How is this rush to give people the right to remove themselves from databases going to intersect with corpuses of data that are immutably recorded in blockchain?
Aren't there bad things already encoded in the block chain, I thought I read that? How would a court order on an international open source software base be affected? You could order people in the us under court threat to alter the block chain to remove that information. People in other countries could have confusing legal implications. We already have this with us companies who stored info in other countries so the us govt would have a difficult time compelling them to give up info.
I'm unsure what will happen if a company stores their data in the blockchain then receives a deletion request, but any attempt to remove data from the blockchain itself would be inherently unenforceable - by design, as any blockchain that could be modified or censored via judicial or financial pressure would be critically compromised.
If I remember correctly, there is some legal principle in the United States that no law can require anyone to do something that is impossible for them to do.
IIUC you only need to semantically "delete" it, ie. record the fact that it is deleted, and then not use it.
Consider an analogy to a filesystem. If I delete a file, the bits aren't actually gone and are recoverable (at least for a while). But no-one (as far as I know) is saying we need to scrub or smash hard drives to pieces on customer request. We simply tell our storage system not to present this information to us anymore.
Similarly, in any immutable log based system (like many databases), you wouldn't delete a record by actually removing the information - instead you write a tombstone that says "this information was deleted", and then queries will not return it.
If you're using the blockchain to store information, then you simply need to teach your system that retrieves that information to recognise some kind of tombstone, and you need to honor that tombstone. It's besides the point whether anyone else continues to use the information, similarly to if you'd published it on your website then someone had copied it - even if you delete it, other people are under no obligation to also delete it.
Someone needs to do a better executive summary of this bill. Or at least do a better job of highlighting and explaining where it might be broken. Without all of the breathless editorializing. Because when I scan his summary, everything actually seems fairly reasonable, from a consumer privacy standpoint.
My thoughts exactly. Very poorly constructed article. They definitely buried the lead, which is that the law is reasonable. IMO it's crazy that it's taken this long for real regulation of web 2.0.
Only mildly concerning thing seems to be the pay-for-privacy bullet at the end of the article. This can definitely be fixed.
Further, reference to Sorrell vs IMS seems very contrived to me (not a lawyer though), as it deals with B2B records (DR prescribing history) as opposed to purely consumer rights or privacy. https://en.m.wikipedia.org/wiki/Sorrell_v._IMS_Health_Inc.
Outcome was that the law was struck down as restricting data mining company’s first amendment rights.
I agree, it mostly seems great. I want this in my state. If you are in the world of your business working by getting info from website users, or from third parties who got it from who knows where and then figure out something about you, which is a lot of internet properties, then they wouldn't like this because they like copying our info around all the time.
I believe this is called FUD - lengthy "summarizing" of the facts, alternating with vague baseless allusions. The author condemns the bill for being 10k words long, while his own screed weighs in at 5.5k!
I am a bit wary of something that pops up out of the blue, looking helpful - "never let a good crisis go to waste" and all that. And I'm generally skeptical of "making more laws". But what are the specific flaws in this one?
The indictment seems to be focused on time, meaning there could be flaws we cannot find. But given this is an adversarial process, it also means there (hopefully) hasn't been much of a chance for every entrenched interest to compromise with each other at the people's expense!
The tech giants will eventually benefit from this type of legislation, because after the initial shock it will just help them consolidate. For instance (contrary to the linked FUD), "mom and pop [retail] stores" already don't have to worry about handling customers' information, as that's encapsulated by the payment processors.
So now every little business that wants to use surveillance against their customers will be pushed to go through some centralizer (eg Google). Though from the perspective of the unwillingly surveilled, this isn't really that bad either - eg gaining the ability to actually break up with clingy and histrionic Faceboot.
The big question is if this ability to delete the files being kept about ourselves will remain unneutered, or whether the surveillance industry will eventually succeed in eroding it under some guise of indefinite consent or nebulous mingling of orthogonal purposes.
Another big test will be if the law can be successfully applied against say Experian.
> I wouldn't be surprised if the tech giants are actually positive on such legislation, because after the initial shock it will just help them consolidate.
It's really easy to check this, and the answer is no they're not positive on such legislation:
I don't know the whole story but maybe someone will enlighten me
I think the cat is already out of the bag. We saw how engaging the public works with the legislature. California net neutrality is a recent case in point.
