Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy United States News

'Ignorance is Not an Excuse': California Draft Rules on Data Privacy Released (sfchronicle.com) 56

California Attorney General Xavier Becerra released a series of draft regulations this week aimed at getting businesses to comply with the state's landmark data privacy law, scheduled to take effect Jan. 1. From a report: Under the California Consumer Privacy Act, signed into law in June 2018, businesses must disclose to consumers the various kinds of data they collect about them. Companies must stop selling consumer data to third parties if customers ask them to, delete personal data on request, and explicitly seek consent from consumers aged 16 or younger to sell personal information. The bill also states that consumers who exercise their rights under the law cannot be discriminated against. The newly announced rules for businesses require notifying people before or when their data is collected. If notice is not given, data cannot be collected. The attorney general also provided guidelines for how to respond to consumers wanting to opt out, delete and know the data that's collected on them, as well as how to verify the identity of people making such requests and how to maintain relevant records for two years. "Help us get this right," Becerra said. Privacy is a right in California, he said, even as he acknowledged that some businesses may struggle to find the resources to comply. But, he added, "We want companies to understand that ignorance is not an excuse."
This discussion has been archived. No new comments can be posted.

'Ignorance is Not an Excuse': California Draft Rules on Data Privacy Released

Comments Filter:
  • Good law (Score:3, Insightful)

    by Futurepower(R) ( 558542 ) on Friday October 11, 2019 @03:40PM (#59297492) Homepage
    California has a long history of being the first to adopt helpful laws.
    • by Anonymous Coward

      Are you being facetious?

      Plastic straw bans.
      Women required on corporate boards.
      Have to be 21 or older before you can buy a gun.
      Cows can't fart.

    • by AmiMoJo ( 196126 )

      But WTF is this about "must stop selling your data if requested"? No, you ask permission to sell my data and I tell you "no", and you can't use that as an excuse not to provide the service.

      GDPR has this right. You ask permission for everything, and it must be freely given (i.e. not give it to us or no service for you).

      • by rtb61 ( 674572 )

        You missed the important bit, you can take permission back and they can not discriminate against you for doing so.

    • I'm pleased that someone in government has made the effort to address this serious problem but California lawmakers have a long history of making laws packed with unintended consequences because they didn't ask experts, study related problems, or learn from the history of laws with unintended consequences. It's never about making a good law with these lawyers. It's always about making money. [citation] I've lived here my whole life. Seen too many laws with unintended consequences.
      • I'm pleased that someone in government has made the effort to address this serious problem but California lawmakers have a long history of making laws packed with unintended consequences because they didn't ask experts, study related problems, or learn from the history of laws with unintended consequences. It's never about making a good law with these lawyers. It's always about making money. [citation] I've lived here my whole life. Seen too many laws with unintended consequences.

        There are four major crime families that have run California and it's government for at least the past eighty years, Newsom, Brown, Pelosi, and Feinstein.

        https://youtu.be/CLkF6zLxg_U [youtu.be]

        It's only political corruption that prevents the FBI & DoJ from RICO-ing the shit out of all of them and tossing them into prison where they belong.

        Strat

    • by jwymanm ( 627857 )
      You really want those cookie disclaimers all over our web badly, don't you? You now need a fucking team of lawyers to throw up a website because nginx collects logs. We are losing our freedoms left and right because a bunch of people want to lock down damn near everything and anything that can hurt you or your feelings. The internet, as we know it, is going down in flames because of this crap.
    • California has a long history of being the first to adopt helpful laws.

      Absolutely. And, as many others point out, unhelpful laws. So, it's the nature of the beast, or what's that law? 90% of everything is crap. Sturgeon's?

      Anyways, I came to enjoy this thread because your statement is like red meat to asshats.

