Silicon Valley Is Terrified of California's Privacy Law

An anonymous reader quotes a report from TechCrunch: Silicon Valley is terrified. In a little over three months, California will see the widest-sweeping state-wide changes to its privacy law in years. California's Consumer Privacy Act (CCPA) kicks in on January 1 and rolls out sweeping new privacy benefits to the state's 40 million residents -- and every tech company in Silicon Valley. California's law is similar to Europe's GDPR. It grants state consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.

Since the law passed, tech giants have pulled out their last card: pushing for an overarching federal bill. In doing so, the companies would be able to control their messaging through their extensive lobbying efforts, allowing them to push for a weaker statute that would nullify some of the provisions in California's new privacy law. In doing so, companies wouldn't have to spend a ton on more resources to ensure their compliance with a variety of statutes in multiple states. Just this month, a group of 51 chief executives -- including Amazon's Jeff Bezos, IBM's Ginni Rometty and SAP's Bill McDermott -- signed an open letter to senior lawmakers asking for a federal privacy bill, arguing that consumers aren't clever enough to "understand rules that may change depending upon the state in which they reside." Then, the Internet Association, which counts Dropbox, Facebook, Reddit, Snap, Uber (and just today ZipRecruiter) as members, also pushed for a federal privacy law. "The time to act is now," said the industry group. If the group gets its wish before the end of the year, the California privacy law could be sunk before it kicks in. TechNet, a "national, bipartisan network of technology CEOs and senior executives," also demanded a federal privacy law, claiming -- and without providing evidence -- that any privacy law should ensure "businesses can comply with the law while continuing to innovate." Its members include major venture capital firms, including Kleiner Perkins and JC2 Ventures, as well as other big tech giants like Apple, Google, Microsoft, Oracle and Verizon

"It's no accident that the tech industry launched this campaign right after the California legislature rejected their attempts to undermine the California Consumer Privacy Act," Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California, told TechCrunch. "Instead of pushing for federal legislation that wipes away state privacy law, technology companies should ensure that Californians can fully exercise their privacy rights under the CCPA on January 1, 2020, as the law requires."

GDPR is important

[tinkerton]

In principle GDPR is quite powerful. Your data is private to the extent that it can be traced back to you in whatever manner possible. Such data can only be used with explicit approval for explicitly stated goals in a way which can be justified to you.
Anything which is anonymized may be free for use - as long it cannot be traced back to you.
In practice this is not yet possible to implement but you can pick out major offenders.
In a business which uses spying on their clients as a major source of income this is a landslide.

Re:

[AmiMoJo]

Seems like the US could do with some GDPR style penalties too. Currently 4% of global turnover for a major privacy breech or violation, but I'd personally like to see it much higher.

Re:

[Anonymous Coward]

Fines aren't going to do anything. The penalty needs to be imprisonment of company executives.

Re:

[Roodvlees]

So nobody wants to take the risk of violating privacy and thefore digital services get developed?
People choose to interact with social media because of the value it provides them.
There's always a choice behind every data leak to put that data online to begin with.
Compare that to the government, which can force you to comply with their whims.

Re:

[BringsApples]

Fines aren't going to do anything. The penalty needs to be imprisonment of company executives.

What good will that do? There are many many executives waiting to take the jobs of the ones that were sent to prison, and they have the same mentality, so nothing will change. No, I say that if corporations are people, then send the corporation into some virtual prison, where it's disallowed to operate for so many years. This means, it's products, or any of it's business practices are halted completely.

If that were the case, then facebook would server billions of year for just identity theft alone (yes t

Re:

[skegg]

More than 4% of global turnover? Ouch! That can already be a pretty big number. And then we're just punishing innocent shareholders (think members of pension and superannuation funds).

Tell you what I'd like to see? Custodial sentences for the most egregious offences + strip them of the ability to hold directorship for 10 years.

Re:GDPR is important

[stealth_finger]

Why? All the EU nations want to do is tax US brands.

Yeah but only because US brands want to operate in the EU.

Re:

[mwvdlee]

Nobody forced those companies to move their taxable entities to the EU in order to avoid US taxes.
You rather they pay no taxes at all?
Want to operate in the EU? Follow EU laws.

Re:GDPR is important

[spun]

Taxes are voluntary, just like eating at a restaurant is voluntary. Don't want to pay for your food? Fuck off out the restaurant. Did you slaughter a bunch of natives to take this land? No? Well the US government did, so this shit is ours now. Not yours. And if you want some of this land we ganked, you have to follow our rules. Just like you can't go in a restaurant without pants on, you can't own land here without paying taxes.

Nobody owns Antarctica you selfish chucklefuck, you could always move there. Or you could seastead, there's enough trash in the pacific to make a damn palace. But honestly what you do after you fuck the fuck out of the US isn't our responsibility, just like it isn't the restaurant's responsibility what you fucking eat after you leave.

