California's new data and privacy rights in effect as of today - Microsoft pledges US-wide application... + details of proposed CRPA

[Delicieuxz]

Today is a great day for data ownership and privacy rights, because, as of today, California's Consumer Privacy Act (CCPA) comes into force in California, greatly strengthening data and data-privacy rights for Californians and beyond.

 

 

Microsoft has posted that they will apply California's new CCPA rules nationwide in the US: Microsoft will honor California’s new privacy rights throughout the United States

 

But I wouldn't be too quick to assume that Microsoft is doing this out of the goodness of their greedy, corporate, data-coveting hearts, and Microsoft conspicuously doesn't mention anything regarding applying the same treatment to the rest of the world in their post. Microsoft, which makes huge money stealing your personal data from your computer through Windows 10 and various Microsoft services, reportedly was one of the tech companies that originally tried to prevent CCPA from becoming a California ballot box initiative.    See *****  below for more information about California ballot box initiatives

 

So, why might Microsoft be openly supporting CCPA rules and applying them US-wide? It could be a case of 'if you can't beat them, join them - and then twist them in your favour'. After all, Microsoft is the company which coined the phrase "Embrace, extend, and extinguish".

 

 

And it isn't just Microsoft that are trying to get in-front of any new data rights protections: Tech industry titans suddenly love internet privacy rules. Wanna know why? We'll tell you

 

Companies that make millions and billions of dollars each year by pilfering your data and applying it to their own technology operations or selling it either in raw or aggregated form to 3rd-parties (including researchers, governments, advertisers, police, and pretty much whoever else has the money to pay for it) see newer data rights protection laws as a threat to their profits but inevitable and so they want to get in-front of their implementation to shape their designs in a way that will favour their companies' continued profiteering on your personal data. They want new data laws to get in the way of their unfettered data-theft practices as little as possible.

 

 

The CCPA is already stronger legislation than Europe's GDPR, which, while a positive movement and being an important catalyst for data and privacy rights awareness, I've thought to be largely toothless and basically the minimum possible to be done while still not restricting data-harvesting and not giving data-owners solid control over their data property. But the sponsors behind California's new law are going even further than the CCPA, with their announced California Privacy Rights Act (CPRA) [2], which is an updated, fortified, and extended version of the CCPA that will address more recent data privacy exploit tactics and grant a bunch more important rights to data-owners that were missing in the CCPA, such as denying the collection of anything beyond what is absolutely necessary for a user-requested service to function.

 

The CPRA will also establish a California Consumer Privacy Protection Agency to protect data-owners.

 

The CPRA is intended be put to a ballot initiative, circumventing the possibility of its proposals being watered-down in California's legislature, as happened with the CCPA.

 

 

 

***** Ballot box initiatives: California has a wonderful law that enables average, non-politician Californian residents to create new laws in California by securing a certain number of signatures in support of the legislation proposal. And if the required number of signatures is received for a proposed legislation, then that proposed legislation goes to a ballot where all the residents of California get to vote on it. And if it passes the California-wide vote, then it becomes law in California.

 

Likely to ward-off a ballot box initiative regarding the proposed CCPA data-protection legislation, the California legislature unanimously passed a watered-down version. If California's legislature had not done that, then those sponsoring the CCPA, which had the required number of signatures to put their legislation proposal to a ballot initiative, would have put the matter to a California-wide referendum and then their stricter proposed legislation would have certainly passed, because, well, people logically value and want their privacy and want to control their own data.

 

 

Quote

 

The California Consumer Privacy Act (CCPA) goes into effect today!

The most sweeping consumer privacy legislation in the nation grants new data privacy rights for every Californian. 

Here are your new rights:

• The right to know what personal information a business has collected about you.
• The right to say no to the sale of your information.
• The right to delete your information.
• The right to access your information in a portable format.

