laws of this nature need to be enacted by U.S. Congress
That's what the U.S. Congress is for, interstate commerce and international stuff. Not state legislatures, not government bureaucrats.
After years of fighting to prevent any form of legislation that would safeguard Americans' online privacy, this week Congress will have two hearings on the topic during which the tech industry will outline its newfound love for laws covering its business. But, experts warn, there is one big goal behind the sudden willingness …
"But California customers deal with California ISPs"
California customers deal with California telecommunications services. The ISP (information service), where the data is hosted, could be anywhere in the world. California has not reached the status of a Russia or China yet. Where they can demand that their residents must store their data within their borders.
Once again, US must understand privacy is not a consumer right, it's a citizen right.
This has nothing to do with commerce, even if data or access to them are sold/bought, just like slavery was not a commercial issue, even if people were sold/bought.
Without privacy, people become sort of slaves - as their lives are not longer just their own, and a few large, powerful "data owners" can heavily influence them.
EU understood that. Let's see if Congress can look beyond a dollar note length, and understand it as well.
Do you mean the U.S. congress that asked such insightful questions of the Zuckerborg as:
"Is Twitter the same as what you do?"
"How do you sustain a business model when people don’t pay for services?"
"If I’m emailing within WhatsApp…does that inform your advertisers?"
That congress? Umm, yeah, good one.
You are right, however we know that Congress is the best congress that money can buy.
They will offer a law that weakens what California got right, and we should have something close to GDPR which these companies are dealing with because they do business with Europeans.
California was able to bully the federal government over pollution because they had a concrete example to point to: Los Angeles, where a thermal inversion zone means any pollutants produced in Los Angeles tended to stay in Los Angeles, risking them running afoul of other federal acts like the Clean Air Act. Meaning they could pit law against law and threaten to tie up the courts. It would be harder to show how ISP regulation would pit law against law in this case, as I don't think there's an existing federal law California could use here as backup.
California's carcinogenic substances bill, a.k.a. Prop 65, is little more than a lawyer subsidy and has been that way for at least twenty years. Why would a bunch of lawyers in DC want to pull the plug on that?
The easy thing to do is put a prop 65 sticker on everything and then don't worry about it. Nobody cares any more and it makes for very effective lawyer repellent.
Actually under the US system states can impose more restrictions than the ferals do. Often what CA and other states do is say you must exceed the feral requirements to sell in our state. So a comprehensive feral level law could be supplemented by even tough state laws. Perfectly legitimate if somewhat different than most countries. The US system is a collection of semi-sovereign states that are united for common good and thus the states retain a fair degree of sovereignty.
So if there is a feral level law, CA and any other state that desires can supplement the requirements with more stringent requirements. Now, to meet these requirements one might take the most stringent ones and apply them for all US users that way you do not violate any laws anywhere.
Very few industries can self-regulate, and it can happen only when all parties involved have roughly the same power, so each party has to be careful about pissing others off, so they will need to reach a "equilibrium" where everybody gets its share.
It can't happen where this balance of powers doesn't exist. And the those powers must be re-balanced by regulations.
Medical and legal professions are almost perfect examples of how self-regulation can be used to prevent competition and reduce consumer power and information availability. Cases in point: the AMA was originally created by and the AMA President's salary paid by the drug industry. For decades and even today alternative therapies that don't involve prescription drugs are actively prevented from being used by doctors or nonmedical personnel. In the 1930s and 1940s this practice extended to active legal efforts to jail advocates of competing technologies. And the Blue Cross 'non-profit' system was created by the hospitals to guarantee a steady flow of customers. It was structured from the beginning to prevent consumers from knowing, much less influencing, the costs of medical treatment.
and from systems science work I did a while back, related to neural networks and other decision systems like ecosystems, if any one entity has more than about 20% of a market, there is an effective oligopoly and the competitive system breaks down. This is closely related to the application of the inverse power law distributions that show up all over living systems.
Apart from that other CA based tech giant that happens to be called Apple that is.
Sometimes they do the right thing (or so they say) and were AFAIK behind this law.
Both Google and Facebook should file for Chapter 7 tomorrow IMHO.
They are warts on society and the sooner they become an item in the history books the better.
They could turn over a new leaf .... Nah. That really is a pipedream.
The real problem is that Apple *today* acts this way, but *tomorrow*? What if iPhone sales goes down, and there could be more money made selling users? What a board and CEO could do, under shareholder pressure?
Citizens can't depend on the "good will" of a company or a king to ensure their rights are respected, nor on what shareholders believe is more profitable.