Fuck right off with that juvenile libertarian bullshit. We have every right to charge taxes for the services you receive, and if you don't like the bargain, you are free to live somewhere else.

Re:

[theshowmecanuck]

Fuck off with your social justice virtue signalling. This is a tech forum. Go sing Kumbaya somewhere else.

Re:

[spun]

How un-self-aware can you possibly be?

I was responding to some right wing virtue signalling. When udachny wrote "I rather nobody paid any taxes at all to anyone for any purpose. Everything must be absolutely voluntary and without collectivist coercion." he was obviously virtue signalling his libertarian values and trying to win political points with other libertarians. He was being a social justice warrior, for his perverted definition of social justice. I mean, the dim witted fucker was claiming taxation i

Re:

[Solandri]

Fuck right off with that juvenile libertarian bullshit. We have every right to charge taxes for the services you receive, and if you don't like the bargain, you are free to live somewhere else.

Ironically, the U.S. was founded by people doing exactly that - fleeing Europe to live somewhere else away from people with attitudes like yours.

I think the bigger lesson here is that the war of ideas knows no boundaries. That those wanting to be free of (what they perceive to be) excessive government need to sta

Re:

[spun]

No, nobody fled Europe with the intent of setting up a libertarian society. If they "fled" anything, it was actual, as opposed to imaginary, tyranny. It was not "excessive" government they fled. That's revisionist history, blind to all historical fact. Our founding fathers wanted a strong government because they knew that only a strong government could protect them from tyranny. Our founding fathers were not ignorant college libertarian idealists, they were hard headed realists, and the government they crea

And they should. Or not.

[Errol backfiring]

This is probably one of the cases of "if you don't do anything wrong, you have nothing to fear". I don't know the specifics for the California law, but the GDPR does not forbid storing privacy-sensitive data. It only forbids the abuse of it. The GDPR is mainly a common sense law, that makes digital stalking as bad as physical stalking, and other digital crimes as bad as the physical ones.

If privacy violation is your business model, than yes, that law is specifically targeted at criminals like you. If doing well-behaved business is your business model, please do continue.

Re:And they should. Or not.

[AmiMoJo]

The other great thing GDPR does is force companies to actually think about this stuff. Doubtless Zuckerburg wasn't thinking about the user's privacy at all when he built Facebook. Companies handling that kind of data need to have a very clear policy and they need to tell you what it is.

They also need to provide a clear and simple way for you to request deletion of your data, to request copies of it and to request corrections.

Re:And they should. Or not.

[ToTheStars]

Doubtless Zuckerburg wasn't thinking about the user's privacy at all when he built Facebook.

Oh, I think he was. He was thinking about how stupid Facebook users were for trusting him with it.

Indeed:

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb fucks.

Re:

[RightSaidFred99]

Lol, you got modded "Demonstrably true, but I don't like you saying it".

Cost of article 27 representation

[tepples]

The GDPR is mainly a common sense law

One part of the GDPR that I find problematic is article 27. It requires any business that isn't based in European Union but ships to addresses in the EU to hire a representative on EU soil to act as a point of contact for consumer inquiries. This can cost thousands of dollars for even the smallest businesses [verasafe.com]. Some US-based businesses that had less than 1 percent of their revenue from the EU have ended up removing EU countries from their list of shipping destinations in order to avoid costs associated with compliance with this article alone.

Re:

[Anonymous Coward]

How is that a bad thing?

You seem to be of the mindset that selling more stuff is the positive outcome. I'm sure it is for the company that sells, but what about the consumers?

If you have no customer contact and no enforceable rights as a consumer, good luck. There is no recourse available to European customers that buy things from the US or Asia. If you get a chewing gum instead of your graphics card you bought from China, there is not a thing you can do about it. Buying from the US is better, but not much.

Re:

[tepples]

It means that you, the consumer desiring a specific niche product, are no longer able to obtain that product at all without arranging a forwarding service.

Re:

[atrex]

Oh ouch, $2,700 for up to $25 million of global revenue? Yeah, no, I don't think your argument holds water. A successful business, even a small one, isn't going to be significantly impacted by having to hire a representative service for $2,700 annually.

$2,700 may sound like a lot to an individual, but it's nothing to a business that's already profitable, just do the math. $10 million in global revenue, so if they pull 1% of that in the EU that's still $100,000. $2,700 is 2.7% of that. Why would a bus

Re:

[LynnwoodRooster]

How about a business doing $100,000 total in revenue - a sole proprietor type operation? That $2700+ per year is now too much - and so they no longer sell into the EU. People always ignore the small businesses that get stomped by such "it's just a few thousand a year" kind of regulations. Almost like people want to kill small business and force us all to work for a big company...

