Google, Facebook trying to stop impending California vote on allowing the opting-out of collection and sale of personal data

[Delicieuxz]

 

Google And Facebook Are Quietly Fighting California’S Privacy Rights Initiative, Emails Reveal

 

Excerpt:

Quote

 

LOBBYISTS FOR THE largest technology and telecommunication firms have only three days to prevent the California Consumer Privacy Act, a  ballot initiative that would usher in the strongest consumer privacy standards in the country, from going before state voters this November.

 

The initiative allows consumers to opt out of the sale and collection of their personal data, and vastly expands the definition of personal information to include geolocation, biometrics, and browsing history. The initiative also allows consumers to pursue legal action for violations of the law.

 

The idea that Californians might gain sweeping new privacy rights has spooked Silicon Valley, internet service providers, and other industries that increasingly rely on data collection, leading to a lobbying push to defeat the initiative before it gains traction. Their best hope may be to convince the sponsors of the initiative, including San Francisco real estate developer Alastair Mactaggart, to pull the proposal in exchange for compromise privacy legislation, AB 375, which would achieve some of the same goals of the initiative. Lawmakers behind the legislation, led by State Assembly member Ed Chau, D-Monterey Park, and State Senator Robert Hertzberg, D-Van Nuys, have promised to swiftly pass their bill this week if sponsors withdraw CCPA.

 

Emails obtained by The Intercept reveal that tech giants are fighting behind the scenes to water down the privacy legislation, hoping to prevent an expensive and potentially losing ballot fight this year.

 

Andrea Devaeu, a lobbyist for TechNet, a trade group for Google, Facebook and other tech companies, has continually updated an ad-hoc business lobbying coalition formed to defeat the CCPA. In an update sent on Sunday evening, Devaeu provided a “compilation of feedback re: the most problematic aspects of AB 375.”

 

 

If you hate that a large portion of your internet bill is subsidizing your ISP and online services' gathering of your personal data so that they can sell it for profit, then you'll want this act to pass without it being watered down.

 

If you hate that the lowest settings for personal data-harvesting in Windows 10 Home and Pro still gathers your personal data from over 3,500 individual data streams to create a meticulous and comprehensive picture of your every step in the OS that is associated with your person, and which Microsoft profits from selling to whoever, then you'll want this act to pass without it being watered down.

 

If you hate the malicious designs of Windows 10 including forced updates and resets, file-associations resetting, UI mods breaking with each major update, and all other things in Windows 10 that trace back to Microsoft's goal of forcing as much personal user data into their servers so that they can sell it for their profit and preventing people from doing anything to obstruct Microsoft's ability to harvest your personal data, then you'll want this act to pass without it being watered down.

 

If you hate that your own personal life is being turned into the equity and a subject of these companies, against your will or choice, then you'll want this act to pass without it being watered down.

 

If you hate that even your graphics card drivers and games [2] are starting to be stuffed with data-harvesting, then you'll want this act to pass without it being watered down.

 

Regardless of whether you live in California or the USA, if you want a stop to be put to the harvesting and selling of personal user data without the will of the software, system, or service user, then you'll want this act to pass without it being watered down.

 

 

Having this proceed in California without it being neutered would force business model changes throughout the data-selling industry, and could greatly increase exposure of which companies are selling personal user data. It would also put the discussion of the topic permanently out in the open, and could lead to similar legislation being passed by other states and countries.

 

The world needs this proposed legislation, and it has to start somewhere. I hope that if you live in California you might call your MP or whatever your representatives are called and put the pressure on them to see that this vote happens, and that tech/data companies are not permitted to water down the proposed legislation. And if you know people in California who are tech-minded, I hope that you make them aware of this legislation and encourage them to do the same.

 

 

And believe it or not, the negatives of unfettered unilateral data-harvesting by tech companies are still in the early stages. 

[Arika]

8 minutes ago, Delicieuxz said:

in exchange for compromise privacy legislation

There is no compromise to privacy. Though I wonder what they are thinking?

 

"We'll still do it, but just not tell them so they feel safer"

[mr moose]

Even if the law goes through without change, facebook and google will still keep collecting, you just wont have the option to use their service if you don't agree to it. IF GDPR proved anything thing it is that there are no options, it's our way or the highway.

[Delicieuxz]

8 minutes ago, mr moose said:

Even if the law goes through without change, facebook and google will still keep collecting, you just wont have the option to use their service if you don't agree to it. IF GDPR proved anything thing it is that there are no options, it's our way or the highway.

Possibly in some cases, but not in all. For example, Microsoft isn't going to refuse to sell Windows 10 licenses to people and let them use the OS if they refuse to allow Microsoft to continue harvesting and selling their personal data. MS still profits from the license sales, and from any paid service integrated into Windows 10, like Microsoft Store, One Drive, Office 365, etc.

 

Microsoft wouldn't even be legally able to decline to allow people to use their Windows OSes that they bought licenses for.

