America edges closer to a federal data privacy law, not that anyone can agree on it American lawmakers held a hearing on Tuesday to discuss a proposed federal information privacy bill that many want yet few believe will be approved in its current form. The hearing, dubbed "Protecting America's Consumers: Bipartisan Legislation to Strengthen Data Privacy and Security," was overseen by the House Subcommittee on …
I think that we are seeing the General Data Protection Regulation starting to work in Europe so it would be very nice to see it enhanced and have a vast effect on the current data theft world. I expect that it would create a very different Internet environment and generate a vast amount of corporate complaints ... but if companies are going to fight it then it tells you what they are doing every time you visit their websites and never click on data acceptance.
This is currently documented on Bruce Schneier's cryptogram website - https://www.schneier.com/crypto-gram/
....about all the potential (and actual) invasions of privacy which are completely beyond the reach of a "privacy law". I'll be really impressed if law makers can fix the problems described below!
So.....examples:
1. The sale of hacked data (e.g. the Equifax hack)
2. Invasions of privacy by unscrupulous organizations (e.g. ClearViewAI)
3. Invasions of privacy by government entities( e.g. see Edward Snowden, or https://www.theguardian.com/uk-news/2018/sep/13/gchq-data-collection-violated-human-rights-strasbourg-court-rules)
....and so on......
But even more worrying is that a given private individual has ABSOLUTELY no idea about these invasions of privacy, and no idea where personal data might be stored. It's all very well to point at obvious data aggregators (Google, FB, ClearViewAI, etc)......but what about Palantir, Acxiom.....and many other less well known (or even unknown) aggregators?
Also.....given all of the above, the aggregated personal data (which I know nothing about) might be completely false!!!!
REFERENCES
Unfortunately, Scott McNealy was probably quite correct in 1999, but I will not get over it: https://www.wired.com/1999/01/sun-on-privacy-get-over-it/
Palantir: https://www.bloomberg.com/features/2018-palantir-peter-thiel/
Well, on at least one point:
1. The sale of hacked data (e.g. the Equifax hack)
...there is something lawmakers can do to address the problem, and that is: Make it more costly, and less lucrative (in both the financial sense, and otherwise) to collect and keep so much data in the first place. To the point that, hopefully, companies think twice about glomming onto every piece of information they can hoover up, and are more circumspect in their handling of what they DO collect.
If there's less data in third-party hands, and it's better protected, then there will be less opportunity for hackers to acquire it, and they'll come away with less when they do. Or, at least, here's hopin'.
We'd all better hope, because it's clear the only chance lawmakers have of fighting illicit data transactions is if they choke off the supply. To accomplish that, they have a choice: They can either try to educate the public about better protecting their own data, or force companies to curb their appetites.
It seems they've correctly concluded that the education option is a lost cause. (Plus, to your second point, it's awfully hard to protect yourself when companies are pulling shady tricks behind-the-scenes to invade your privacy. Even harder if those tricks are technically completely legal!
So, it's privacy laws all 'round.
Just as soon as they settle on something everyone can agr—ohhhh shit, we're fucked.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