Re:Cost of article 27 representation

[skegg]

a non-EU establishment is exempted from designating an EU Representative when the processing is only occasional and does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) GDPR

General Data Protection Regulation - EU Representative [wikipedia.org]

Even I can see the loophole should a non-EU establishment wish to avoid being subject to GDPR. DON'T COLLECT THE DAMN INFORMATION. If those companies want to store information relating to their customers' ethnicity, sexual orientation or political opinions, then follow the rules.

Shipping without collecting the address

[tepples]

a non-EU establishment is exempted from designating an EU Representative when the processing is only occasional

The Regulation does not define "occasional," presumably leaving that to courts. Analyses that I've read imply that routine processing performed whenever an order is placed is unlikely to be deemed "only occasional."

Even I can see the loophole should a non-EU establishment wish to avoid being subject to GDPR. DON'T COLLECT THE DAMN INFORMATION.

I'm interested in how you would recommend that a small business (below say 1 or 2 million USD worldwide revenue per year) take payment from a customer or ship a product to a customer without collecting the customer's address.

Re:

[suutar]

this seems like an opportunity for UPS to set up an intermediation service. Seller hands off to UPS, UPS gathers address information and generates an address form, seller treats address form PDF as opaque blob, prints it, slaps it on the box, hands box to UPS, records the tracking number, and otherwise washes its hands of the address info.

Re:

[suutar]

sort of like "verified by visa" stuff, which could be used similarly to handle payment.

Re:

[Train0987]

Registered Agents in the US cost about $100 per year.

Re:

[Train0987]

Forgot to mention that a Registered Agent is only necessary in the state the company was formed in.

Re:And they should. Or not.

[stealth_finger]

...does not forbid storing privacy-sensitive data. It only forbids the abuse of it...

Yeah but their whole business model is based on abusing the data.

Re:

[mwvdlee]

To be fair, GDPR does put a burden upon well-behaved businesses as well. Mostly in the form of having to spend resources on ensuring legal compliance. For small businesses, this is a non-trivial amount of money and time.

Re:

[tinkerton]

It can be a huge cost to get a strict implementation of GDPR . So for one most people assume it won't be applied strictly and secondly the implementation is 'throttled' . For many organisations it is enough that they show they are putting some effort in and it is accepted that it will take a long time to get things right.If a school has to take in account GDPR with every silly little query they have to rewrite their databases and a massive amount of new bookkeeping has to be introduced to manage all the con

Re:And they should. Or not.

[theskipper]

Noted, but let me shake my fist at the sky for a moment. If you stray from the standpoint that privacy should be opt-in full stop, you're already losing. Granted, the horse has left the barn but she's not totally out of sight yet. I.e. it should still be the conceptual goal to shoot for.

Fundamentally, none of these advertising companies are entitled to a single stitch of our info which is what they're shooting for, entitlement. This includes big names like Facebook, Pinterest, Snap, but, more insidiously, the hundreds of data slurping companies that operate quietly in the background (think "analytics" and go from there).

Further, companies whose core model does not rely solely on privacy exploitation, like Amazon, should ideally only be "entitled" to your shipping address, credit card number, and a few other database fields. Telecom/ISPs too. (It could be argued that Google's search is so good that it's an actual product. And this is what separates Google from FB in terms of defining privacy exploitation even though their business models are similar.)

The pure exploitation companies do not have a primary use case for collection like Acxiom does (credit evaluation). Every bit of info these companies collect is used for privacy exploitation and solely for the use of increasing shareholder/private owner value. There is no other primary value but they want to fully entrench this as a normal business model and all the benefits that come with it. That's what's dangerous, you won't be able to regulate them from the standpoint of true privacy in the future. If you don't start with a hardcore opt-in position, the foundation will have already been poured in their favor.

Directly to your point, I would argue there is no such thing as a "well-behaved" company. All assets will be exploited for the purpose of generating revenue. Especially when times get tough it's amazing the amount of rationalization and creativity that goes on when one's dinner is threatened. All that weasely language in the DNA companies TOS is there for a reason. Which leads to...

The info they're collecting is going to be on their backup tapes forever. As has been stated numerous times before, it's not about "nothing to fear". It's how can this data be used against me in the future (erroneously or financially). Average Joe doesn't realize what's going on behind the curtain because he hasn't seen a direct consequence of what can (will) happen to their info being used against them. Information will be sold out the back door to insurance, auto dealers, retailers, etc. that will result in "smart pricing" against them.

A federal law will cement their privacy-exploitation business models and supply a moat against any consumer-friendly actions in the future. How? Through $700/hr lawyers pre-building loopholes into the law through lobbying efforts.

TL;DR: Privacy exploitation should not be normalized as business model. Screw 'em all.