I would argue that the being frozen thing is a good thing. In fact, I think we need to make this proposition system stronger. Once a proposal meets certification, the applicant or anyone may not withdraw it. This I think reduced chances of reckless gambling behavior.
I dunno, it looks fairly reasonable to me. At this point I feel like the sooner everyone just shrugs and adopts a GDPR-ish like framework, the better. And this one looks serviceable, doesn't come into effect until 2020, and can be tweaked in the meantime if needed.
I'm open to the proposition that there's something horrible here but 1) the linked article doesn't seems to able to find any and 2) it does do a good job of selling me on the idea that this law is better than the ballot initiative we'll get if this doesn't pass.
So...what are we meant to do with this info? Call up our local legislators (if we live in CA) and tell them to pass it? (Or...not pass it? I'm honestly confused what the author wants.) There's no call to action here I can see, probably because there's nothing meaningful to do, in which case...maybe take a few more days and make a readable analysis of whatever ends up passing? Because this just feels like fearmongering.
Right. If there are any major issues, the companies can pay the government to make it how they want. They surely will anyhow. Very sad for the small businesses that will suffer, but I can’t reason to worry for them more than the all the millions mustering a life in the surveillance state without small business capital. It sounds rough but something has to change yesterday. Let the corporations work out the details for once and if you honestly want small businesses to have a voice, simply vote for candidates who don’t accept corporate campaign donations. That’s where it starts.
I have started a business and sold 4 years ago. I understand your point.
Mine is more about asking what pace of commercial
enterprise a society can and should bear. Why must everyone carry the burdens of our greatest risk takers? Life has many facets. Some of them cannot be bought and sold, and some of them shouldn’t be. Businesses come and go like flies. Civil societies are harder to come by.
you guys don't realize that regulations are essentially the fall of every civilization. The restriction on voluntary free trade and property eventually ends civilizations
Since it seems you won't stop using this site for ideological purposes, we've banned the account. We're happy to unban accounts if you email hn@ycombinator.com and we believe you'll start following the guidelines.
> This bill would provide that a consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. Upon such a request, the business would be required to delete the information from its records and direct any service providers to do the same. This right to delete would need to be disclosed by businesses collecting personal information
How does this work when someone requests that a company delete all invoices related to them?
There's a whole list of exceptions included in both GDPR and this law. For example, a business does not need to delete information when it is required to: "Complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer"
> the text is locked down, so there’s no way to improve the proposed text based on comments from other stakeholders (which the legislative process allows)
Or one of those stakeholders or a chairman beholden to those stakeholders would have pulled the same move that just happened with CAs net neutrality bill and used the process to poison-pill it.
It's pretty clear by now that many people, in fact, do not like being tracked and profiled. Most people, I suspect, could just not imagine what Google, Facebook and the programmatic ad industry overall have managed. But now, many are catching on. And they're pissed.
The self-serving wailing of a lawyer/lobbyist for the privacy invasion industry, how very droll.
The California initiative process, introduced around 1911 by crusading progressive governor Hiram Johnson to curb a venal legislature in hock to special interests, worked as designed in this case. Of course special interests adapted and learned to coopt the process, as the sugary-drinks industry is doing with its own initiative to arm-twist the State into preempting local soda taxes like Berkeley’s or San Francisco’s.
> Among other major problems facing our country, we need to eliminate California’s initiative process to shut down this unwelcome workaround to our democratic institutions.
Calling direct democracy an "unwelcome workaround to our democratic institutions" and saying it needs to be "eliminated" is a bit much. If the legislature was doing its job properly and giving the people what they want, they couldn't be motivated to support an initiative like this.
40 comments
[ 3.3 ms ] story [ 99.6 ms ] threadnot a claim I would believe without a lot of evidence.
Whack a mole, with whomever has the most force winning (usually a nation state).
Consider an analogy to a filesystem. If I delete a file, the bits aren't actually gone and are recoverable (at least for a while). But no-one (as far as I know) is saying we need to scrub or smash hard drives to pieces on customer request. We simply tell our storage system not to present this information to us anymore.
Similarly, in any immutable log based system (like many databases), you wouldn't delete a record by actually removing the information - instead you write a tombstone that says "this information was deleted", and then queries will not return it.
