Thursday, May 26, 2011

CA Privacy Legislation Targeted by Google, Facebook, and Other Tech Firms

A few weeks ago, in discussing the landmark Do Not Track bill, SB 761 (Sen. Alan Lowenthal), that would require any company collecting data from a California resident to provide a method of opting out of that data collection, I pointed out how two of privacy's greatest enemies - Facebook and Google - had come to oppose the legislation.

Yes, strange bedfellows in once sense, but brothers in arms in another (they both are aggressive opponents of the right to privacy). Recently, there's been another bill targeted by these tech goliaths, SB 242 (Ellen Corbett).

As noted by Bill Mullin of Paid Content, "The bill, as currently written, would require big changes to social-networking sites like Facebook. Most significantly, it would require users to set their privacy settings upon registration, rather than look for privacy settings after they’ve joined. It would also require settings to default to keeping information private, rather than making it public. (It almost doesn’t need to be said at this point, but the settings for a new Facebook profile default to public.) Willful violations of the proposed law would result in $10,000 fines."

As he also points out, technology and social media companies, from Facebook and Google to social media startups, are starting to form active coalitions designed to prevent California privacy bills from becoming law. This anti-privacy coalition now includes Google, Facebook, Yahoo, Zynga, Oodle, an online classified site; Identified, a professional networking site; Zecco, a community investing site; and BranchOut, a professional networking service on Facebook.

Before I get to a major article in the Wall Street Journal detailing this alliance - particularly between Google and Facebook - let me return to a couple key points by Mullin, who wrote, "It may seem surprising that national and even global tech companies might be regulated from Sacramento—but it has happened before. In fact, the requirement that websites have privacy policies displayed at all is due to a California state law passed in 2003. There is no federal requirement to have a privacy policy at all; but the California privacy law includes fairly detailed language about what must be included in a privacy policy. It also defines what constitutes personal information."

As I said, apparently California's efforts to bring regulatory protections up to speed with rapid technological advancements is garnering some well deserved attention.

The Wall Street Journal reports:

There’s not much love lost between Facebook and Google these days, but the companies are joining forces in one area – fighting two online-privacy bills that are moving through the California legislature.

One of the bills, a “do not track” proposal introduced by State Sen. Alan Lowenthal, would require companies to let people opt out of having their online data collected. The other, by State Sen. Ellen Corbett, would require social-networking sites to keep users’ information private by default and to remove personally identifying information if requested.

Both bills were approved by the Judiciary Committee, but they face strong opposition from some big players in the state. Google Inc. and Facebook Inc. are among dozens of companies and trade groups opposing at least one of the bills.
....
The bills are evidence of growing interest in privacy legislation, which is also being debated at the federal level. Last month, Sens. John Kerry (D., Mass.) and John McCain (R., Ariz.) proposed legislation that would create a “privacy bill of rights” that would let people block information from being shared and access personally identifiable information about themselves.

And the bill from Sen. Lowenthal adds to other efforts to regulate a “do-not-track” mechanism. Earlier this month, U.S. Sen. Jay Rockefeller (D, W.Va.) proposed a bill called the Do-Not-Track Online Act of 2011 that would prohibit companies from collecting information from people who have indicated they don’t want to be tracked. The Federal Trade Commission has discussed requiring companies to honor such opt-outs.

This year, makers of the Firefox, Internet Explorer and Safari Web browsers have all made tools within their browsers that let users indicate they don’t want to be tracked. But tracking companies aren’t required to honor those messages.
 ...
The California bills are the latest in a series of moves by the state to confront privacy concerns more aggressively than the federal government has thus far. The state already allows residents to get access to some of the data companies have on them, for example.
“There may be more of a chance for federal legislation if we see states threatening action,” said Justin Brookman, the director of the Project on Consumer Privacy at the Center for Democracy and Technology.
Privacy advocates have praised the general intent of the California bills – giving consumers more access to their information and more control over it. But even supporters of the ideas have said there are a few problems. The bill from Sen. Corbett, for example, would allow parents to request the removal of a child’s personally identifiable information as long as the child was under 18. Proving that someone is a child’s parent or guardian would be extremely difficult, and removing teens’ information would be problematic, Mr. Brookman said. “Teenagers actually have First Amendment rights,” he added.

To read more on the Do Not Track bill in particular, you can check out my recent posts, here, here and here

Clearly, I believe, strongly, that consumers should have the right and ability to tell websites not to spy on them or collect detailed profiles based on what they choose to do on the web. Remember, we should OWN our data, and that means we should have control over how its used - if used at all.

I've also often made the point, that when it comes to this issue in particular, an interesting dichotomy is at work. On one hand, while its true people seem to "care" about privacy on one level, they tend to do very little to actually do so. Which in my mind, makes easy to use, clear options to protect privacy all the more paramount. Because, once people are given such a choice, not only will more people choose to "not be tracked", I think more people will become more AWARE of just how all pervasive such monitoring of nearly everything we do has become.

1 comment:

Shoresite said...

This legislation would be step forward. I do have recent experience from Facebook and BranchOut in particular systematically breaching users privacy.

I was invited to join BranchOut but refused to grant BranchOut permission to access my own and my friends data on Facebook. Accordingly I choosed to click "don't allow" rather than "allow" these permissions.

In spite of this BranchOut opens an account and collects all the data I refused permission for.
Try it yourself to verify it really works this way!

All my friends - but not myself - can then access and view my BranchOut profile presenting the data I did not allow BranchOut access to. From the same BranchOut account I have also received "badges", emails and requests to pick one of two random friends I rather work with. So it is obvious they have collected my friends data as well.

I also have had friends trying to get endorsements from this stolen persona - falsely representing myself.

When accessing links on emails and Facebook pop-ups I'm repeatedly requested to grant BranchOut the permissions to access data it already has collected against my will.

I have alerted both Facebook and BranchOut about this serious and systematic breach of users privacy.

BranchOut propose I change my privacy settings when accessing my account.
As I refuse to accept Terms of Use and grant the permissions (to access data which they already have collected) I cannot enter my account to change privacy settings.
It's a Catch 22.

BranchOut refused to recognize this as an error and choose after several emails to terminate my account instead.

To resurrect and make BranchOut aware of the problem I have clicked the "don't allow" button again - which resulted in BranchOut stealing my identity yet again!

How many times do I have to click the "Don't Allow" button to stop this?