Re:

[tinkerton]

IIRC when Ford CEO was talking about using the huge amounts of data they harvested from their cars to generate money the first client was expected to be Ford's own insurance business. I'd expect that this is already being introduced in some form.

Re:

[phantomfive]

It's not really a thing to fear, it's just going to be a lot of work. Companies need to be able to delete (and collect) all the information for any user that asks for it. So basically every database table you have needs to be extended or wrapped in some way, which makes the code messier, an extra place to update every time you change something, etc. Added to that is the ambiguity about backups. A literal reading of the law would require you to remove user info from backups if requested. Very few people have

Re:

[LostMyAccount]

Any significant set of regulations is inherently complicated, and it usually results in the regulations being vague enough that ultimately the only regulation that matters is specific rulings by regulators.

There's probably a set of perverse incentives that result in regulations also being controlled by regulators (as opposed to being clear enough to not need anything other than conventional legal enforcement).

Just look at religion, the oldest and most fundamental kind of regulation. At the level of the ind

Re:

[skegg]

we kinda accidentally ended up getting what some proponents wanted the law to be

vs gettin' nothing? I'll settle for that.

7 days a week. And twice on Sunday's.

Re:You haven't read it, have you?

[Anonymous Coward]

As a software developer for a multi national tech company, and somebody who thought "it's about damned time" (And immediately asked "when can the US get this?)" I will agree with that GDPR was a nightmare, and probably caused more than a few sleepless nights in the legal departments of firms all over the place.
What I can say purely my perspective, this had some VERY interesting fallout:

• Companies were not lying when they said GDPR was expensive to implement (in my case we spent MONTHS working the problem).
• Even if we don't have this set of laws in the US, it's honestly easier (and cheaper) for most firms to extend these protections to all customers regardless of where they live.
• This also led to a lot of VERY frank and open discussions about what is considered PII (personally identifiable information), and where does this exist in various systems. This meant having to examine old systems that have been mouldering in various nooks/crannies for years.
• This same discussion is now a normal talking point of most engineering lifecycles, and has led to an interesting paradigm shift: Instead telling developers to implement the massive "Lets Collect Everything" and shove it into hadoop (where most data goes to die), this has allowed us change to "Do we really need to collect this data?" "Is it relevant?" "How do we implement a kill switch for this?" among other things (and this is a mix of managers, developers and sales folks talking about this).

Selling data

[110010001000]

That is what happens when you go from selling products and services to selling people. The so-called "tech industry" isn't really tech at all, but advertising.

Re:

[sinij]

The so-called "tech industry" isn't really tech at all, but advertising.

More so, on-line advertising does not work, it is all click-fraud and misclicks. They are violating your privacy to perpetuate falsehood that Google or Facebook or Twitter are capable of selling something to you. They are not.

Since 1998 Google had me spend exactly 0$ on any goods or services they advertised. This is astonishing 0$ vastly exceeded by hundreds if not thousands of dollars they charged firms for showing me ads over these years. Even at just 5c per 1000 views that is non-trivial wasted money.

Re:

[phantomfive]

it is all click-fraud and misclicks.

Technically it's 15%-30% fraud and misclicks.

Re:

[swillden]

More so, on-line advertising does not work, it is all click-fraud and misclicks.

Actually, online advertising is the one sort that provably does work. The classic advertising industry line is "I know that 50% of my advertising spend is working, I just don't know which 50%". But with the type of online ads invented by Google, the advertisers can tell exactly what percentage of ad displays result in clicks, exactly what percentage of ad clicks result in sales, and of exactly what amounts. Online advertisers can see exactly what their revenue and profit is for ever dollar spent on adver

Re:

[sinij]

Actually, online advertising is the one sort that provably does work. But with the type of online ads invented by Google, the advertisers can tell exactly what percentage of ad displays result in clicks, exactly what percentage of ad clicks result in sales, and of exactly what amounts.

You cannot differentiate with metrics between someone who already decided to purchase specific goods or service looking for a link from someone doing general research. If you have a decided consumer, then it is search masquerading as advertising.

How many lazy people do you think typed into chrome bad amazon instead of amazon.com and then clicked first Google link (that happens to be an ad!) when doing shopping? Do you consider this advertising? Online advertisers can see exactly what their revenue and

Re:

[sinij]

My bad on other comment... multitasking fail. I was saying: You cannot differentiate with metrics between someone who already decided to purchase specific goods or service looking for a link to seller from someone doing general search and getting persuaded by advertising. If you have a decided consumer, then it is just search masquerading as advertising. How many lazy people do you think typed into chrome "amazon" instead of "amazon.com" and then just clicked first Google link (that happens to be an ad fo

Re:

[RightSaidFred99]

Yes, Google, Facebook, others those guys are _dumb_ compared to you. They haven't figured out that they aren't really raking in _billions upon billions_ because, according to SlashDot Dude, on-line advertising *bolded*does not work*bolded* (for effect, yes I know how to bold).

