'Ignorance is Not an Excuse': California Draft Rules on Data Privacy Released (sfchronicle.com) 56
California Attorney General Xavier Becerra released a series of draft regulations this week aimed at getting businesses to comply with the state's landmark data privacy law, scheduled to take effect Jan. 1. From a report: Under the California Consumer Privacy Act, signed into law in June 2018, businesses must disclose to consumers the various kinds of data they collect about them. Companies must stop selling consumer data to third parties if customers ask them to, delete personal data on request, and explicitly seek consent from consumers aged 16 or younger to sell personal information. The bill also states that consumers who exercise their rights under the law cannot be discriminated against. The newly announced rules for businesses require notifying people before or when their data is collected. If notice is not given, data cannot be collected. The attorney general also provided guidelines for how to respond to consumers wanting to opt out, delete and know the data that's collected on them, as well as how to verify the identity of people making such requests and how to maintain relevant records for two years. "Help us get this right," Becerra said. Privacy is a right in California, he said, even as he acknowledged that some businesses may struggle to find the resources to comply. But, he added, "We want companies to understand that ignorance is not an excuse."
Re: (Score:1)
Bullshit! As somebody from the EU... (Score:2)
1. around here, an "I agree" is NOT a contract, so your analogy is already false. The company has to sue, and has the burden of proof. Which is usually not really given, due to things like infected PCs multiple users (including children), etc.
2. The GPDR information signs (like on every door of all businesses, including subway trains, that use your information, e.g. with cameras) MUST state in clear and simple terms, what data is used and how it is used. By law. I can see this multiple times a day. It real
Good law (Score:3, Insightful)
Re: (Score:1)
Are you being facetious?
Plastic straw bans.
Women required on corporate boards.
Have to be 21 or older before you can buy a gun.
Cows can't fart.
Re: (Score:1)
My personal favorite was the GU24 light bulb socket. Which was supposed to be more environmentally friendly by encouraging everyone to throw out their perfectly fine lamps.
Re: (Score:2)
I looked it up. Lord I'm glad I've never run into these. Note that in 2017 the GU24 fell off of some recommended list, so kudos to the correction.
Re: (Score:2)
California also has a long history of being the first to adopt unhelpful laws.
One example:
SB 1383: Controlling Cow Flatulence. Not making this up.
Yes, yes you are. Or "lying", in the vernacular.
SB-1383 Short-lived climate pollutants: methane emissions: dairy and livestock: organic waste: landfills.
Incredibly easy to look up, so I'll leave that as an exercise for the challenged.
There is one HUGE section in the bill that is prescriptive. I may run out of characters, but here it is in its entirety:
(i) Conduct or consider livestock and dairy operation research on dairy methane emissions reduction projects, including, but not limited to, scrape manure management systems, solids separation systems, and enteric fermentation.
What is blue-skied by other people is tangential to the contents of the bill.
Re: (Score:2)
But WTF is this about "must stop selling your data if requested"? No, you ask permission to sell my data and I tell you "no", and you can't use that as an excuse not to provide the service.
GDPR has this right. You ask permission for everything, and it must be freely given (i.e. not give it to us or no service for you).
Re: (Score:2)
You missed the important bit, you can take permission back and they can not discriminate against you for doing so.
Re: (Score:1)
Re: (Score:1)
I'm pleased that someone in government has made the effort to address this serious problem but California lawmakers have a long history of making laws packed with unintended consequences because they didn't ask experts, study related problems, or learn from the history of laws with unintended consequences. It's never about making a good law with these lawyers. It's always about making money. [citation] I've lived here my whole life. Seen too many laws with unintended consequences.
There are four major crime families that have run California and it's government for at least the past eighty years, Newsom, Brown, Pelosi, and Feinstein.
https://youtu.be/CLkF6zLxg_U [youtu.be]
It's only political corruption that prevents the FBI & DoJ from RICO-ing the shit out of all of them and tossing them into prison where they belong.
Strat
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
"WARNING: This cookie is known to contain carcinogens in the state of California"
Re: (Score:2)
California has a long history of being the first to adopt helpful laws.
Absolutely. And, as many others point out, unhelpful laws. So, it's the nature of the beast, or what's that law? 90% of everything is crap. Sturgeon's?
Anyways, I came to enjoy this thread because your statement is like red meat to asshats.
Stop tracking me! Hey, where are my special deals? (Score:2)
Re:Stop tracking me! Hey, where are my special dea (Score:5, Insightful)
You are clearly bending backwards to find the worst possible interpretation.
More reasonably, if told to forget about someone, they forget. They may not retain a blacklist to treat them any differently than any new customer later. If a customer says no sales of their information to 3rd parties, they must not treat them any differently than any comparable existing customer that permits their data to be sold.
How hard was that to figure out?
Re: (Score:2)
You're repeating what he said. If you want to not have, e.g. Facebook, store any personal data on you but you want to use their services for free you are trying to have your cake and eat it too.
The easiest way to give a huge Fuck You to CA is to implement to the letter of the law in as byzantine and detailed a way as possible using automation. Once a customer decides they are super concerned with privacy (after having posted their entire fucking lives on Facebook anyway already) then bombard them with const
Re: (Score:2)
Good way of putting it. The only reason we have FB and others is that the treasure trove of user information can be monetized to advertisers and thus FB can function without charging people.
Of course FB also treats your information as theirs while making it look like it's still your info. They kind of deserve the backlash.
