26 comments

[ 4.1 ms ] story [ 49.8 ms ] thread
isn't this sort of a spineless law?

it says Browsers must send an opt-out signal.

Browsers have already had a do-not-track setting, and websites universally* ignored it.

* 99%

Many thanks, CA lawmakers. Now let's hope it works as intended and that the inevitable loopholes are plugged as soon as they're found.
The received wisdom is that the Trump administration does big business' bidding. Thus, the FTC rescinds federal click to cancel.

But now CA passed its own click to cancel. Surely other states will follow.

How is fighting dozens of different statutes better than working around one in federal courts that are backed up by the business friendly Supreme Court? Businesses are greedy but they aren't dumb. What am I missing?

Nice. But if you really gave a shit about privacy it’d be opt in. Nobody in their right mind wants their information shared for marketing purposes. Turn it off.
They need to make it eligible for Class Action lawsuits to be filed if these are ignored. I wrote a script to routinely test opt out on websites and was stunned to see almost 50% had it implemented incorrectly. This includes high-flying tech companies that went public recently.

Under California’s CCPA / CPRA, most enforcement power lies with the California Privacy Protection Agency (CPPA) and the California Attorney General, not private individuals. This limits the actual downside to a company vs. an unbounded downside of class-action lawsuit threat.

Oh, can I opt out of sharing my ehealth record anonymized or not? Does the law have any teeth per violation?
One easy free-market-friendly libertarian-approved solution would give citizens and residents of California a choice - your data can be kept private, or you can get a sizeable precentage of the value if you opt-in to data collection and sharing.

I'm not really sure how much this would be worth - and would it scale? How much value does the data from a worker at the lower end of the labor pool wage scale have in relation to that from the C-suite members of a mid-size corporation? Should we all have the right to climb up on the block and sell our data to the highest bidders, while collecting the majority of the profits from the transaction ourselves? It might make more sense to sell your data in five-year future contracts - opportunity to renegotiate rates now and then makes sense.

It's informational data, and in worlds like the commodity markets, information is invaluable. Traders have access to everything from satellite data of oil tankers to insider information from drilling rigs and they pay a lot to keep their data current and accurate, get access to proprietary databases and even nation-state classified sources.

Thus, if human data is so valuable, the humans generating the data should be the ones collecting the majority of its financial value if they opt to sell it. From this view, the real crime here is theft of worker value by data collectors and resellers in a monopolistic market system.

but then the websites may offer a banner to ask the user to opt-in again and this information can be saved in a cookie, so it would not be asked again

maybe they can call it the "cookie banner"

oh, and also, if it would be annoying to keep saying "no, I don't want to opt-in again" the websites owners may say that it is government fault, as now they are required by law to show this banner

How about everyone gets a cut each time their data is sold?
This is the way forward. Hopefully the EU will do similarly
I am all for this. However I suspect there will be lawsuits, which would probably include freedom of speech for these data brokers. yay
The "universal opt-out" bill really has no teeth on its own. Combined with the existing CCPA though, it has potential (CCPA is limited to sharing for cross-context behavioral advertising). It just says that browsers and mobile operating systems need to have an easy-to-find setting to signal that the user wants to opt out. The whole bill can basically fit in a tweet. No requirements on what the signal actually looks like, and no requirements that it's respected. There are other laws passed this week with more teeth.

Oh, and we don't have to worry about the "Cookie banner" problem, because a separate law (CCPA) requires a 12 month cooldown before prompting the user for opt-in consent again.

From the law, defining the signal:

> “Opt-out preference signal” means a signal that complies with this title and that communicates the consumer’s choice to opt out of the sale and sharing of the consumer’s personal information.

https://legiscan.com/CA/text/AB566/id/3117187

https://oag.ca.gov/privacy/ccpa

California politicians are the worst. They have no accountability because it’s just one party and they are beholden to nobody but big donors and Gavin Newson’s narcissistic ambitions.
I would love to drop some of the extensions that I currently have loaded for this purpose, but sadly I'm not confident the positive signal instructing opt-out will be honored, and I'll need to retain my defensive extensions.

In spirit this is great.

I don't get this. Many years ago there was "Do not track", a header that was sent based on browser configuration. As a data subject, I loved it. As an engineer I also loved it - it was easy. If the header was present don't render any tracking code. If all services acted in good faith, it could have been epic. But there was pushback, and it went away. Sadface.

For what it's worth I think the browser is the right place for tools like this. If the same thing could have been applied to cookies, we'd not be experience cookie-preference-popupageddon.

The article suggests browser vendors are somehow on the hook for implementing "do not sell". Is the idea the same as do not track?

I don't see how this is enforceable across state lines. What is stopping a data harvesting company in Nevada from just harvesting everything from people in California and selling it?
I don't care about privacy. IMO, it's a distraction to draw attention away from a far more significant topic; algorithm-based media monopolization... And ironically, while we have such high degree of media monopolization, privacy violations are in fact a non-issue for the vast majority of people. The fact is; nobody cares about you. Your privacy doesn't need to be protected because nobody cares to violate it. However, you are broke because your small business has a 0% chance of appearing in search results of any major media platform and you cannot form communities because your kind simply cannot find each other (unless it's some dumb mainstream group; designed explicitly to waste your time). What is a bigger problem?
(comment deleted)
Surely the default should be opt out and it should require action to opt in? This is the real problem.
The absolute mess that is US privacy legislation is going to undermine the US single market advantage. Truth is the big players don’t sell your data, they use it. Only small companies are hurt by this.
> Truth is the big players don’t sell your data, they use it.

No? Eg. giant telecom send me contract to sign with TWO A4 PAGES TO OPT-OUT :>> Guess half was about 3rd partys.