SoylentNews is people
SoylentNews
The California Consumer Privacy Act of 2018 was approved unanimously by the state Senate and Assembly today and was signed by Gov. Jerry Brown.
A legislative bill summary says the law will give Californians "the right to know what PI [personal information] is being collected about them and whether their PI is being sold and to whom; the right to access their PI; the right to delete PI collected from them; the right to opt-out or opt-in to the sale of their PI, depending on age of the consumer; and the right to equal service and price, even if they exercise such rights."
Consumers Union, the advocacy division of Consumer Reports, was an early supporter of the ballot initiative. While the organization said it was pleased that many of the initiative’s provisions were included in the new law, it urged changes to certain aspects of the law that are different from the ballot initiative, and pledged to work for more substantial reforms.
Justin Brookman, the Director of Consumer Privacy and Technology Policy for Consumers Union, said, “We appreciate that this law advances consumer protections in several ways. It gives people access to the information that companies have about them. It extends the right to control the sale of your data, and it provides new security protections in the wake of the Equifax breach.
“However, we have serious concerns about how this legislation introduces very troubling concepts into law. We oppose a provision in the law that allows companies to charge higher prices to consumers who decline to have their information sold to third parties. The California state constitution grants people an inviolable right to privacy. Consumers should not be charged for exercising that right.
(Score: 2, Interesting) by The Mighty Buzzard on Saturday June 30 2018, @11:14PM (10 children)
See, this is one place where the commerce clause should actually be used. Internet commerce is absolutely interstate commerce and there's no way in hell an admin of a small or medium site can keep up with fifty fucking states worth of Internet laws. My vote's for blocking all California IP addresses when this goes into effect unless/until it gets preempted by a federal law.
My rights don't end where your fear begins.
(Score: 3, Interesting) by jmorris on Saturday June 30 2018, @11:40PM (1 child)
Nah, don't block IPs, just put in a checkbox where the user must assert they are legally allowed to agree to your site's TOS which includes "not valid in CA" and put the onus on them. If you ship physical product you would also have to block CA from both ship to and bill to address. If a few thousand websites did it the repeal would have as many votes as the initial passage. Especially if a dozen major CA based entities announced plans to relocate. But no, everyone will bitch and whine and then obey, because CA is "too big to write off."
Free webpages are built on the model of monetizing the users, ban that and they all vanish in a puff of fake .com money. It would be hilarious if websites put up a "CA residents (or everyone else!) can check this box to opt out of being monetized" and it instantly loads the subscription page.
(Score: 2) by The Mighty Buzzard on Sunday July 01 2018, @02:37AM
Or just remove their ability to log in.
My rights don't end where your fear begins.
(Score: 2, Insightful) by Anonymous Coward on Sunday July 01 2018, @04:01AM (2 children)
Better yet, maybe your small or medium site just shouldn't violate people's privacy. That seems like the real solution to me.
(Score: 3, Insightful) by The Mighty Buzzard on Sunday July 01 2018, @01:30PM
And given fifty different laws saying that with fifty different and probably contradictory sets of criteria that you have to meet, do you think you could manage to build something that would pass muster alone? Idiot.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Sunday July 01 2018, @07:26PM
it's not that simple. my sites don't *violate* shit. i use no analytics. the only data collected is the server traffic logs and what the user volunteers as part of their profile. the only data required to be in their profile is what is necessary for the most basic site functions like logging in, ffs. i don't share any of their data with anyone. i spend my time trying to find ways to protect the tiny data they do enter from tyrannical governments and other attackers. the user can close their account and change their data whenever they want, but i'm not going to promise to remove *just their* freaking username and email address from my daily backups of all the sites databases (immediately) every time someone changes their mind, as just one example of unreasonable requirements. i dislike facebook in a lot of ways, but if they weren't such suck asses they would have told congress just how stupid a lot of their questions/proposed requirements were when Darth Suckaturd was being questioned in the congressional hearings, as if you can ever kiss enough government ass for them to leave you alone.
do you think the politicians making these laws develop/admin web applications and have fully thought out all the possible ramifications of their laws? they are just pandering to whining slaves who can't be bothered to choose wisely to protect their own supposedly precious data. these meewing sheople are the ones who willfully signed up for the sites whose whole purpose is to datamine, usually while using slaveware OSes whose whole purpose is the same. now they cry to ignorant, authoritarian politicians so those frauds can ruin the world a little more.
(Score: 0) by Anonymous Coward on Sunday July 01 2018, @08:46PM (4 children)
small or medium site...
is the target of these laws. The giants have no problem with them. They can afford to 'hire people'. Let's hope for its quick demise in the court system. And the judge should fine the legislature for wasting public resources in writing such slop. On the other hand, we must demand access to any and all data collected on us. If my name is in there, then I claim entitlement in knowing all about it.
Also this bill was a highly watered down virtually toothless version of the initiative.
(Score: 2) by The Mighty Buzzard on Monday July 02 2018, @12:24AM (3 children)
You're aware that most admins don't even know what data they have about you, right? Databases tend to grow beyond what you can remember over the years. Bytram/martyb spent days just figuring out where all we store ipid hashes and for how long not long ago.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday July 03 2018, @01:25AM (2 children)
They have a computer, right? Let the machine do the searching for any instance of a name.
(Score: 2) by The Mighty Buzzard on Tuesday July 03 2018, @03:06AM (1 child)
What MySQL query would you use for that if I might ask? Me, I'd have to do a describe on every table and dump it to a file so I could first grep and then less through it. Then I'd have to check columns to see whether they are what I think they are. Schema and naming consistency has not been a hallmark of rehash's history.
My rights don't end where your fear begins.
(Score: 1, Funny) by Anonymous Coward on Wednesday July 04 2018, @02:08AM
Do you really need MySQL to search for a specific string of letters anywhere on your system? Hell, even Windows can index file contents. But you shouldn't have to know anything about 'files' and 'tables' and whatnot. Let the programmers deal with that. And remind them that we are still the stone age with these contraptions. We still can't explain to the machine what "is" is. If the computer can't do the job, can't read the data you are looking for, then throw the thing away and get a good secretary [youtube.com].
Remember, the population is only just over 7.5gig, it can all fit on a dual layered DVD