If you're using the blockchain to store information, then you simply need to teach your system that retrieves that information to recognise some kind of tombstone, and you need to honor that tombstone. It's besides the point whether anyone else continues to use the information, similarly to if you'd published it on your website then someone had copied it - even if you delete it, other people are under no obligation to also delete it.
But there sure is s coordinated push of badly written articles spreading FUD about it...
Further, reference to Sorrell vs IMS seems very contrived to me (not a lawyer though), as it deals with B2B records (DR prescribing history) as opposed to purely consumer rights or privacy. https://en.m.wikipedia.org/wiki/Sorrell_v._IMS_Health_Inc.
Outcome was that the law was struck down as restricting data mining company’s first amendment rights.
I am a bit wary of something that pops up out of the blue, looking helpful - "never let a good crisis go to waste" and all that. And I'm generally skeptical of "making more laws". But what are the specific flaws in this one?
The indictment seems to be focused on time, meaning there could be flaws we cannot find. But given this is an adversarial process, it also means there (hopefully) hasn't been much of a chance for every entrenched interest to compromise with each other at the people's expense!
The tech giants will eventually benefit from this type of legislation, because after the initial shock it will just help them consolidate. For instance (contrary to the linked FUD), "mom and pop [retail] stores" already don't have to worry about handling customers' information, as that's encapsulated by the payment processors.
So now every little business that wants to use surveillance against their customers will be pushed to go through some centralizer (eg Google). Though from the perspective of the unwillingly surveilled, this isn't really that bad either - eg gaining the ability to actually break up with clingy and histrionic Faceboot.
The big question is if this ability to delete the files being kept about ourselves will remain unneutered, or whether the surveillance industry will eventually succeed in eroding it under some guise of indefinite consent or nebulous mingling of orthogonal purposes.
Another big test will be if the law can be successfully applied against say Experian.
It's really easy to check this, and the answer is no they're not positive on such legislation:
"Amazon, Microsoft, and Uber are paying big money to kill a California privacy initiative": https://www.theverge.com/2018/6/15/17468292/amazon-microsoft...
Only facebook left this group of tech companies opposing this after his testimony in Washington (probably wanted to avoid even more bad PR).
"Facebook exits group opposing California's proposed privacy law": https://www.cnet.com/news/facebook-drops-opposition-to-calif...
It's like how the health insurance companies were really against "Obamacare", while now it has cemented their ability to compel your patronage.
I think the cat is already out of the bag. We saw how engaging the public works with the legislature. California net neutrality is a recent case in point.
I would argue that the being frozen thing is a good thing. In fact, I think we need to make this proposition system stronger. Once a proposal meets certification, the applicant or anyone may not withdraw it. This I think reduced chances of reckless gambling behavior.
I'm open to the proposition that there's something horrible here but 1) the linked article doesn't seems to able to find any and 2) it does do a good job of selling me on the idea that this law is better than the ballot initiative we'll get if this doesn't pass.
So...what are we meant to do with this info? Call up our local legislators (if we live in CA) and tell them to pass it? (Or...not pass it? I'm honestly confused what the author wants.) There's no call to action here I can see, probably because there's nothing meaningful to do, in which case...maybe take a few more days and make a readable analysis of whatever ends up passing? Because this just feels like fearmongering.
Mine is more about asking what pace of commercial enterprise a society can and should bear. Why must everyone carry the burdens of our greatest risk takers? Life has many facets. Some of them cannot be bought and sold, and some of them shouldn’t be. Businesses come and go like flies. Civil societies are harder to come by.
https://news.ycombinator.com/newsguidelines.html
How does this work when someone requests that a company delete all invoices related to them?
Or one of those stakeholders or a chairman beholden to those stakeholders would have pulled the same move that just happened with CAs net neutrality bill and used the process to poison-pill it.
The California initiative process, introduced around 1911 by crusading progressive governor Hiram Johnson to curb a venal legislature in hock to special interests, worked as designed in this case. Of course special interests adapted and learned to coopt the process, as the sugary-drinks industry is doing with its own initiative to arm-twist the State into preempting local soda taxes like Berkeley’s or San Francisco’s.
The privacy initiative took 2 years of preparation, not 7 days: https://www.theregister.co.uk/2018/06/29/california_data_pri...
Calling direct democracy an "unwelcome workaround to our democratic institutions" and saying it needs to be "eliminated" is a bit much. If the legislature was doing its job properly and giving the people what they want, they couldn't be motivated to support an initiative like this.