to obtain a copy of all data pertaining to them and to demand that such information be deleted. Unfortunately, Consumer Watchdog found that only 1 percent of Californians exercised these rights in the first 12 months after the law went into effect. A chief reason: Residents were required to file a separate demand with each broker. With hundreds of companies selling data, the burden was too onerous for most residents to take on.
On January 1, a new law known as DROP (Delete Request and Opt-out Platform) took effect. DROP allows California residents to register a single demand for their data to be deleted and no longer collected in the future. CalPrivacy then forwards it to all brokers. Starting in August, brokers will have 45 days after receiving the notice to report the status of each deletion request. If any of the brokers' records match the information in the demand, all associated data -- including inferences -- must be deleted unless legal exemptions such as information provided during one-to-one interactions between the individual and the broker apply. To use DROP, individuals must first prove they're a California resident.
On January 1, a new law known as DROP (Delete Request and Opt-out Platform) took effect. DROP allows California residents to register a single demand for their data to be deleted and no longer collected in the future. CalPrivacy then forwards it to all brokers. Starting in August, brokers will have 45 days after receiving the notice to report the status of each deletion request. If any of the brokers' records match the information in the demand, all associated data -- including inferences -- must be deleted unless legal exemptions such as information provided during one-to-one interactions between the individual and the broker apply. To use DROP, individuals must first prove they're a California resident.
Thank you California! (Score:5, Interesting)
Re: Thank you California! (Score:5, Informative)
I also see that opt out shall be the default and only intentional opt in shall be permitted for data collection.
Don’t hold your breath. (Score:3, Interesting)
This is fantastic, and is one step closer to my ultimate desired outcome: make the purchase and sale of user data illegal. So much of the decline of the web can be pinned on the collection, misuse, purchase, and sale of user data.
You are correct. This is a good thing.
Now let’s just see if The Product agrees to no longer be The Product by way of paying for every social media service.
Also known as that thing consumers used to do before the idea of actually charging money for services became “racist”.
Re: (Score:2)
It breaks the business model of most centralised social media and services like gmail etc, but that's probably a good thing.
Remember when people had email accounts that came with their ISP subscription? You're a paying customer with rights, not a single member of a large herd of cattle being led to the slaughter.
Social media can work the same way, there are federated systems where you can self-host, or you can choose from a number of different providers that will host it for you.
Re: (Score:2)
How would you recommend to fund writing and hosting a website if the website operator cannot sell "behavioral" ad impressions targeted to the individual viewer's inferred interests? I'm aware that it's possible to target an impression to the context of the document in which the ad appears. This is called "contextual" ad placement. However, advertisers are willing to pay three times as much for a behavioral impression than for an contextual impression. Banning publishers from selling behavioral impressions w
Needed (Score:5, Insightful)
This sounds like something that the entire nation needs. Let's get on that.
Re: woke politics (Score:1)
Re: woke politics (Score:1)
You didn't state the name of your country...
Re: (Score:1)
This sounds like something that the entire nation needs. Let's get on that.
This sounds like something every consumer will pay for in the future instead of getting it for free.
Lets see what The Product has to say about that. How far their wallets will actually open.
Re: (Score:2)
Nothing is free, you pay for it one way or another wether you like it or not.
Remember when ISPs offered email accounts and webhosting space as a part of the subscription plan? Imagine a return to that where ISPs can compete to offer such value-add services, or you can buy from a dedicated supplier, or you can self host etc. Much better than a system that's centrally controlled by a single entity/
Re: (Score:2)
This sounds like something that the entire nation needs. Let's get on that.
I boldly predict fewer than 1% of my fellow Californians bother to look at their profiles or ask for them to be deleted. Can we come back a year from now and check?
first thoughts... setting it up (Score:4, Interesting)
Just went through it this morning. Have to say... very disappointed with the setup process. Seemed very amateurish. I almost suspected this was some sort of 1/2 baked phishing scam....
At 1 point it sent a code to my email and asked me to type in the code once I received it but when I switched to email to look at the code and switched back the interface said... "reconnecting to server"... then presented me with a cleared out form which ended up sending another code to my email.... etc etc etc. After a couple of cycles and realizing the futility... I tried just waiting for the autofill on the iPhone to detect the code and type it in for me... cept that didn't work either... it kept missing a few digits of the code. Eventually, I got it to work by watching for the autofill message... remembering the code... then typing it in manually.
Also at a couple of points in the setup, I rotated my phone and rotated it back... 1/2 the screen was then lost (off screen but couldn't pan to it) to me including the button to continue.
I REALLY hope the implementation is better than the setup...
Re: (Score:2)
STOP assuming every website should function perfectly on a fucking 2” screen.
30 million American adults use their phone as their primary means of accessing the Internet.
Half of those don't even own a computer.
So, yes, websites offering basic services dang well better work on a small screen.
Re: (Score:2)
Work on sure..
Not take advantage of larger screens no.
A well written site/application will scale well to a larger screen, or provide a completely separate UI that's suited to such a screen and its associated input methods.
Re: (Score:2)
California state websites are all universally shit. Get used to it.
This being government, they have to use the lowest bidder who can allegedly meet the requirements. Mostly that means we use Accenture. They are shit. Like big time, fully incompetent, oh my god I can't believe they did that shit.