[mr moose]

24 minutes ago, Delicieuxz said:

Possibly in some cases, but not in all. For example, Microsoft isn't going to refuse to sell Windows 10 licenses to people and let them use the OS if they refuse to allow Microsoft to continue harvesting and selling their personal data. MS still profits from the license sales, and from any paid service integrated into Windows 10, like Microsoft Store, One Drive, Office 365, etc.

Says who? Last time I checked MS didn't own google or facebook, so I am not sure how their terms are relevant to what I said, at any rate:

 

You're assuming MS cares or is actually already breaking these laws. I Kinda hope they pas unaltered and then have some court cases,  it might put to rest this whole data mining thing for once.  Seeing as the DPA results didn't.

 

The thing with these industry groups is that they are very generic.  They fight all the fights and not all their members care about all the fights, some more than others. I can see faccebook and google being extremely interested, but the automotive association might have less concern for such laws.

 

 

[Doobeedoo]

Haha ofc they do, it's funny that they also really do so for something like this. 

[Christophe Corazza]

Interesting... we found out they are fighting against increased privacy rights via intercepted emails... sort of ironic if you ask me.

[EarthWormJM2]

16 hours ago, Delicieuxz said:

If you hate the malicious designs of Windows 10 including forced updates and resets, file-associations resetting, UI mods breaking with each major update, and all other things in Windows 10 that trace back to Microsoft's goal of forcing as much personal user data into their servers so that they can sell it for their profit and preventing people from doing anything to obstruct Microsoft's ability to harvest your personal data, then you'll want this act to pass without it being watered down.

I hope you mean updates in regards to mining our personal data, not required updates to improve Windows and make it more secure. If you stop all updates across the board, businesses and consumers will be getting viruses and even possibly hacked left and right. Windows is the most used OS in the world and holds the vast majority of the enterprise market, hence why "Windows has the most bugs and viruses of any OS". No one is going to spend time trying to hack or make a virus for an OS that such a small % of the corporate world has (where all the $ is). Not saying that viruses don't exist for other OS, Just giving perspective. So yes, there will be mistakes along the way, but would you really want a version of Windows that doesn't get any updates in this "always online' world full of scammers and malicious ppl trying to make a buck off of you, I sure as hell wouldn't. 

 

All in all, personal data collection should be limited and opt-in for the more intrusive stuff, but most of the "data-harvesting" that most ppl are up in arms over, is already public information. Your name, address, phone #, court records, etc., are all public information already and most of the EULAs you click through and never read when you sign up for Gmail or Facebook or what have you, say they will collect your data, and you agreed to it. I mean even the government has been collecting data on everyone for decades already.

[Delicieuxz]

1 hour ago, EarthWormJM2 said:

I hope you mean updates in regards to mining our personal data, not required updates to improve Windows and make it more secure. If you stop all updates across the board, businesses and consumers will be getting viruses and even possibly hacked left and right.

I mean updates that are forced without the Windows owner being able to choose to not install them. People who and businesses that want updates, and who want to have updates install themselves automatically can still have that option while people who don't want updates to download or install themselves automatically or to restart their PCs on their own can have that option - just like how those different options exist in all prior versions of Windows.

 

Quote

All in all, personal data collection should be limited and opt-in for the more intrusive stuff, but most of the "data-harvesting" that most ppl are up in arms over, is already public information. Your name, address, phone #, court records, etc., are all public information already and most of the EULAs you click through and never read when you sign up for Gmail or Facebook or what have you, say they will collect your data, and you agreed to it. I mean even the government has been collecting data on everyone for decades already.

Here is the personal data that Microsoft is harvesting through Windows 10 at the "Basic" (lowest) data-harvesting setting in Windows 10 Home and Pro (and it is all associated with your personal identity):

 

https://docs.microsoft.com/en-gb/windows/privacy/basic-level-windows-diagnostic-events-and-fields

 

On that page is listed over 3,500 individuals points in which your personal and private data is streaming from your PC to Microsoft's servers, so that Microsoft can sell it to other companies, governments, law enforcement, researchers, advertisers, and anyone with the money to pay for it. That page still doesn't include documentation any of the personal data that Microsoft gathers from its integrated services, such as Edge, Cortana / Bing, Skype, etc.

 

Those over-3,500 individual data streams include meticulous information on your system hardware, your system usage, your license information, your program installation and usage information, your account information, your update information, some integrated services information, your camera usage information, battery information, DRM information, your network information, your settings information, system reboot information, errors, and a lot more. Altogether, it creates a comprehensive picture of every step you take while using your system and in your offline Windows environment. And that's at the minimum data-harvesting setting in Windows 10 Home and Pro.

 

The data that is collected on your in Windows 10 Home and Pro is comparable to having cameras all around you all the time monitoring everything that you do, with a team of observers watching you nonstop and constantly making notes on every little thing that they see you do. When you're in Windows 10 Home or Pro, you're not free secure and private, in your own home, on your own computer - you're an imprisoned test subject, in a lab, being constantly monitored, with your personal life being harvested for the unjust enrichment of corporations that don't regard you as a person.

[EarthWormJM2]

6 hours ago, Delicieuxz said:

you're an imprisoned test subject, in a lab, being constantly monitored, with your personal life being harvested for the unjust enrichment of corporations that don't regard you as a person.