  • So they want to give people the ability to have a business delete everything they know about somebody, but to also punish that business for not treating those newly anonymous people any differently than the people they know more about and can interact with in a more tailored way. Always make sure that your subjects can be found to be criminally at fault in some way at all times so they'll thank you when you choose not to punish them just now.
    • by sjames ( 1099 ) on Friday October 11, 2019 @04:02PM (#59297570) Homepage Journal

      You are clearly bending backwards to find the worst possible interpretation.

      More reasonably, if told to forget about someone, they forget. They may not retain a blacklist to treat them any differently than any new customer later. If a customer says no sales of their information to 3rd parties, they must not treat them any differently than any comparable existing customer that permits their data to be sold.

      How hard was that to figure out?

      • You're repeating what he said. If you want to not have, e.g. Facebook, store any personal data on you but you want to use their services for free you are trying to have your cake and eat it too.

        The easiest way to give a huge Fuck You to CA is to implement to the letter of the law in as byzantine and detailed a way as possible using automation. Once a customer decides they are super concerned with privacy (after having posted their entire fucking lives on Facebook anyway already) then bombard them with const

        • Good way of putting it. The only reason we have FB and others is that the treasure trove of user information can be monetized to advertisers and thus FB can function without charging people.

          Of course FB also treats your information as theirs while making it look like it's still your info. They kind of deserve the backlash.

        • The easiest way to give a huge Fuck You to CA is to implement to the letter of the law in as byzantine and detailed a way as possible using automation. Once a customer decides they are super concerned with privacy (after having posted their entire fucking lives on Facebook anyway already) then bombard them with constant permission requests and every minute detail of every little piece of data they generate. You've enabled "super private don't use my data" mode? OK, you'll get an email every time someone mentions you and your name is stored or referenced. An email every time you login. A reconfirmation of your wishes every time something happens on your account. Etc... Have fun.

          That would be instructive in showing just how pervasive and creepy these services really are. If that does not make people flee in droves nothing will.

        • by sjames ( 1099 )

          That is already against the law since that would be a penalty and would be treating the person differently from someone who has not requested no giving the data to 3rd parties. The rules being drafted now are meant to flesh that out.

          • Umm.. by the nature of the law they will by definition treat them differently. Sounds like you think it's a bizarre kafkatrap.
            • by sjames ( 1099 )

              Read it again, but instead of trying to figure out how it can be wrong, try to figure out how it might be correct, it'll make a lot more sense to you that way.

      • by Anonymous Coward

        You are clearly bending backwards to find the worst possible interpretation.

        More reasonably, if told to forget about someone, they forget. They may not retain a blacklist to treat them any differently than any new customer later

        He isn't bending as far as you might think. Those two rules are what cause my last business to close.

        The only data we stored was if someone wanted an account, email address and password.
        There was this one asshole who requested his account to be deleted, which we did.
        He then signed up again and two weeks later his attorney notified us they are filing in small claims court.

        Showing the multiple signups we weren't fined but told to again delete his information, and again we did.

        He then signed right back up the

        • by sjames ( 1099 )

          Considering that the law in Ca. only went into effect last year, and that it only applies:

          Not all California companies need to comply with data privacy law. Businesses will be subject to the law if they have annual revenue of more than $25 million; collect personal information of 50,000 or more consumers; or get at least half of their annual revenue from the collection of consumers’ data. Businesses handling personal information of more than 4 million consumers face additional requirements.

          I can only assume that this was a different law somewhere else that you didn't choose to identify.

          • by Pikoro ( 844299 )

            I dunno. Looked up the Judge, and if it's Judge Judith Craddick, then she's on the Superior Court of Contra Costa County in California. So I think this guy's either making this up, or there's another Judge Craddick, but she's the only one I can find.

      • So, let's see, to verify that a company "forgets" about me...

        Step one: I guess I'll need a warrant, and will have to seize all their computers and backups, laptops and phones... We will also need ISP logs, travel records...

        That's one small step for man... One giant leap of faith for this to work.