Once again, another Slashdweeb who thinks he is smarter than everyone else.

Re:

[sinij]

You are assuming Google isn't misrepresenting advertising effectiveness. Aside from Google Analytics (i.e. what Google tells you), what metrics do you have to measure advertising effectiveness?

Re:

[RightSaidFred99]

I would say the fact that people keep buying advertising. Seems pretty straightforward, no? Or do you again imagine all those dumb companies just handing over money to Google/Facebook/et al. and not noticing for year after year they aren't "working", hence again making you smarter than those poor deluded dummies?

Re:

[phantomfive]

Wait, that is true of Facebook and (mostly) Google, but Tesla sure doesn't. Of all the Silicon Valley companies I've worked for, only one of them (Adap.tv) relied on advertising for revenue.

I'm confused..

[fred911]

How would a federal law lessen obligations for a state laws local compliance? California has lead this country with new legislation. Auto manufactures at one time were able to sell vehicles that weren't compliant with Ca smog standards outside of CA. Now the standards set by CA are national. California also decriminalized possession of less than 1 oz of cannabis in the 80's. The rest of the states are following [albeit slowly]. Historically, Ca has lead this country in new legislation.

So if there's a federa

Re:

[SeriousTube]

I guess you haven't kept up on the news where Trump just invalidated the CA emissions requirements.

Re:

[Train0987]

Federal law always trumps state law. A war was fought over it.

Interstate commerce clause [Re:I'm confused..]

[XXongo]

How would a federal law lessen obligations for a state laws local compliance?

The "interstate commerce" clause of the U.S. Constitution.

The corporations in question do business all over the US (and outside, although that's irrelevant). The courts have rules that a mishmash of conflicting state laws would impede interstate commerce (and it would), so IF the federal government makes a single law for all the states, it trumps state law. But if the feds don't address the subject, then the state laws apply

Federal law always trumps state law. A war was fought over it.

Sort of. That war was actually fought over something else. Overall, the state law trump federal law except where the constitution specifically spells out otherwise (10th amendment: The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.). HOWEVER the courts have some latitude in their interpretation of what powers the constitution actually gives to which entity.

Re:

[An0nYm0u5c0wArD]

Sort of. That war was actually fought over something else. Overall, the state law trump federal law except where the constitution specifically spells out otherwise (10th amendment: The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.). HOWEVER the courts have some latitude in their interpretation of what powers the constitution actually gives to which entity.

Except not just sort of. That war was fought SPECIFICALLY over states' rights. The matter that you're referring to was solely related to failure to compensate citizens for loss of property. It would be like the government suddenly deciding to outlaw cattle farming (due to climate change or whatever), but refusing to compensate the cattle ranchers for the value of the livestock they own. Sure, all the PETA people and vegans would be fine with screwing them over, but it is morally wrong to do that to them

Re:

[Train0987]

Christ, it was fought over the STATE'S RIGHT to allow slavery. Very simple. Treason has a very specific definition in the constitution and this isn't it.

Re:

[chill]

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

It very much WAS that. The renegade States levied war against the Union by attacking Fort Sumter in April 1861. Just because they said "we quit" a couple months before doesn't give them cover.

Re:

[Train0987]

Where is the word "union" in the sentence you just copy/pasted? I only see United STATES.

Re:

[chill]

The "Union" was the United States. "We the people of the United States, in order to form a more perfect union..."

"Union" was simply slang for the United States, just as "the South" was slang for "Confederate States of America". See Wikipedia for quick reference: https://en.wikipedia.org/wiki/Union_(American_Civil_War) [wikipedia.org]

Re:

[Train0987]

If the state's had known that they could never leave the union they never would've joined it in the first place.

A thoughtful discussion on whether secession was "treason" or not can be found here: https://www.abbevilleinstitute... [abbevilleinstitute.org]

Re:

[chill]

Had the Confederacy won, it would have been a revolution. Since they lost, it was treason. Armed rebellion against their government. Again, simply stating "we quit" doesn't mean they get to absolve themselves of the law.

As for "States Right", that's rich. One of the main drivers of the conflict was the insistence of maintaining a "balance" of Slave vs Free States in the Nation. The Slave States insisted new territories needed to be admitted in pairs -- one Free and one Slave, whether they wanted to be Slave

Re:

[Train0987]

Nobody was tried for treason after the war because they wouldn't have been convicted.

Re:

[chill]

They were pardoned by President Jackson on Christmas Day in 1868. The focus was on healing after one of the bloodiest conflicts in history, and having to come together again as a single nation.