Here's what's next:

We are circulating a new initiative called the California Privacy Rights Act (CPRA)

Here's why:

Since we passed CCPA, two things have happened: First, some of the world’s largest companies have actively and explicitly prioritized weakening the law. Second, technological tools have evolved in ways that exploit a consumer’s data with potentially dangerous consequences. I believe using a consumer’s data in these ways is not only immoral, but it also threatens our democracy.

CPRA would:

• Create new rights around the use and sale of sensitive personal information, such as health and financial information, racial or ethnic origin, and precise geolocation.

• Provide enhanced protection for violations of children’s privacy by tripling CCPA’s fines for breaking the law governing collection and sale of children’s private information and would require opt-in consent to collect data from consumers under the age of 16.

• Require much-needed transparency around automated decision-making and profiling, so consumers can know when their information is used to make adverse decisions that impact lives in critical ways, including employment, housing, credit, and even politics.

• Establish a new authority to protect these rights, the California Privacy Protection Agency, which will simultaneously enforce the law and provide necessary guidance to industry and consumers, many of whom are struggling to protect themselves in an increasingly complex digital ecosystem, where hacking and identity theft remain a terrible problem.

• Most importantly, it would enshrine these rights by requiring that future amendments be in furtherance of the law, even though I am only setting the threshold to amend at a simple majority in the legislature. While amendments will be necessary given how technically complex and fast-moving this area is, this approach respects the role of the legislature while still providing substantial protections for Californians from attempts to weaken the law and their new human rights.

 

Here's how they compare:

 

 

 

[TempestCatto]

California doing something right? Holy shit, the 20's are gonna be lit

[PlayStation 2]

6 minutes ago, TempestCatto said:

California doing something right? Holy shit, the 20's are gonna be lit

Ehh, don't speak too soon. We just started the decade.

[Salv8 (sam)]

24 minutes ago, TempestCatto said:

California doing something right? Holy shit, the 20's are gonna be lit

you've just jinxed it!

it's gonna be 2017 all over again!

that's it i'm going to my fucking bunker, call me when the nuclear fallout happens and there are mutants to fight and destroy...

bye fuckers!

[Arika]

On 1/2/2020 at 6:39 AM, Delicieuxz said:

Microsoft is the company which coined the phrase "Embrace, extend, and extinguish".

This comes up a LOT on this forum whenever MS does something that doesn't appear to be "all evil". But when was the last time EEE was implemented? and i mean actually implemented, not just people flipping out and using logical stretches that would make McKayla Maroney proud.

[PhantomJaguarr]

I felt the effects of this right away at work. New forms for customers to sign regarding privacy and how we use their info etc.

[SpikeSpiegel]

2 minutes ago, Bombastinator said:

True.  California is being used as a rhetoric lever though. 

Back on topic.  U.S. laws for protection personal data is quite bad compared to the E.U.  I mean you can find anyone in U.S.A. while it's harder to find people in the E.U.  So basically I think the whole personal data laws in the U.S. are a joke.  Even the YouTube COPPA thing is going to hurt YouTubers.  

[steelo]

6 minutes ago, CalintzJerevinan said:

Back on topic.  U.S. laws for protection personal data is quite bad compared to the E.U.  I mean you can find anyone in U.S.A. while it's harder to find people in the E.U.  So basically I think the whole personal data laws in the U.S. are a joke.  Even the YouTube COPPA thing is going to hurt YouTubers.  

I'm hopeful but also weary about these new laws.

[thorhammerz]

7 minutes ago, atxcyclist said:

Look at my state of residence, Texas.

Lovely thing about Texas - it'll probably be the first state to go (mostly) fully green for power in the near-to-medium-term future, simply from economics (rather than through a set of governmental taxation / subsidies plan) .

[ZacoAttaco]

This CCPA is definitely a step in the right direction. It makes me wonder though, if the public has a direct say in whether or not their data is sold won't this mean massive financial loss for companies relying on harvesting people's data? It doesn't surprise me that Google is not implmenting this nation-wide, it's not in their best interests.