      • I've worked with retailers (and their customers, in one way or another) for decades. I didn't have to bend over backwards, it was the very first thing that came to mind. People light up customer service departments with irrational complaints all day long. Can't tell you how many times I've seen demands to be removed from mailing lists follow - within days - by complaints about how they're mad that their friends or family or such found out about a sale or a special coupon code and they didn't. Stuff like th
        • by sjames ( 1099 )

          There's a wide chasm of difference between claiming that pointy-headed morons will act like pointy-headed morons and claiming that there will be a legal punishment associated with treating someone you've been ordered to forget as if you don't know them.

          • The point is that the Perpetual Grievance Class, whenever handed yet another cudgel, will use it with gleeful abandon when places like California set up bureaucratic machinery that will be forced to hear and somehow act on every complaint, however irrational.
            • by jwymanm ( 627857 )
              Thank you! This is going to be basically making it so only large corporations, already a hated target by the left, are the only damn companies that can exist anymore because they have the lawyers and the department sizes to handle this bullshit. I just can't believe how many people want damn near everything in this world to be illegal.
      • by AmiMoJo ( 196126 ) on Friday October 11, 2019 @04:36PM (#59297676) Homepage Journal

        GDPR is actually a very useful tool for dealing with companies that do "new customer only" deals. Just force them to delete all your data and then sign up as a new customer. They are screwed because either they delete it and don't know you are a former customer, or they don't delete it can get hit with a GDPR complaint to the regulator.

        • You should read the exemptions:
          https://www.clarip.com/data-privacy/ccpa-erasure-exemptions/

          There are plenty of reasons to maintain some portion of your data even if you request to be forgotten. Some of these are required by other laws.

          • by AmiMoJo ( 196126 )

            Sure, and it's fine as long as there is a genuine need and they can only use the data for that specific need, nothing else. The goal isn't to stop businesses doing business, it's to stop them abusing the data.

      • More reasonably, if told to forget about someone, they forget. They may not retain a blacklist to treat them any differently than any new customer later.

        I'm not reading up on this because I've done enough of that today, but I sure hope you're still allowed to maintain a list of abusive customers. Otherwise they're interfering with my right to remember.

  • Tell California's tax collector, their prison warden, and their regulators to start deleting their data every time someone asks.

    Then you'll begin to understand why this isn't so smart
    • by kaur ( 1948056 )

      Tell California's tax collector, their prison warden, and their regulators to start deleting their data every time someone asks.

      GDPR, the EU data privacy regulation, has this sorted up pretty well.
      There are different reasons for keeping personal data - user consent, legal requirement, providing a service etc.
      The citizen / customer cannot "withdraw" from a legal requirement (eg police or IRS processing their data).
      She can withdraw consent at any time, however.

      Thus the first task of any EU entity processing personal data is to ask itself "what is the basis of this processing?"
      This determines everything else.

      I am not happy with GDPR fo

    • Yup. Our tax collector *must* inform you when and how data is used, and *must* delete it unless required by law. (See? This makes it work.)
      And so does a prison warden. (A society is measured by how it treats its prisoners.)
      Even our subway trains have such an information sign posted on their doors.

      Maybe you're just not a smart man. ;)

  • by Fly Swatter ( 30498 ) on Friday October 11, 2019 @04:22PM (#59297634) Homepage

    explicitly seek consent from consumers aged 16 or younger

    There should be no age restriction on this.

    • by PPH ( 736903 )

      IANAL, but contract law. Under 18 cannot 'consent'.

      • I think he means that they should explicitly seek consent from EVERYONE, not just those under 16

        • Correct.

          As for the age at which one can consent to a contract, they can't legally consent as they are under age which makes that entire line useless.
  • That's a joke!
    ALL uses of private data *must* be preceded by a *written* consent on a document that is short and trivially easy to understand!
    Or fuck off and die.

    If we had a death sentence for advertisers and data kraken, nobody would even bat an eye.

  • If a company has to decide between changing its entire business model vs leaving a state, my guess is they'll just leave the state.

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Working...