Re: (Score:2)
The easiest way to give a huge Fuck You to CA is to implement to the letter of the law in as byzantine and detailed a way as possible using automation. Once a customer decides they are super concerned with privacy (after having posted their entire fucking lives on Facebook anyway already) then bombard them with constant permission requests and every minute detail of every little piece of data they generate. You've enabled "super private don't use my data" mode? OK, you'll get an email every time someone mentions you and your name is stored or referenced. An email every time you login. A reconfirmation of your wishes every time something happens on your account. Etc... Have fun.
That would be instructive in showing just how pervasive and creepy these services really are. If that does not make people flee in droves nothing will.
Re: (Score:2)
That is already against the law since that would be a penalty and would be treating the person differently from someone who has not requested no giving the data to 3rd parties. The rules being drafted now are meant to flesh that out.
Re: (Score:2)
Re: (Score:2)
Read it again, but instead of trying to figure out how it can be wrong, try to figure out how it might be correct, it'll make a lot more sense to you that way.
Re: (Score:1)
You are clearly bending backwards to find the worst possible interpretation.
More reasonably, if told to forget about someone, they forget. They may not retain a blacklist to treat them any differently than any new customer later
He isn't bending as far as you might think. Those two rules are what cause my last business to close.
The only data we stored was if someone wanted an account, email address and password.
There was this one asshole who requested his account to be deleted, which we did.
He then signed up again and two weeks later his attorney notified us they are filing in small claims court.
Showing the multiple signups we weren't fined but told to again delete his information, and again we did.
He then signed right back up the
Re: (Score:3)
Considering that the law in Ca. only went into effect last year, and that it only applies:
Not all California companies need to comply with data privacy law. Businesses will be subject to the law if they have annual revenue of more than $25 million; collect personal information of 50,000 or more consumers; or get at least half of their annual revenue from the collection of consumers’ data. Businesses handling personal information of more than 4 million consumers face additional requirements.
I can only assume that this was a different law somewhere else that you didn't choose to identify.
Re: (Score:2)
I dunno. Looked up the Judge, and if it's Judge Judith Craddick, then she's on the Superior Court of Contra Costa County in California. So I think this guy's either making this up, or there's another Judge Craddick, but she's the only one I can find.
Re: (Score:1)
So, let's see, to verify that a company "forgets" about me...
Step one: I guess I'll need a warrant, and will have to seize all their computers and backups, laptops and phones... We will also need ISP logs, travel records...
That's one small step for man... One giant leap of faith for this to work.
Re: (Score:2)
Re: (Score:2)
There's a wide chasm of difference between claiming that pointy-headed morons will act like pointy-headed morons and claiming that there will be a legal punishment associated with treating someone you've been ordered to forget as if you don't know them.
Re: (Score:2)
Re: (Score:2)
Re:Stop tracking me! Hey, where are my special dea (Score:5, Funny)
GDPR is actually a very useful tool for dealing with companies that do "new customer only" deals. Just force them to delete all your data and then sign up as a new customer. They are screwed because either they delete it and don't know you are a former customer, or they don't delete it can get hit with a GDPR complaint to the regulator.
Re: (Score:2)
You should read the exemptions:
https://www.clarip.com/data-privacy/ccpa-erasure-exemptions/
There are plenty of reasons to maintain some portion of your data even if you request to be forgotten. Some of these are required by other laws.
Re: (Score:2)
Sure, and it's fine as long as there is a genuine need and they can only use the data for that specific need, nothing else. The goal isn't to stop businesses doing business, it's to stop them abusing the data.
Re: (Score:2)
More reasonably, if told to forget about someone, they forget. They may not retain a blacklist to treat them any differently than any new customer later.
I'm not reading up on this because I've done enough of that today, but I sure hope you're still allowed to maintain a list of abusive customers. Otherwise they're interfering with my right to remember.
Re: (Score:2)
Agreed. I'll be that's going to have to be hashed out in court.
tell the IRS and the DMV and the DOJ (Score:2)
Then you'll begin to understand why this isn't so smart
Re: (Score:3)
Tell California's tax collector, their prison warden, and their regulators to start deleting their data every time someone asks.
GDPR, the EU data privacy regulation, has this sorted up pretty well.
There are different reasons for keeping personal data - user consent, legal requirement, providing a service etc.
The citizen / customer cannot "withdraw" from a legal requirement (eg police or IRS processing their data).
She can withdraw consent at any time, however.
Thus the first task of any EU entity processing personal data is to ask itself "what is the basis of this processing?"
This determines everything else.
I am not happy with GDPR fo
You mean just like the EU already does? (Score:2)
Yup. Our tax collector *must* inform you when and how data is used, and *must* delete it unless required by law. (See? This makes it work.)
And so does a prison warden. (A society is measured by how it treats its prisoners.)
Even our subway trains have such an information sign posted on their doors.
Maybe you're just not a smart man. ;)
Won't someone think of the adults? (Score:3)
explicitly seek consent from consumers aged 16 or younger
There should be no age restriction on this.
Re: (Score:2)
IANAL, but contract law. Under 18 cannot 'consent'.
Re: (Score:2)
I think he means that they should explicitly seek consent from EVERYONE, not just those under 16
Re: (Score:2)
As for the age at which one can consent to a contract, they can't legally consent as they are under age which makes that entire line useless.
What? Opt *OUT*? That is not a privacy law! (Score:2)
That's a joke!
ALL uses of private data *must* be preceded by a *written* consent on a document that is short and trivially easy to understand!
Or fuck off and die.
If we had a death sentence for advertisers and data kraken, nobody would even bat an eye.
Long term economic impact? (Score:1)