I'm not holding out hope that a company will always be on my side. I am hoping that a company, Apple in this case, will be on my side for unrelated reasons long enough for the protection to be made law. After that, if they switch their view, we could use the same law against them. For now, they're an ally and one I'm glad to have.
Their beliefs on "states rights" which they hold dear in most cases, when they see liberal states doing something that will hurt big business such as protecting the environment or protecting privacy.
Same story in my state, when some cities and counties raised the minimum wage they passed a law invalidating those laws!
GDPR minimize the data collection from the start - and that's what they fear most. Once they gathered data, they know many users won't take the effort to check, modify or delete them - and they can make the process as difficult as they like anyway.
If they are barred to gather most data from the start because they are not in the scope of the service, if they have to ask for explicit consent for the data they gather, and have to explain why they want it, many users won't approve the data gathering.
They have to ensure the stable doors are kept open.
Not sure what you mean here.
Essentially GDPR is a requirement on what you do to offer services to a resident in the EU. There's nothing particularly unusual about legislation and regulation applying to doing business somewhere. It would be unusual if there weren't. So if a company, irrespective of where its corporate HQ is wants to do business with EU residents then GDPR is simply one of the things they have to take into account. If they don't like it they don't have to offer their services there, they can just forego a large market and see what their shareholders think about that.
"Plus what if they counter with a home law that runs directly counter to it, creating a sovereignty conflict?"
They have two choices. One is ignore that market - nobody's compelling them to do business in the EU if they want to cut themselves off from it. The other is to move HQ or at least set up a subsidiary or franchise operation to service the market. You decide to do business in some country, you follow that country's laws, whatever they are just like you've done with other laws way back.
"How will they enforce it?"
Issue fines for non-compliance. No establishment in the EU? Court order to the company's banker's branch in the EU. Finding a bank with no establishment in the EU? More difficult. Finding a bank that won't throw you, a customer, under a bus if they need to? Impossible.
How can a company sell services or goods in EU if it can't operate there? Sure, if you're a gambling or porn site users are not interested in things like invoices, but for plain businesses legal payments and related documentation are required to avoid trouble. So, their business model would not work.
Sure it can. Threaten a tit-for-tat, especially if they sell something in demand in Europe, like say iPhones. Unless the EU can categorically demonstrate it can "go it alone" and not rely on ANY US inputs, it's going to be hard-pressed to enforce an embargo without a counter-embargo. Remember, these are sovereign concerns we're talking here, and President Trump IS domestically-oriented AND tariff-happy right now.
"Threaten a tit-for-tat, especially if they sell something in demand in Europe, like say iPhones."
That'll be the Chinese made iPhones?
You're saying that a response to some US corporations finding it difficult to trade with Europe would be to forbid another another US corporation from doing the same. It doesn't sound to me like a rational response but I suppose you know your president better than I do.
Look, about the only way the GDPR can have real teeth is if the EU has the ability to "go nuclear," and basically go, "You know what? We don't need you. We'll go it alone." Without this self-sufficiency, another nation can take something they need and "hold it hostage," so to speak.
You can build a seawall to hold back the ocean tides and storms. However, one day an unexpectedly large and violent storm will cause a small breach or work around the edges. Once the water starts flowing, the breach/bypass enlarges. More breaches form. Catch it quick and you can stop a few small leaks. Once it gets to a certain point the erosion can't be stopped and the tide rolls in unhindered.
Don't underestimate the power of fifty states of annoyed citizens and non-Washington lawmakers. Marijuana is racing toward decriminalization in spite of the best oppression the War On Drugs could muster (and the best lobbying from the alcohol companies). Don't forget that these state laws were passed in direct opposition to an existing Federal ban, all but daring the Feds to interfere. At this point the federal government would be fools to enforce the national ban in states where it's been voted legal. The backlash would overwhelm them and they know it.
The move toward consumer privacy is such a movement, as is state or city-sponsored telecom development. There are already too many leaks, too many places the water is flowing through. The frantic lobbying shows the fear in the tech industry. They have managed to lock down Washington well enough, but that's a single entity. Trying to control fifty fractious states? They can play Whack-A-mole if it amuses them but it can't be stopped. Not anymore.
"The backlash would overwhelm them and they know it."
Don't be so sure. There are rumblings of a counter-backlash with "border wall" strength behind it, plus perhaps the only reason the dogs haven't been set loose yet is that the President has more immediate concerns: namely, keeping the drugs from getting in in the first place (or so he believes).
If the ferals pass a relatively comprehensive privacy legislation that covers most of the issues reasonably well many of the states will do nothing. A few will enact more stringent requirements. So it is in the best interests of any industry to get comprehensive feral level legislation as most states will accept it and do nothing. Nothing unique here to the tech industry.