18 comments

[ 3.2 ms ] story [ 59.2 ms ] thread
The tone of this article makes it sound like it's a bad thing that Facebook and Google won't be much affected by this law, but I don't really think it is.

The reason the big players aren't much affected is that they've already had to make huge privacy changes in response to GDPR. They've already paid those costs.

A lot of what you see about privacy is uninformed fear mongering. This article is a good example: it seems to take it as a given that anything that doesn't substantially increase privacy protections is a bad thing, but no reasons are given, and the costs aren't weighed. In reality there's a balance to be had here and we need to be looking at both sides. I'm not saying there's nothing to fear, just that there's a real disconnect between what the media's afraid of and what we should actually fear, and there's a very real danger of legislative changes doing more harm than good.

GDPR actually provides some pretty substantial privacy guarantees and I think we should wait to see the effects of GDPR play out before we go fiddling with the system more.

It seems to take it as a given that anything that doesn't substantially reduce exploitation is a bad thing, but no reasons are given, and the costs aren't weighed. In reality there's a balance to be had here and we need to be looking at both sides. There's a very real danger of legislative changes doing more harm than good.

Sure, a few billion humans might be being invasively tracked and having their data sold, and their mental biases ruthlessly exploited for profit, addictive behaviours encouraged with personalised alerts, but you've got to look at both sides - on the other hand, a few companies are making a HUGE PILE OF MONEY, and I think everyone can agree that's unquestionably a good thing. (No reasons are given).

> a few companies are making a HUGE PILE OF MONEY, and I think everyone can agree that's unquestionably a good thing.

Unquestionably? No, it's a bad thing for the monopolies to maintain through capitalism's achille's heel. Weighing the costs would require insight into the cost-benefits of those mega-corporations, which we will never see.

I agree, large companies weren't the targets. Ultimately large companies are always better position to respond to regulation than small companies anyway.

However, just because you're a small company doesn't necessarily mean you're dealing with small data anymore. The data broker companies mentioned in the articles are great examples. These companies are the next Cambridge Analytica if not regulated by laws like this.

The article appears to be more nuanced than your comment seems to imply. The conclusion of the article is that it's a good thing that the law impacts smaller advertisers rather than Facebook and Google.

>The activists may not have gotten the legal weapon they wanted, but they did get the legal weapon that users deserve.

Gdpr introduces a cost but from what I heard,it's very messy.

What is needed is civil laws that permit lawsuits and restraining orders against tech companies as well as criminal statutes to imprison CEOs of companies that willfuly track users against their wish.

For example,Facebook's CEO should be criminally prosecuted for "shadow profiles" collected against non-users. I should be able to file a restraining order against Google preventing them from stalking me online.

I don't care if they pay a hundred billion dollars to the government,I want clear and specific lines drawn with clear and efficient consequences.

Consider this: under CFAA, intentionally attempting to gain unauthorized access to a system can result in a federal criminal prosecution. Google and Facebook are intentionally collecting unauthorized information on individuals who have clearly expressed their desire to not be tracked by them(browser settings and http headers). Their CEOs should be just as liable as an individual would if that individual was stalking another person or logging into their account against their permission.

The article concludes with a paragraph which basically echoes your sentiment. I don’t see much of your claimed “fear mongering” at all:

“The good news is that while the activists missed their big, showy target, they hit the often sketchy data arbitragers who do the real dirty work of the advertising machine. Facebook and Google ultimately are not constrained as much by regulation as by users. The first-party relationship with users that allows these companies relative freedom under privacy laws comes with the burden of keeping those users engaged and returning to the app, despite privacy concerns. Acxiom doesn’t have to care about the perception of consumers—they’re not even aware the company exists. For that reason, these third-party data brokers most need the discipline of regulation. The activists may not have gotten the legal weapon they wanted, but they did get the legal weapon that users deserve.”

