California emits fine-print of its GDPR-ish digital privacy law, complete with Google and Facebook-sized holes The final rules for California’s digital privacy law have been published and they are… full of holes. California's attorney general Xavier Becerra revealed the details [PDF] for how his office will define and enforce the landmark law, which is supposed to give residents of America's Golden State the right to demand what data …
Leaving those loopholes achieves two things. First, that the interests of the tech giants and advertising industry have been served, thereby assuring future campaign contributions by way of a reward. A form of gratuity if you wish to put a minimal veneer of respectability to it. Secondly, all loopholes can be closed at a future date, call it clarification of the terms within those rules. Therefore, a method of extracting future campaign contributions from said tech giants and the advertising industry in order to prevent such clarification. Further, a nice gift to future attorneys general.
As always, follow the money.
Don't forget that it's also a hammer that can be used--selectively, on an as-needed basis--to pound down any nails that have the impertinence to stick up.
Legislation in the US, from local to state to federal, is so compromised that it would be preferable to have monkeys at typewriters writing laws.
This legislation is essentially about data sharing - hence "§ 999.305. Notice at Collection of Personal Information (d) A business that does not collect personal information directly from the consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information."
The GDPR is about protecting the data subject's human rights (which include privacy), and it takes into account a wide definition of harm.
This is a fundamental difference that is consistently overlooked.
Looking at the new GDPR light, it does appear that the next ballot is necessary.
We were waiting for the new guidance - its light on detail where we wanted to see clarity, but its better than nothing. It seems that California is taking an evolutionary approach - which is not ideal. We are taking the approach that what flies in the sunshine state will be applied to all us states - I hope that other companies do the same, but the evolutionary changes means that we have to do this again, and again.
We dont use personal data much on our sites - just enough to be a PITA.
With any new body that the next legislation creates, I would be nervous. It is likely to be funded based upon fines - and its easier to clobber smaller organisations that it is to go after the giants. The ICO discovered this in the UK, when it couldn't impose fines on British Airways,because basically it couldn't afford the legal fees.
It seems that California is taking an evolutionary approach - which is not ideal. We are taking the approach that what flies in the sunshine state will be applied to all us states - I hope that other companies do the same, but the evolutionary changes means that we have to do this again, and again.
Quite. It's getting a little silly now, when you consider a global business will trade in potentially 50 or more legal jurisdictions, trying to manage 50 different data collection and retention schema's plus another 50 from Uncle Sam, and breaches become an inevitability rather than a sign of intentional corporate misbehavior.
I have followed this issue since being alerted in these hallowed pages that there were Californians able to Do The Right Thing and get their state to GDPR-like levels.
This is not that. And a new regulatory body is just a small nuisance to companies like Google and Facebook.
I was hoping for much better, but I guess you take what you get and carry on with a smile.
California legislature hasn't "done the right thing" in DECADES, from my point of view...
A weak law with a strong-sounding name, coupled with special provisions for "the donor class" is kind of what you'd expect from the California legislative body. Swiss cheese indeed. Just like it said in the 2nd half of the title.
(a REAL GDPR-like law would have been WELCOME, but I never expected it to happen)
Even with a ballot measure to strengthen it, I don't expect anything to NOT be "challenged away into obvlivion" in the court system.
Texas is looking better and better these days...
Well, people shouldn't stop now, because as more and more enterprises are realizing the easy money they can make selling customer data, the problem will be getting more serious every day. At some point it will be impossible to control this anymore, because everybody having something to say will have a finger in the pie.
It's now, while customer data peddling enterprises are still just a minority, that you have a chance to stop the evolution. Also the data pushers didn't start their big counter-offensive yet, the big media campaign explaining that "privacy" is a commie plot to undermine god-fearing patriotism in the States, and that GDPR is the proven cause of Covid-19...
I use slight differences in the information I submit to the world+dog to get a sense of who is selling what information about me and, by far, the worst offender is Bank of America, not any of the tech giants. I've even seen things that I've bought using my ATM and credit cards that I have with them, offline, influence advertising.
The CCPA is quite useful already, though not for the intended purpose.
Magazine subscriptions are practically free because most of the money comes from advertising and selling of your contact info to 3rd parties. Now with the "do not sell" option you can sign-up for a periodical and immediately tell them not to sell you onto the "sucker lists" that result in floods of commercial mailings, and worse.
Even better, with the "delete my info" option, any unwanted company who has contacted you by whatever means can be told to knock it off, and legally must purge you from their system. Particularly useful in the event of other people mystyping their contact information as yours. Trying to correct such errors was previously a Sisyphean farce from the 7th circle.
Not very helpful while you have an account with a service like Google/Facebook/etc, but excellent the moment you decide to delete it, and wish for everything they know about you to be purged and forgotten.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