 

My assumption though, is that opt-out will be in a menu of a website or application where your average user does not go to and only the educated tech users will take full advantage of the act.

[leadeater]

Stay on topic and no political/state bickering, one and only warning. Not a good start when 80% of the posts fall in to this and have to be hidden.

[Taf the Ghost]

The single greatest piece of Lawyering in American History was the deal signed by the Tobacco companies in the late 90s. They might have had to fork over billions, but they got a legally enforceable, criminally actionable Cartel established. It's the only true Cartel that's legal in the USA, and it's been so potent that companies willingly joined the deal because of how potent it is.

 

I've brought up the Tobacco Cartel a few times, around here, because it's really important to understanding the way major corporations will operate. They'll fight against exterior authority right until the moment they're ready to flip and use that authority to their own ends. We saw this with Amazon and Sales Tax, as another example. What we might see is a shift with big data collectors forming something of an "information Collection Cartel". Which just makes it easier for the NSA to gather it all anyway.

[Bombastinator]

28 minutes ago, Taf the Ghost said:

The single greatest piece of Lawyering in American History was the deal signed by the Tobacco companies in the late 90s. They might have had to fork over billions, but they got a legally enforceable, criminally actionable Cartel established. It's the only true Cartel that's legal in the USA, and it's been so potent that companies willingly joined the deal because of how potent it is.

 

I've brought up the Tobacco Cartel a few times, around here, because it's really important to understanding the way major corporations will operate. They'll fight against exterior authority right until the moment they're ready to flip and use that authority to their own ends. We saw this with Amazon and Sales Tax, as another example. What we might see is a shift with big data collectors forming something of an "information Collection Cartel". Which just makes it easier for the NSA to gather it all anyway.

I think it’s already happened.

I’m more familiar than I want to be with the tobacco company stuff and the incredible power they wield.  That statement is if anything underaccusatiry imho.

[williamcll]

Looks like the data scientists need to look for other jobs. 

[mr moose]

Shouldn't be too hard for MS to comply,  I believe they already comply with it globally anyway. 

 

8 hours ago, Arika S said:

tis comes up a LOT on this forum whenever MS does something that doesn't appear to be "all evil". But when was the last time EEE was implemented? and i mean actually implemented, not just people flipping out and using logical stretches that would make McKayla Maroney proud.

 

I see github has been extingu.. . oh wait,  I see Linux has also.. oh wait there too.   Hang on a minute,  what have they extinguished?

[leadeater]

35 minutes ago, mr moose said:

Hang on a minute,  what have they extinguished?

Positive sentiment towards their brand name.

[wanderingfool2]

Quote

The right to say no to the sale of your information.

I get about wanting the right to privacy and such, but if they give the consumer the right to say no to the sale of information I hope that it includes stipulations that the service can refuse service and such

[Bombastinator]

1 hour ago, wanderingfool2 said:

I get about wanting the right to privacy and such, but if they give the consumer the right to say no to the sale of information I hope that it includes stipulations that the service can refuse service and such

Which is to say “if we can’t own you go away, but you can’t go away so I guess we own you then”.

 

I really really don’t hope it does that.  The problem is that companies shouldn’t have a right to do that kind of business in the first place.

[Brooksie359]

47 minutes ago, Bombastinator said:

Which is to say “if we can’t own you go away, but you can’t go away so I guess we own you then”.

 

I really really don’t hope it does that.  The problem is that companies shouldn’t have a right to do that kind of business in the first place.

Why should companies be required to provide services to people who don't want to agree with their terms of service? I am if the opinion that nobody is guaranteed the right to someone's service besides in cases where it isn't a private business. If people don't want a company to sell their data but that is the way they make money to stay profitable then they have no right to their services. 