In fact, many of your claims are wrong! The article argues that the new California regulations are a good thing, not a bad thing. And furthermore, it even directly acknowledges your point about how media complaints about privacy w.r.t. tech companies are usually misguided and not what we should actually be afraid about. You even make the same point about how tech giants have already adapted to GDPR.

You basically say “the article’s tone is bad” but then you make exactly the same arguments as the article.

I know it’s against HN rules to insinuate that commenters didn’t read the article, but your comment is so far off base w.r.t. the article’s content that I’m going to ask: did you even read the article? If you didn’t - kudos to you for having a very nuanced viewpoint; it’s certainly was much better than mine before I read it. (On the other hand, you really should read the entire article before criticizing it, though...)

Couldn't even read the article. The ads are so aggressive that my instant reaction was to just close the page.
It’s a start. I wish the CCPA took a few stronger stances to match GDPR for end users, and consistency in compliance would be nice.
I follow Antonio García Martínez on Twitter and he's usually always making this same argument: that any privacy regulation is just going to entrench Facebook and Google. Which is very convenient because the implied solution to that is no regulation at all [1]!

But no one who cared about privacy thought this California bill was anyway a giant triumph. Everyone knows it's not equivalent to GDPR, for one because it's just in one state. This was just the result of a handful of people taking advantage of a quirk of California's legislative process to a put a gun to lawmakers's heads. If not for the ballot proposition process, California would be the last place I'd expect to pass strong EU-style privacy laws, because it's home to the surveillance capitalism industry.

What that California bill did do was show some tangible movement can be made in the US, to the point where the internet companies are now mobilizing to make a federal law (in the hope that this current Congress and Administration will not pass anything close to what's on the books in EU) [2]. What they didn't expect is that it's not just the left that is gunning for Facebook, Google, and Twitter anymore, it's the right as well. You might believe both aisles of the political spectrum are motivated by partisan reasons, but it doesn't matter. The bipartisan environment required for strong regulation to happen is here.

Privacy activists should seize on the opportunity to pass a federal law that's equivalent to the EU's. And if there's no movement on that, force the issue by creating a patchwork of laws in state legislatures. They should also seek out the backing of Apple, Salesforce, IBM, Oracle, or anyone else in the tech industry that has the straightforward business model of selling a product or service for money to a customer. It's critical to make clear to legislators that there's no united front from the "tech industry" on this.

[1] The real answer is antitrust enforcement, which is also gaining political support.

[2] https://www.nytimes.com/2018/08/26/technology/tech-industry-...

Over the last few years I've observed a growing sentiment on the right that they are not being treated fairly by a lot of big tech companies. I don't know in what way it'll manifest, but if that trend continues it might seriously harm some of the big players. Therefore it wouldn't surprise me to see support from the right.
You don't specifically say one way or the other, but your phrasing made me curious: Would you assert that big tech companies do treat the red team fairly? I don't know how many people will reply, but if you are reading this, I would also like to know your answer to this question. I have been a social outsider my entire life, and while it's been tough in almost every conceivable fashion, it does let me see the forest of American politics for the trees with respect to both the blue team and the red team. And I assert that big tech companies in fact do treat red-teamers "unfairly" (for a value of "unfair" which is not limited to right-wing fringe elements). Please note however that I assert nothing about causality, only that it is so.
This isn't even controversial, they've been blocking right-wing people nonstop. Hacker news does it too btw
> Which is very convenient because the implied solution to that is no regulation at all

There is actually a third way.

We have three main options for this kind of infrastructure. The first is centralized for-profit ad-supported proprietary systems, but then you get Facebook-like privacy problems. The second is centralized for-profit subscription fee supported proprietary systems, but then you get Oracle-like rent seeking and onerous prices and the same privacy problems because they stem from the centralization rather than the advertising.

The third option is decentralized/federated infrastructure running open source software financed with grants, like DNS or the web. So that a message from Alice to Bob goes directly from Alice to Bob, encrypted end to end, and there is no Eve in the middle to have to regulate for privacy.

The thing that would speed that along is funding for development. So if you want something from the government here, get that.

(comment deleted)