Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday October 08 2020, @09:54AM   Printer-friendly
from the good-luck-with-that dept.

'Do Not Track' Is Back, and This Time It Might Work:

What do you call a privacy law that only works if users individually opt out of every site or app they want to stop sharing their data? A piece of paper.

Or you could call it the California Consumer Privacy Act. In theory, the law gives California residents the right to opt out of any business selling their data. In practice, it hasn't seen much use. Most people don't go to the trouble of opting out of every website, one at a time. One analysis, by DataGrail, a privacy compliance company, found that there were only 82 "do not sell" requests for every million consumer records over the first six months of the year. A study published last week by Consumer Reports helps explain why: Opting out of everything is a complicated pain in the ass.

Change could be coming, however. The CCPA includes a mechanism for solving the one-by-one problem. The regulations interpreting the law specify that businesses must respect a "global privacy control" sent by a browser or device. The idea is that instead of having to change privacy settings every time you visit a new site or use a new app, you could set your preference once, on your phone or in a browser extension, and be done with it.

Announcing Global Privacy Control in Privacy Badger:

Today, we're announcing that the upcoming release of Privacy Badger will support the Global Privacy Control, or GPC, by default.

GPC is a new specification that allows users to tell companies they'd like to opt out of having their data shared or sold. By default, Privacy Badger will send the GPC signal to every company you interact with alongside the Do Not Track (DNT) signal. Like DNT, GPC is transmitted through an HTTP header and a new Javascript property, so every server your browser talks to and every script it runs will know that you intend to opt out of having your data shared or sold. Compared with ad industry-supported opt-out mechanisms, GPC is simple, easy to deploy, and works well with existing privacy tools.

[...] The CCPA and other laws are not perfect, and many of our users continue to live in places without strong legal protections. That's why Privacy Badger continues to use both approaches to privacy. It asks websites to respect your privacy, using GPC as an official request under applicable laws and DNT to express what our users actually want (to opt out of all tracking). It then blocks known trackers, who refuse to comply with DNT, from loading at all.

Starting this release, Privacy Badger will begin setting the GPC signal by default. Users can opt out of sending this signal, along with DNT, in their Privacy Badger settings. In addition, users can disable Privacy Badger on individual first-party sites in order to stop sending the GPC signal to those sites.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by JoeMerchant on Thursday October 08 2020, @03:14PM (2 children)

    by JoeMerchant (3937) on Thursday October 08 2020, @03:14PM (#1062106)

    since people have a basic right to privacy, you should be required to have a person's explicit consent to collect their private information.

    Since when have basic rights ever stood in the way of commerce? Telemarketing, junk mail, none of this required "the internet" to violate such basic rights.

    Apparently, asking someone to give their name, address, or other information to participate in whatever is interpreted as explicit consent to record, collate and sell said information to as many buyers as the asker wishes.

    Any law that requires explicit consent on every individual website only invites gaming with shell corporations, multiple faces on the same entities, etc. leaving the consumer in an unwinnable game of whack-a-mole, and since consumers that actively engage in playing whack-a-mole over this are a rare breed, that too is valuable information about them to be recorded, collated and sold - win win for business again.

    Euro-style "right to be forgotten" should be codified into constitutional rights, something on the order of: any information collected about anyone must be timestamped at the point and time of collection and, absent explicit consent from the individual, automatically destroyed a maximum of X years after collection.

    One way our current products deal with HIPAA is all PHI is auto-scrubbed from our device at power down, generally once a day. If a physician or hospital wants to retain the PHI it is transferred to their care before we erase it.

    --
    "You're all f-cking peasants as far as I can see."
    John Lennon (also sung by David Bowie) Working Class Hero
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Immerman on Friday October 09 2020, @01:17AM (1 child)

    by Immerman (3985) on Friday October 09 2020, @01:17AM (#1062310)

    > Telemarketing, junk mail, none of this required "the internet" to violate such basic rights.
    None of it violates any privacy either. Doesn't matter how much junk mail or spam calls you send my way - you still learn nothing about me.

    >Any law that requires explicit consent on every individual website only invites gaming..,
    I think you've got that backward - implicit consent is a problem - if you have to tell every site "don't track me" to revoke your impliocit consent, then gaming becomes profitable - change the shell and you get implicit consent again. Explicit consent requires me to tell you "yes, go ahead and track me". Any change of shell gets you back to the default "no, keep your spying to yourself", and why would you want that?

    Right to be forgotten is bullshit, especially without an exception for public figures - and you only need to look to Europe to see how it has been immediately abused by every politician and executive wishing to hide their track record.

    • (Score: 2) by JoeMerchant on Friday October 09 2020, @02:05AM

      by JoeMerchant (3937) on Friday October 09 2020, @02:05AM (#1062329)

      spam calls you send my way - you still learn nothing about me

      Whether you answer the call, or not, they are learning something about you by your reaction to the call.

      My point about explicit consent on every website was about requiring the citizen to explicitly express consent on each individual website. Implicit lack of consent would be the best, but there's no profit in that. What we have today is basically implicit consent in practice. You may put your name on a do not call list, enabling you to sue for $500 per call in local courts, all that does is move your spam callers out of your jurisdiction - we're a global economy baby, deal with it.

      Right to be forgotten is bullshit, especially without an exception for public figures

      You are right, I would consider anyone running for public office to be surrendering their right to be forgotten, just as I surrendered the privacy of my fingerprints when I applied for a Real Estate Sales license. But, which foxes did Europe trust to design their henhouse privacy / security? Politicians, of course - just like the U.S. legislator/politicians who wrote themselves an exception in the Do Not Call database penalties.

      --
      "You're all f-cking peasants as far as I can see."
      John Lennon (also sung by David Bowie) Working Class Hero