Your proclamation that no one would have been convicted isn't sustainable. The District Court at the time deadlocked over dismissing the Treason charges on Jefferson Davis. He was still charged until the pardon -- and his full civil rights not restored until 1978. Robert E. Lee's rights not restored until 1976. Newspa

Re:

[Jhon]

"If the state's had known that they could never leave the union they never would've joined it in the first place."

Not really. About the only way out would be "revolution", or the case with the south, civil war. And guess what? They lost.

You want constitutional grounds against secession? How about the necessary and proper clause? Linked with the founding under the Articles of the Confederation ("perpetual union" anyone?) should make it clear that nobody leaves without the OK of the majority of states.

A

Re:

[Jhon]

"Had the Confederacy won, it would have been a revolution. Since they lost, it was treason. Armed rebellion against their government."

Great line from 1776 (the musical): "A rebellion is always legal in the first person, such as “our rebellion.” It is only in the third person – “their rebellion” – that it becomes illegal." -- Franklin

Not a REAL Franklin quote -- but by God the author captured the essence of so many of our founders.

Re:

[fredrated]

There were no laws against slavery when the South attacked the United States. States rights had not been violated so it was nothing but treason.
Personally I wish the South had won so the rest of America would be shut of them.

Re:

[rgmoore]

Treason has a very specific definition in the constitution and this isn't it.

Read that definition again:

Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort.

The Southern states decided to levy war against the United States government in order to protect their ability to keep slaves. If that doesn't constitute treason in defense of slavery, then words have no meaning.

Re:

[rgmoore]

This isn't quite true. Congress is allowed to overrule state laws when it feels it is necessary, but it isn't required to. Rules governing the internet are a classic example of a federal interest- the internet is inherently designed for interstate and international commerce, which are federal concerns- so Congress would be well within its rights and even responsibilities to act here.

An unrelated example of this is related to building codes. In general, building codes are set at the state and local leve

Re:

[jellomizer]

But states can normally append to the law. Federal Speed Limit on roads my be 70mph, however states can say roads can only be 65mph or 55mph max for the sate. The state may not be able to make it 80mph, but they can make it lower.

Also there is a degree of constitutional latitude that State have in what they can regulate and what the federal government can regulate. Often the federal government will tie money given to the states if they follow particular conditions.

Re:

[flink]

My understanding is that the federal speed limit isn't a regulation or law, because most interstate highways are owned and maintained by the states, so congress doesn't have authority to regulate it. It's just that federal highway funds are tied to states cooperating, so they mostly go along. Same thing goes for the drinking age - I believe there is also a bunch of federal funding tied to 21 as the drinking ages, so states have all mostly fallen in line.

Preemption doctrine, supremacy clause

[raymorris]

You're absolutely right that California is often the first to try new laws. They can certainly do that, try out new laws. Then other states can see which ones worked well and which ones didn't.

*On subjects the Constitution delegates to the federal government*, federal laws can supersede state law.

So for example consider when in 1964, after the passage of the Civil Rights Act, Democrats in Alabama tried to keep discriminatory laws on the books and even pass more laws targeting "negroes". These were state laws which were at odds with the Civil Rights Act. The state laws were invalid because federal law preempts.

The Constitution (Article VI, Clause 2) says federal law is "the supreme law of the land". That's the source of the pre-emption doctrine. The feds can say WiFi routers shipped in interstate and foreign commerce most be on 2.4Ghz and California cannot authorize wholesalers to import 1.2 GHz routers.

If the federal government does NOT make a law, each state can.

When speaking of federal vs state powers, it is important to keep in mind that the Constitution lists 18 things that the federal government can do, and says TWICE that all other powers are reserved to the states and the people. (See the 10th amendment). So the federal law preempts if there is a valid federal law, but federal laws are only valid for those 18 things, so states retain significant power under the Constitution.

An interesting pattern occurs when it's not clear if the federal law and the state law conflict. The Civil Rights Act of 1964 prohibits certain discrimination on the basis of race, color, religion, sex, or national origin. It doesn't say anything about sexual preference. Can a state bar discrimination based on " race, color, religion, sex, national origin, OR SEXUAL PREFERENCE"? Yes, a state can pass a new law about sexual preference. The 1964 law doesn't say "only these classes are protected, no other classes are".

If federal law says you can't have sell a widget louder than 110db, can a state forbid ones louder than 105db? It depends. Yes, the state can if the federal law only forbids louder than 110 and says nothing else. It can't of the federal law either explicitly allows up to 110 or if the federal law says "this law preempts state law on widget volume".

To avoid confusion and law suits, each federal law should clearly indicate whether it preempts state law, and if so, the extent of state law it preemepts.

So a federal privacy law could, based on the supremacy clause, preempt the California privacy law. California could then say "yep, we're following the federal law. Also, we've passed this other law about data privacy topics that the federal law doesn't mention". For that reason the federal law should have a well-written preemption section to make it clear which types of additional law states can and can't can't add in general area of data privacy.