[Delicieuxz]

10 hours ago, mr moose said:

Shouldn't be too hard for MS to comply,  I believe they already comply with it globally anyway. 

 

 

I see github has been extingu.. . oh wait,  I see Linux has also.. oh wait there too.  

EEE is meant to extinguish competition to Microsoft standards and alternatives. Github became Microsoft's standard and alternative. Microsoft would extinguish their own dominant platform.

 

Linux isn't really a threat to Microsoft, and Microsoft is able to make money through Linux as well.

 

Quote

Hang on a minute,  what have they extinguished?

Here's some of what EEE was enacted against by Microsoft: https://en.wikipedia.org/wiki/Embrace%2C_extend%2C_and_extinguish#Examples

 

2 hours ago, wanderingfool2 said:

I get about wanting the right to privacy and such, but if they give the consumer the right to say no to the sale of information I hope that it includes stipulations that the service can refuse service and such

Yes, business models would likely need to change and they should - background data-theft isn't a legitimate business when companies like Microsoft, Facebook, and Google do it any more than when malware distributors do it. The lawless regime of data-pilfering is like a store-owner, rather than charging set prices for certain products and services, indiscriminately helping themselves to the monetary contents of people's pockets and wallets when they walk into their store - without clear knowledge or consent to it by those who enter their store.

 

It is an invasive thug and criminal business model that has no right to exist. Companies that can't thrive without it shouldn't exist. Companies that have something of value to offer are able to receive market value for their offerings.

 

So, a revamp of the business model is an objective of proper regulation of data-thieves.

[Delicieuxz]

6 hours ago, Brooksie359 said:

Why should companies be required to provide services to people who don't want to agree with their terms of service? I am if the opinion that nobody is guaranteed the right to someone's service besides in cases where it isn't a private business. If people don't want a company to sell their data but that is the way they make money to stay profitable then they have no right to their services. 

That's true. Companies shouldn't be required to provide services to people who don't compensate them for the services. But they also shouldn't be allowed to silently choose their compensation for themselves, take it for themselves, take it even after people stop using their services, and use it in any way they choose to against their customers' interests. And a service user who has their data taken as payment for the service is a customer.

 

Telling companies they can't take people's data is only like telling store-owners they can't unilaterally take people's money out of their pockets at their sole discretion - including after they've left the store. Stores have to present a proposal with a defined, not unlimited payment agreement, and their customers have to wilfully agree to that defined proposal. That's not currently the case with data-harvesting services. It should be the case with data-harvesting services.

 

Telling companies they can't harvest data against people's wishes isn't telling them they have to provide their services for free. It's telling them they have to find a legitimate and ethical business model that obeys privacy and property rights.

[Bombastinator]

2 minutes ago, Delicieuxz said:

That's true. Companies shouldn't be required to provide services to people who don't compensate them for the services. But they also shouldn't be allowed to silently choose their compensation for themselves, take it for themselves, take it even after people stop using their services, and use it in any way they choose to against their customers' interests. And a service user who has their data taken as payment for the service is a customer.

 

Telling companies they can't take people's data is only like telling store-owners they can't unilaterally take people's money out of their pockets at their sole discretion - including after they've left the store. Stores have to present a proposal with defined, not unlimited payment agreement, and their customers have to wilfully agree to that defined proposal. That's not currently the case with data-harvesting services. It should be the case with data-harvesting services.

 

Telling companies they can't harvest data against people's wishes isn't telling them they have to provide their services for free. It's telling them they have to find a legitimate and ethical business model that obeys privacy and property rights.

Heh.  Companies WONT provide such services.     That’s not a should at all. Compensation in one form or another would happen.  What they can do, is by providing that service for “free” (even though it’s emphatically not) they can force other providers out of service and become the only way to get something.  Corralling the cattle.  Google is a master of this.  
 

