California Legislature Passes Delete Act Regulating Data Brokers (iapp.org) 18
An anonymous reader quotes a report from the International Association of Privacy Professionals: The California State Legislature passed Senate Bill 362, the Delete Act, which is designed to streamline consumers' ability to request the deletion of their personal information collected by data brokers. The bill now awaits the signature of Gov. Gavin Newsom, D-Calif., though he reportedly has given no indication whether he will sign the bill, according to CBS News. Newsom has until 14 Oct. to sign the bill. Should it become law, the Delete Act would empower the CPPA to develop a system by 2026 that allows residents to make a single data deletion request across the nearly 500 registered data brokers operating in the state. The CPPA would also be charged with enforcing provisions of the Delete Act, such as requiring data broker registration and ensuring brokers delete an individual's personal information every 45 days upon receipt of a verified request. [...]
The Delete Act was first introduced by state Sen. Josh Becker, D-Calif., who previously said the legislation patches a loophole in the California Consumer Privacy Act that allowed for consumers to request individual data brokers delete information obtained directly from them but did not require entities to delete personal information aggregated from other sources. "Data brokers spend their days and nights building dossiers with millions of people's reproductive healthcare, geolocation, and purchasing data so they can sell it to the highest bidder," Becker said after the bill originally passed in the Senate in May. "The Delete Act is based on a very simple premise: Every Californian should be able to control who has access to their personal information and what they can do with it."
The Delete Act was first introduced by state Sen. Josh Becker, D-Calif., who previously said the legislation patches a loophole in the California Consumer Privacy Act that allowed for consumers to request individual data brokers delete information obtained directly from them but did not require entities to delete personal information aggregated from other sources. "Data brokers spend their days and nights building dossiers with millions of people's reproductive healthcare, geolocation, and purchasing data so they can sell it to the highest bidder," Becker said after the bill originally passed in the Senate in May. "The Delete Act is based on a very simple premise: Every Californian should be able to control who has access to their personal information and what they can do with it."
It's about time. (Score:4, Insightful)
I'm 100% for this, as long as it works. The fact that shitty companies like Spokeo (or whoever) require you to register with them just so you can hope they delete the information they've collected on you is ridiculous. I work in a job field (healthcare) where some privacy is important because people really are batshit crazy and absolutely will stalk others. Having to try to figure out which website is selling my home address and personal contact information today shouldn't be this damn difficult, but here we are.
Re: (Score:3)
Won't fix contribution database (Score:5, Informative)
My unlucky friend contributed a few dollars to a US political candidate and ended up on the Federal Election Commission list. Their name, address, phone number, amounts, dates, and more are in the publicly accessible database. Their US mail box exploded with solicitations, and their phone number got swamped in cold calls. Appreciate their attempt to get involved in the debates of the day, but it came at a big cost. See if you're there too: https://www.fec.gov/introducti... [fec.gov]
Re:Won't fix contribution database (Score:5, Insightful)
So why don't you have GDPR style rules about every non-essential use of data being opt-in?
In Europe if a company collects your data because it is necessary to provide a service, they cannot use it for any other purpose (such as marketing or selling it) without your explicit permission. It's a simple and highly effective rule.
Dark patterns aren't allow to manufacture consent either, it has to be freely given and fully informed permission.
Re: (Score:3)
So why don't you have GDPR style rules [...]
I think the whole point here is to introduce such legislation in California. Having this on the books there is hugely important.
First of all - obviously - cause it's the tech hub.
Second, it's huge and this means that if you're a US company you simply can't ignore it the way you might if this were, say, Montana.
Third, California has always been the place where new legal concepts were first introduced and then spread out to other states and the federal level. Think of car emissions... The list is long!
Is it like the "right to be forgotten?" (Score:3)
I hope it isn't like that stupid "right to be forgotten" law where criminals can request that search engines stop indexing articles about their crimes.
Re:Is it like the "right to be forgotten?" (Score:5, Insightful)
stupid "right to be forgotten" law where criminals can request that search engines stop indexing articles about their crimes.
Only in the US is every crime they've ever committed is still relevant for additional punishment 30 years after they serve their sentence, and everyone suffers for it.
TL;DR: People like you are why we can't have nice things.
Re:Is it like the "right to be forgotten?" (Score:5, Insightful)
The problem is that a lot of the US has the Puritan mindset about crime, where someone should be punished for life, even if they never were convicted.
For example, if someone got -arrested-, their -arrest- record is broadcast far and wide to many, perhaps hundreds of databases, a lot offshore and can't be touched. This means that even if someone is found innocent and the records expunged, that data with their mug shots is still out there. A lot of employers use -arrest- (as opposed to -conviction-) data to filter people, mainly (in the words of one HR department), "A conviction can be bought off. If a cop things they are guilty enough to pull the cuffs out, they are guilty in our book."
Then come the background checks. If one works for any type of public trust job in the US, they will be under a continuous background check for the rest of their lives. Which means if they get arrested for anything, even if charges are dropped, it can result in a firing.
Of course, woe to someone who gets a felony, and felonies can be easily gotten. For example, someone putting pills in different container, or anything drug related.
Even in the Middle East, after they break fingers or chop off a hand, they let the person go live their life. The US, the criminal record is can be considered a social credit score which starts at zero, and only goes negative.
If anyone has worked in criminal justice or prison ministries, what is produced in the US are not reformed criminals which can get back being taxpayers with jobs, and back to a productive life with rehab training. What you get is a sector of people who only can do crime to earn money, and eventually just wind up incarcerated for life. This doesn't just affect the criminal, but affects their family as well, especially when a single mother has to take care of kids.
Overall, a right to be forgotten is a good thing. Some crimes, obviously, it should be a scarlet letter for life. However, other crimes, after the perp does their time and is able to be rehabilitated, they should be able to move on and not be forever chained to something they might have done 20-30 years ago.
Re: (Score:2)
Some crimes, obviously, it should be a scarlet letter for life.
It's one thing to expunge criminal records. Its another thing to tell search engines and newspapers that they have to erase news articles. Are you proposing a government agency whose job is to go into libraries and erase the microfiche, tear out pages of magazines, and erase news articles from hard drives? We should call it the "Ministry of Truth."
Re: (Score:2)
If someone has records sealed, and a newspaper shows they were convicted, that borders on libel and defamation of character, because even though someone had charges dropped, the newspapers printing that info will harm them possibly for the rest of their lives.
The newspaper's rights end where someone's privacy and right to be able to get a job begins.
Re: (Score:2)
So you are suggesting that after a certain amount of time, news articles regarding a crime should be deleted?
Data Broker vs Identity Thief (Score:3)
Both are parasites that profit off of the fact that you exist. An identity thief does this on an individual basis, and a data broker does it on a mass scale. Being a data broker is a better grift because it is legal and much more profitable.
Will it work on the government? (Score:2)
Can I request the FBI or CIA to delete data that they purchased from data brokers?
Re: (Score:3)