Hey, remember that California privacy law? Big Tech is trying to ram a massive hole in it A proposed amendment to California's new data privacy law would drive a huge hole through the legislation, privacy advocates have warned. The change to the California Consumer Protection Act (CCPA) – in state senate bill 753 – will be reviewed by Cali's Senate Judiciary Committee next week and effectively adds Google and …
I agree with you. But there are plenty of things you can do to stop them receiving a single valid byte of your data, and then even more things to stop the ads being presented to you.
On the other hand, and as much as it sticks in my craw... billions of people don't seem to give a shit as long as they can like a cat video or make some inane comment about an InstaFaceTube video.
"But there are plenty of things you can do to stop them receiving a single valid byte of your data"
There isn't, though, since both of these companies (and others) are also gathering data about us from non-online sources such as debit/credit card usage as well. It may be technically possible to completely avoid them, but to do so pretty much requires withdrawing completely from society.
This type of bill needs to be in more if not all States. If the amendment fails, and the corporates don't get their way, they'll just move the exec suite and this the corporate headquarters to another State or possibly even to another more accommodating country. Bandits don't wear ski masks any more and rob banks or trains. They wear 3-piece suits and there's always a place for them to hide.
This may be technically true, but in practice it's not really enforceable outside of the EU.
It is if those companies wish to do business in the EU or EEA. Besides that, I have feeling that more countries will adopt either GDPR or something pretty similar, California -while not a country- being a case in point. It won't even be the first European thing to be adopted elsewhere, just see IBAN, which started somewhere before 2000 with less than 20 countries, but is now being used by at least 70 countries, more than double the number of EU and EEA countries.
"It is if those companies wish to do business in the EU or EEA."
Or they could just splinter their business: rules for me and rules for me, eh? Then one business for me and one for thee, and we'll leave no way for you to tie those "global turnover" rates to the splinter business, eh? That's what lawyers are for, after all: to find ways around obstructive laws? Isn't that why we're already seeing end-runs around the laws?
"It is if those companies wish to do business in the EU or EEA"
Yes, true. And those companies address the issue by treating EU visitors differently. I was really thinking about the vast majority of non-European websites, who can (and do) simply ignore the existence of the GDPR.
"I have feeling that more countries will adopt either GDPR or something pretty similar, California -while not a country- being a case in point."
This is what I'm seriously hoping for, particularly in the US (since that's where I live).
The Californian market is so large that any global company must comply there.
Its however less viable to have a separate system for CA as it is for GDPR countries - because the regs apply to to a much smaller demographic (scale) and CCPA, GDPR and other regs apply to residents of the affected countries/states. The borders are more 'fuzzy' in a state.
First, this is California Senate Judiciary Committee not the US Senate. (Not clear in the article, but implied)
Other than that...
The bill is being sponsored by State Senator Henry Stern who is a Democrat in Los Angeles.
It would be very interesting to see what sort of campaign donations he has...
Also how much press this is getting...
This is also an example of just how important it is to consider breaking these companies up.
One more question... El Reg never has addressed.
In today's Big Data environment, along with El Reg promoting seminars on Machine Learning, AI and what not...
Why does theregister.co.uk still use Google Analytics?
If they are brave enough to answer, you'll start to understand the monopoly Google has. ;-)
> This is California Senate Judiciary Committee not the US Senate
Correct, which we did know, and we've made it crystal clear in the story now. Don't forget to email corrections@theregister.co.uk if you spot anything that may be wrong.
> Why does theregister.co.uk still use Google Analytics?
It's free and useful. It produces easy-to-view summaries of daily, weekly, and monthly traffic, and allows us to compare these year on year, or month to month, and see which regions are growing, and which stories people are most interested in, by views. It also produces a real-time dashboard so we can see the live effect of publishing, tweeting, tweaking headlines, etc.
It's just one source of indications of what works well, and what doesn't, with readers. There are other things we keep an eye on, such as comments, emails, messages, and the effect pieces have on the industry. I'd rather an article forces a company to reverse a bad policy than do mega page views.