Re: I'm confused..

[triffid_98]

CA law also criminalized plasma TVs and gas powered lawn equipment that lasts more than 2 years

Re: I'm confused..

[drinkypoo]

Lol

Gas powered lawn equipment has to have a spark arresting muffler. It is only expected to last two years OF CONSTANT USE. You are required to keep the spark arrestor in good condition, for reasons which should be obvious. You are not obligated to replace it on a schedule.

I bought a Poulan Pro string trimmer from a local hardware store after it had been used for a year or so as a rental. I've had it for years now and it literally runs as well as a new unit, probably because i have been lavish with the two stroke oil.

Maybe you should buy better equipment.

Re:

[dryeo]

Too much 2 cycle oil will clog the spark arrester. Just had it happen to my Stihl weedeater. Easy to fix, take out the spark arrester, take a propane torch to it and burn it off, put it back. Repeat in about 5 years. Replacing the screen is cheap and simple as well.

Re:

[drinkypoo]

I don't get ridiculous with it, but I do err on the generous side.

Sorry, environment. I love you, but I don't love rebuilding engines.

I don't use it professionally in any case, despite my name. It's just cheaper than renting. If I were a pro I'd have a Honda four stroke. I've rented them and they are the Cadillacs of string trimmers. But buying this used unit was cheaper than renting a unit like that once. I had to replace the fuel lines package, and the inner air box/choke, both of which were cheap AF. I h

Re:

[dryeo]

Yea, good to be a bit generous with the 2 cycle, also important to use quality oil. I use Castrol. Neighbour has a Honda 4 stroke, it eats clutches. Probably fine for light use but not heavy cutting. I get lazy and have about an hour of weedeating around the property, leave it for a few weeks and the grass and Salmon berries are knee high.

Re:

[drinkypoo]

Neighbour has a Honda 4 stroke, it eats clutches.

That's a shame, my rinky dink Poulan has a clutch and it's held up, although I don't abuse the poor dear so maybe that's part of it. I think a lot of such "problems" can be traced back to poor throttle finger discipline. But Honda's not infallible, either.

Re:

[laughingcoyote]

The Internet would be almost inherently an "interstate commerce" issue, since data can pretty much never be guaranteed to stay within state lines. On such issues, Congress has the explicit authority to overrule state regulation.

That is not true on issues strictly internal to a state, but it would be vanishingly rare that a state could argue that an Internet-related issue is entirely internal to its own borders.

Re:

[suutar]

Oh, it's totally true on issues strictly internal to a state. Wickard vs Filburn [wikipedia.org] pretty much means anything can be regulated, because everything indirectly affects interstate commerce. The main exception so far has been with guns, because they have their own amendment (US vs Lopez, US vs Morrison). But it's still used to allow the feds to declare growing your own medicinal marijuana to be illegal, regardless of state law.

Shocking

[Stan92057]

The industry says they want laws so they got some and now are crying about them, Shocking. And they will sue saying their unconstitutional and take years to get settled. That's what they really wanted.SSDD

Impact of such Laws

[EmilyLewis]

These laws majorly impact small business because such rules & regulations add extra burden and expenses on small firms. Big tech companies make profit out of such laws because it limits their tech competition.

Re:

[skegg]

You're not wrong. But there's a simple solution:

1. All rules in Section 1 (fairly weak rules) apply to all corporations etc from 1st January 2021.

2. Corporations with revenues exceeding a billion dollars etc are subject to the rules listed in Section 2 (stronger rules)

I'm going to make myself unpopular here...

[Viol8]

... but anyone with a working braincell knows that the deal with getting all the free online shiny shiny is they use your data. If they couldn't you'd have to pay for all of it. Now I'm quite happy with that for some things , others such as Facebook I'm not, so I don't use it. I don't really see what the problem is - you're adults, make informed choices. I will make exceptions for kids though, they need data protection laws *because* they're not mature enough to understand the long term issues with privacy. Adults have no such excuse.

Re:I'm going to make myself unpopular here...

[Train0987]

You don't have to use Facebook for them to have a profile of you and vacuum up every bit of personal info on you they can.

Re:

[Viol8]

Unless they've done a deal with google that information could be written on the back of a postage stamp since I don't have a public online presence that isn't anonymised.

Re:

[Train0987]

Are you a contact in someone else's address book somewhere? Facebook has all of their data too. Have you ever corresponded with someone that has a Gmail email address? Google has a shit-ton of info on you from that, all of it if you were using your "anonymizing" tactics while doing it. Ever bought anything from Amazon? ...and that's just from your own activity. Do you have a cable TV or internet connection? Your account details have undoubtedly been sold to all the players. Do you have electricity? S

Re:

[sinij]

Exactly. Even if we set aside how insidiously entrenched social media is into our everyday life, these SV firms do not stop collecting data about you. For example, you signed up for gmail with understanding that they will read all your email to serve you ads. Why do you think it is also acceptable for Google to derive accurate socioeconomic profile and sell it to third parties inquiring specifically about you?