To my mind the solution is to have programmers in house and save a lot of money, but that won't work either because government can't get its shit together to pay prevailing wages.
Re: (Score:2)
I'm finding what you're describing more and more (especially with ID checks, but other things too). My guess is the mobile versions of their sites/products get tested on iPhones, top-of-the-line Samsungs and Googles and that's all. My little old motorola has a bit less capability than any of those, and seemingly the browser can't keep itself in memory when I switch to another app (even getting to the password manager is a gamble in some cases).
There are multiple problems here... the browsers aren't always v
Re: (Score:1)
umm.. no.
1.3 billion iPhones have a problem with your website then your website has a problem.
flock cameras (Score:2, Insightful)
once again, will Californians be able to demand that flock and other types of cameras delete and do not record everyone's personal information?
https://youtu.be/uB0gr7Fh6lY?s... [youtu.be]
https://youtu.be/vU1-uiUlHTo?s... [youtu.be]
with AI they DO have your personal data. They can see you and follow you in real time, they know where you live, they know what you drive, they know who you are, they know everything about you because you cannot escape 80,000 + cameras everywhere, ALPR (Automatic License Plate Readers) and PTZ (Pan to
Re: (Score:3)
FBI caught the Jan 6 pipe bomber from a flock camera and some credit card swipes from five years ago.
That's scary.
Re: (Score:1)
no. What is scary is that some company gets to see everyone in real time, following them wherever they go, use AI to infer information that cannot be easily obtained otherwise. It is constant surveillance that is scary.
As to whoever being caught with cameras, certainly they will be. Also there will be people completely abused by the system, there will be political prosecution, there will be destruction of business, there will be rape and theft and destruction of property rights all based on the compiled
What's good for the goose... (Score:2)
In the spirit of universalism, perhaps the state should provide the same rights to people whose data is brokered by CA based companies.
Re: What's good for the goose... (Score:5, Informative)
EU GDPR gaining fans outside of the EU. (Score:4, Interesting)
Nice. Good stuff. Keep going.
Re: (Score:2)
The preemptive opt-out may even be stronger than GDPR.
I wonder if it will allow for something like the "cookie banners" with a huge "allow all" button and a many clicks path to disallow most (while the companies still claim some cookies would be 'required' and therefore cannot be deselected) that are the data brokers' answer to GDPR.
Re: (Score:2)
the companies still claim some cookies would be 'required' and therefore cannot be deselected
I fail to imagine how one might store which cookies the user has deselected, other than in a cookie that cannot be deselected.
Re: (Score:2)
Simplest option: Respect Do-Not-Track
https://en.wikipedia.org/wiki/... [wikipedia.org]
Second, you ARE allowed to store technically required cookies without asking the user. A flag "tracking_cookies_wanted=0" is completely legitimate and enough to store that the user does not need to see the cookie banner next time.
Third, they explicitly list purposes like "required market analysis" and similar things that are certainly not required to provide the service to you.
GDPR says (more or less): You can do what you need to do to se
Re: (Score:2)
Third, they explicitly list purposes like "required market analysis" and similar things that are certainly not required to provide the service to you.
What's the privacy-respecting way to determine demand among users for continuing to maintain a particular feature of a website or web application?
Re: (Score:2)
That's the wrong question.
The point is, GDPR says I do not need to participate in your market research what features are popular (given that it involves relating data to a profile, pseudonym or other identifier that can track me over multiple visits).
And to answer your question: The best way is to ask your users.
Have a look at Mozilla, their telemetry infested browser and their decisions to add features nobody was missing and to remove features people are using.
Just because you have usage data it doesn't me
Re: (Score:2)
And to answer your question: The best way is to ask your users.
Henry Ford's prospective customers said they wanted a faster horse. And if you ask your users how often you should be asking your users for feedback, they'll probably say never because asking interrupts their immediate task.
What's the GDPR-compliant way to inform users that people who decline to participate in a user survey risk losing access to features?
Re: (Score:2)
"What's the GDPR-compliant way to inform users that people who decline to participate in a user survey risk losing access to features?"
What about just displaying it on the homepage? Maybe you should read a few things about GDPR, you don't seem to fully know what it regulates (and what not).
Re: (Score:2)
I know GDPR article 27 doesn't let companies outside the EU sell to customers in the EU or collect any personal data from viewers in the EU without paying a ton of money per year to a representative service.
Post-deployment clean-up (Score:1)
They should also mandate that any data already collected should be either deleted, or all the data subjects in the database should be notified that a particular company has their data, so that they can act.
Given how widely data brokers share personal details, many people have no idea who has their data.
Re: (Score:1)
many people have no idea who has their data.
Why should I care?
What bad thing will happen to me if some random business knows what brand of tea I drink?
Re: (Score:2)
how about Price discrimination [wikipedia.org]
Trying to maximize the amount that you pay, because they have enough information about you to know what you can afford and how badly you need a product within a specific timeframe.
Some dodgy gig type employers were looking at using the same information to determine how little they could offer to pay workers while still having them barely make rent, knowing their household expenses to keep them on the brink of eviction.
The only solution is to not collect the information, and fo
CA no data (Score:2)
I tried - still working on it (Score:2)