However, in an attempt to entice us into paying for Analytics, Google's free version of Analytics becomes somewhat inaccurate after the first 10m page impressions each month, and we regularly smash through that, so we're considering other options, including non-Google paid-for analytics or perhaps rolling our own.
Any stats we quote are from our own internal stats system, which processes logs and isn't set up for real-time analysis. We could make our own form of Google Analytics, but so far we've chosen instead to put our small team of web devs onto other things more directly useful.
> El Reg never has addressed
Well, we do, in a way, in our cookies page - https://www.theregister.co.uk/Profile/cookies/ - in which you can opt out of GA and/or view its privacy policy.
Hope this helps,
C.
Nice that you fixed it.
But the larger issue Google Analytics.... Cookies have nothing to do with it.
You can easily roll your own analytics. So too can many companies that have a large digital presence.
Another question not asked... what happens to your page rankings if you don't use Google Analytics.
;-)
Again, part of the real reason why Google needs to be split.
We could and maybe we will when our tech team is bigger.
> what happens to your page rankings if you don't use Google Analytics
FWIW Google claims GA has no impact on search rank.
https://twitter.com/JohnMu/status/1012320567381422081
Not that we care too much about SEO, as you may have noticed from the headlines and writing.
C.
Not that we care too much about SEO, as you may have noticed from the headlines and writing.
Touche and well played.
True. People hunt out El Reg and hear about it from word of mouth. No need to worry about search results.
But I have to ask... is a Tweet an actual official response from a company? Meaning what one person says in a tweet, regardless of his position in the company, is it the company's official position?
Google considers that their search algos are proprietary IP. I'll wager that if Congress were to subpoena Google to provide their search algos even in a closed door session, they would fight it kicking and screaming bloody murder all the way.
Sorry, I don't trust them.
As to the size of your tech team... you could always make this a 'volunteer' project. I mean if you can get a group of junior birdmen rocketeers to take on launching a playmobile astronaught into the high altitudes... then you should be able to find a couple of people to do this... ;-P
(Ok, that project is definitely more fun than putting the screws to Google, but this would probably provide more Karma to El Reg. )
-Just Saying...
Actually, that would make for an interesting article: What is exactly the information that El Reg obtains out of using Google Analytics? Does it get the profile of users? Anonymized statistics? Aggregated data? Do you know how many of your users have the "specific code for eating disorders (571) and black people (547)"?
"What is exactly the information that El Reg obtains out of using Google Analytics?"
Less than we could get out of our direct server logs, which we don't look at. With 150,000,000+ pages served last year, we wouldn't have time. We don't see individual readers.
Our internal stats systems and GA therefore aggregate visitors into tallies: number of people reading in the past minute, hour, day, week, month, year, etc; number of people in the UK, US, etc; number of people who are repeat readers, etc. GA happens to present the numbers in an easy-to-read format (graphs, country maps, tables) whereas our internal tools produce text summaries.
All with a pinch of salt and some squinting as a single IP address doesn't represent a single person, people block Google cookies, and so on and so forth.
Specifically, it's documented on our cookie page https://www.theregister.co.uk/Profile/cookies/ - and on Google. Here's what is collected: https://developers.google.com/analytics/resources/concepts/gaConceptsTrackingOverview
Our privacy policy is here: https://www.theregister.co.uk/about/company/privacy/
> Do you know how many of your users have the "specific code for eating disorders (571) and black people (547)"?
No. Our internal tools count page impressions, ad impressions, and unique readers, producing separate tallies per country we're interested in. Google Analytics does this too, and goes one step further by estimating age ranges, gender, and interests, but we don't pay attention to that because... we think we have a better handle on reader's real interests than Google's tracking bots. There is nothing as creepy as racial and disability profiling.
As I said in another comment, we're not cemented to GA.
C.
That the major players in Social Media are completely sociopathic.
It is time to poke a big hole in them.
The way amendments like this are inserted into bills as a result of lobbying and the concomitant brown envelopes show clearly that democracy and government 'for the people' is a(n unfunny) joke.