The issue is that a lot of times it’s fantastically unfair compensation. an example currently happening to me:
 

 I made the mistake of applying for insurance yesterday on a website.  Today I’ve received upwards of 20 phone calls from what seem to be scam insurance companies from all over the world none of whom actually seem to have any insurance to sell me (which I desperately need and am willing to pay for) but all of whom want my data and my email address.  
 

My data got sold.  to anyone who would pay.  And it’s being used to abuse me.

 

 Should or shouldn’t they be allowed to take things without people knowing what they are or what they will be used for though.  Should the things they are used for even be allowed to be done?  By anyone.  Big data has a lot of power.  Scary power.  
 

The people who do understand how it works use that understanding to manipulate the people who don’t.  Or who even made a tiny error once because they were in a hurry.  It’s so bad many people have just given up and accepted that they are owned and there is nothing they can do.

 

There is no “right” of those with power to predate on those that don’t.

 

I read the original post as “So some victim actually did something to fight back.  I hope they don’t do it in an actually meaningful way”

 

I really really hope they do.

[Brooksie359]

2 hours ago, Delicieuxz said:

EEE is meant to extinguish competition to Microsoft standards and alternatives. Github became Microsoft's standard and alternative. Microsoft would extinguish their own dominant platform.

 

Linux isn't really a threat to Microsoft, and Microsoft is able to make money through Linux as well.

 

Here's some of what EEE was enacted against by Microsoft: https://en.wikipedia.org/wiki/Embrace%2C_extend%2C_and_extinguish#Examples

 

Yes, business models would likely need to change and they should - background data-theft isn't a legitimate business when companies like Microsoft, Facebook, and Google do it any more than when malware distributors do it. The lawless regime of data-pilfering is like a store-owner, rather than charging set prices for certain products and services, indiscriminately helping themselves to the monetary contents of people's pockets and wallets when they walk into their store - without clear knowledge or consent to it by those who enter their store.

 

It is an invasive thug and criminal business model that has no right to exist. Companies that can't thrive without it shouldn't exist. Companies that have something of value to offer are able to receive market value for their offerings.

 

So, a revamp of the business model is an objective of proper regulation of data-thieves.

They may not be as transparent about it and they really should but I do think that there is some benefit to the collection of data if done so in a transparent way. 

[mr moose]

4 hours ago, Delicieuxz said:

EEE is meant to extinguish competition to Microsoft standards and alternatives. Github became Microsoft's standard and alternative. Microsoft would extinguish their own dominant platform.

So no extinguishing then. 

4 hours ago, Delicieuxz said:

Linux isn't really a threat to Microsoft, and Microsoft is able to make money through Linux as well.

Again no extinguishing then.

4 hours ago, Delicieuxz said:

Here's some of what EEE was enacted against by Microsoft: https://en.wikipedia.org/wiki/Embrace%2C_extend%2C_and_extinguish#Examples

Funny how in that list the things they claim were extinguished MS either made open to fair use like office document reading or still exist today due to legal proceedings.

 

You have to remember that EEE was a business model from a different market era.  You cannot keep trying to impose what they did under completely different leadership 20 years ago to what they do today.     You may as well keep arguing that AMD are current because they wanted to price fix with Nvidia a decade ago, or that Intel are highly corrupt today because of their anti consumer practices from 15 years ago.   You can only hold a company (or person) accountable for evidence you have against them today. 

 

 

 

In reflection, looking at the sudden changes in the market place over the last 30 years (especially hardware and software tech) it is actually of no surprise that they all were doing anything they could to try and maintain control.  

 

Are they doing it today? really not so much, if at all.  Every now and then we get a sniff of something with potential, but no evidence. 

 

[Arika]

23 minutes ago, comander said:

From what I see, I generally support CCPA. 

Data should be seen as property and this makes companies act a lot more like it is. 

If I had a harddrive in a bank vault, the bank would need to protect it. The same concept should apply if the vault is a data center. 

makes me wonder how much a single person generates in terms of targeted ad revenue from their data being sold