That is, there are degrees of privacy. You might not mind Google knowing you work in IT. You migh

Re:

[dryeo]

My understanding is that Google doesn't sell your data, just advertising based on your profile to target people like you. It's Facebook that sells your data.

Re:

[skegg]

I don't have a public online presence that isn't anonymised.

I'm sure you've successfully kept your actual self off the public web. Consider yourself lucky.

Do you want any protections for your PRIVATE information collected by companies you deal with? Which is being traded, lost, stolen, bought, leaked on an all-too-regular basis?

Re:

[Viol8]

If its on social media its not private is it. Private information is stored on private servers, end of. I don't even consider gmail private.

Re:

[An0nYm0u5c0wArD]

Nope. Not at all. The TV stations never had the means to know who was watching their over-the-air broadcasts for decades, yet they still made money via advertisements.

The only thing a reasonable person "knows" they are giving for the free stuff is their eyes on advertisements. There is no need for them to collect all sorts of sensitive data.

Re: I'm going to make myself unpopular here...

[dsgrntlxmply]

Advertisers did have the means, through Nielsen. Nielsen identified households that represented various demographic categories. They asked to do a home visit to make a small modification to the TV and attach one of their telemetry boxes that took note off what the TV was tuned to, and sent that data to Nielsen periodically. The viewer got the benefit of being made to feel slightly influential, and of Nielsen fixing or replacing the TV if it failed. Source: family experience. A few months ago I disposed

Re:

[jenningsthecat]

I don't really see what the problem is - you're adults, make informed choices.

The problem is that using the Web is effectively a requirement for just about everyone in our society today - yet the only "informed choice" that guarantees any reasonable degree of privacy is to totally abstain from using the Web. That's just not right, and it's why regulators need to get medieval on the asses of Silly Valley companies. I'm glad that California is going to bat for the average Joe and Jane, and I heartily wish that other jurisdictions the world over would follow suit.

Privacy absuses by tech

[sinij]

In contradiction to popular SV narrative that they are changing the world for better, social media tech giants are highly detrimental to society. Erosion of privacy and surveillance capitalism leads to unprecedented collection of information on individual, Hoover's secret dossiers pale in comparison to what Zuck has on every US citizen.

Regulation and compliance, the worst kind that requires whole departments of lawyers to deal with, is what these companies deserve and should get. The more obnoxious the regulation, the better. It should be punitive to discourage the next bunch from going apeshit on society and norms.

Um ....

[triffid_98]

I'm quite terrified whenever politicians pass technology laws but anything that helps disable the ring surveillance network is okay by me.

Good!

[Berkyjay]

That's a step in the right direction.

Wouldn't it be Nice...

[X!0mbarg]

If the Federal Privacy Laws were just as stringent as the CCPA?

Having the effort backfire against the big lobby would be so fitting in todays' day and age that it could cripple their efforts to circumvent the right of the people, and provide sweeping reform to the oppressive corporate over-reach.

Yes, I know I'm just dreaming.

That is, however, something that could quite possibly happen, if the right people were to truly get involved.

I wonder what the big lobby would do it it backfired on them?
The old "Be Car

Re:

[suutar]

and they would still get the benefit of uniformity :)

Some day...

[Impy the Impiuos Imp]

Just the other day one of the clownlike Calirfornia officials was bragging how economically powerful they were because of all this interference and regulation.

How long are the muscles that keep this obese, sclerotic heart going, that chugs a regular and regulatory diet of artery-clogging pizzas and cheeseburgers, going to keep functioning before they move to another state?

How long until the business community, all too frequently agreeing with those power, in attempts to get them to back off, finally sees th

Watch what they do, not what they say

[hdyoung]

I've posted this before. People need to watch what these companies DO, not what they SAY. The tech companies are making lots of noise about being responsible corporate citizens and caring about users and the larger society. The truth is that they're driven by profit. PROFIT. NOTHING ELSE. That's what they do. That's why they exist. Their customers are other companies that buy ads and companies that buy data from them. Those are the entities that matter. The users are basically cattle, and have the rights of

Bald-faced hypocrisy

[jenningsthecat]

FTS:

...consumers aren't clever enough to "understand rules that may change depending upon the state in which they reside."

But apparently they ARE clever enough to both unearth and understand the convoluted Terms Of Service of the websites they visit and the Internet services they use. Silly Valley fucktard CEO's - hang 'em all.

Personal data should never be allowed to be sold

[zkiwi34]

Companies that do that sort of evil should have their owners and executive staff impaled as a discouragement.

Good.

[HuguesT]

I hope they are.