As someone who has been dealing with this law, let me tell you, it is a nightmare. I understand and care about privacy, but how vauge and overreaching this legislation is is crazy. Their definition of Personally Identifiable is huge and peices of data that are fine by themselves can be considered PI when combined. Things things like and SSO ID, username, or even a PK that can be mapped back to PI is considered PI. We have to take into account things like, does our third party logging tools capture a username, ip address, etc. How about data stored in 1000's of schemas in a db that is feeding a program that's been running since the 80's. How about access databases? Excel spreadsheets? Employee info is included in this. A boss having the contact in their phone is something has to be tracked.
At least in my company's case, we don't sell or share your data, but we are crap at normalizing it. The next phase is trying to figure out how to remove it, or even if it can be removed without breaking dozens of downstream processes.
(OK I'm coming from the assumption that this law operates the same as GDPR, because im familiar with the GDPR requirements and not that familiar with the Califronian one, but i imagine they're pretty similar.)
So the problem sounds more like your firm has been collecting way more info then it needs to over the years. Yes thats been the policy for a long time with most firm, but now you should only be collecting what you need to deliver your product/service. Thats what GDPR is about. Collect only what you NEED. If you need the data to deliver the product, then you CAN collect the data. But you cant use that collected data for anything else, without informing the people you collected the data from AND getting their consent to use it. If they dont give their consent, you CANT use it. And that you have to PROTECT the data you do collect.
You seem to be looking at this from the wrong way - you're looking and going, Oh no we have to work out what is personal information and how are we going to normalize it, and thats going to be heaps of work. You should really be looking at it from the other end. Why do we collect this data? Do we actually need it to deliver the service/product? If yes, then how are we going to protect it.
Does your firm really need database data from the 80's to deliver products 30 years later? Should your excel spreadsheets be listing personal identification details? How are you protecting the data in those spreadsheets and who has access to them? Who has access to your access databases? As for your bosses phone - of course what data it has on it should be tracked, it should also be remotely wipeable. If he loses it in the pub tomorrow, your info (as an employee contact) is out there, gone, lost, and able to be accessed by miscreants. You dont want to know about that if it happens? You want your boss to be able to quietly download on to a new phone the conatcs list again and not let everyone in the firm know that they are now at risk?
GDPR really isnt that big a headache, it really just requires you to think about why you're collecting data, if you really need it, and if you do, how you're going to protect it. The only people that this is really a headache for are the scumbags in advertising like Google and Facebook, because their whole business model is built around collecting all this info and abusing it.
"At least in my company's case, we don't sell or share your data (*)... the next phase is trying to figure out how to remove it, or even if it can be removed without breaking dozens of downstream processes."
Sounds like a long-term drug dealer trying to figure out how to remove the damage his business has done to other people's lives over the years.
(*) Neither did Facebook or Google in their early days.
You and me are buddies, even though my silver spoon was an uncomfortable intrusion into your personal space. Dude, this is a nice and sneaky Cali move to make things better for our Berkeley buddies. But, and I want you to think "butt", this is not what the plebes out there want. Most of them are a lot smarter than you and me, and it seems they (without any family/friend connections) have figured out that you are a shining example of a "space not yet filled".
So Mr. Shiny, are you interested in doing good things for your constituencies (aka those citizens who support you, and those who don't) or are you just trying to sneak past the Thousand Days of that cranky old guy named Jerry?
If you want to end the magic that is California, just go ahead and follow the theme/strategy of your Dempublican family and friends. Those of us old enough to know will either survive to see that you can remake a new world in this State, or will bury our hopes and prayers along with the bodies of our friends and families, and of course ourselves.
Gin up, pony boy - your ass is on the line of History, and she can be quite a nasty bitch.
And the winner, (With 12 times higher frequency than the second most blocked) is.....
ssl.google-analytics.com
This is not entirely off topic, maybe California could threaten to make Pi-Holes mandatory.
Now that there's a photo of one we should have a black hole icon ============>
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