Well that's a little extreme don't you think?

 

Whether it's morally right on not for Microsoft to collect all that data is another discussion. As far as if its legal or not, when you install windows or boot up a brand new computer you have to accept a EULA that states they will be collecting your data and possibly give it to 3rd-party companies for a better "experience" (which we all know usually means targeted ads). And you can usually opt out of a lot of them. Do they still collect some data even if we opt out? Certainly, because of the initial EULA you agreed to. They may just disable some features or not collect certain data because you opt'd out. I mean, I am a network admin, and not being able to permanently disable updates is a pain in the ass, believe me. But I understand why they are doing it. Too many users on older versions of Windows never updated then had issues or their data breached, then they would blame Microsoft for it. Also from a straight support standpoint, keeping everyone up-to-date automatically makes troubleshooting way easier which would in turn reduce support costs that would eventually reduce the cost of the product. There are very valid reasons for what they are doing. (I don't agree with all of them, but I get it) Most of their intentions are to make a better product for the end user, and in this age of big corporations, that involves collecting your data so they can provide you with products, features and even ads that you would want to see. If you are THAT worried about them collecting your data, stop using Windows and move to Linux, delete your Facebook, Twitter, etc. Stop giving these corporations your money, they will only make changes when they start losing money, and none of it is necessary to have in daily life.

[JoeCoke]

About time! I somehow doubt this'll make much of a difference in the end though, so @huilun02's advice is good.

[Suika]

I love how these companies are so about internet freedom and keeping Net Neutrality alive (not to complain about that concept here), but the moment you try to give consumers a little more power over their own personal data, they freak out and suggest we don't go too crazy with protecting consumers.

 

Laughable at best.

[JoeCoke]

21 minutes ago, Suika said:

I love how these companies are so about internet freedom and keeping Net Neutrality alive (not to complain about that concept here), but the moment you try to give consumers a little more power over their own personal data, they freak out and suggest we don't go too crazy with protecting consumers.

 

Laughable at best.

Best comment on this thread so far, didn't even think of it that way. Ha, double standard bullshit. Oh they care about us! They reeeeeeally do! But don't touch their data money... Oh no sir!

[SpaceGhostC2C]

On 6/27/2018 at 12:06 AM, mr moose said:

Even if the law goes through without change, facebook and google will still keep collecting, you just wont have the option to use their service if you don't agree to it. IF GDPR proved anything thing it is that there are no options, it's our way or the highway.

Many, many sites have gone from "by the way, you are accepting all our cookie and data management policies by using the site" disclaimer to actual opt-out controls that must be shown on your first visit (when a European IP is detected I assume). And many places I've never heard of started sending opt-in emails saying "you'll have to actively confirm you want to continue receiving our spam", meaning at least legally they have to drop you through as little effort as doing nothing.

So I wouldn't say it hasn't bring any positive change at all.

[LAwLz]

1 hour ago, SpaceGhostC2C said:

Many, many sites have gone from "by the way, you are accepting all our cookie and data management policies by using the site" disclaimer to actual opt-out controls that must be shown on your first visit (when a European IP is detected I assume). And many places I've never heard of started sending opt-in emails saying "you'll have to actively confirm you want to continue receiving our spam", meaning at least legally they have to drop you through as little effort as doing nothing.

So I wouldn't say it hasn't bring any positive change at all.

GDPR dictates that services MUST allow the user to opt-out of any collection of personal data that is not crucial to the function of the software.

Failure to comply has a VERY hefty price. 

 

Saying that GDPR hasn't improved anything is pure ignorance. We have already seen massive changes to websites not just in terms of giving users options, but also in terms of transparency. 

[mr moose]

3 hours ago, SpaceGhostC2C said:

Many, many sites have gone from "by the way, you are accepting all our cookie and data management policies by using the site" disclaimer to actual opt-out controls that must be shown on your first visit (when a European IP is detected I assume). And many places I've never heard of started sending opt-in emails saying "you'll have to actively confirm you want to continue receiving our spam", meaning at least legally they have to drop you through as little effort as doing nothing.

So I wouldn't say it hasn't bring any positive change at all.

I never said GDPR didn't bring anything positive.  I was merely pointing out that many websites opted to force users keep going as normal or don't use out service, a "my way or the highway" attitude which only became transparent for many since GDPR forced it.  In effect it is one of the major things about web services that GDPR proved.

[LAwLz]

10 hours ago, mr moose said:

I never said GDPR didn't bring anything positive.  I was merely pointing out that many websites opted to force users keep going as normal or don't use out service, a "my way or the highway" attitude which only became transparent for many since GDPR forced it.  In effect it is one of the major things about web services that GDPR proved.

What you are describing is illegal according to GDPR.

Companies MUST give users the choice to not have their personal information collected unless it can be argued in court that the data collection is essential on a technical level to providing the service. For example you must use the GPS coordinates to provide them with a service like Google Maps.

However, Google or Facebook collecting information like what preferences I have is not essential to the service they provide.

 

GDPR explicitly denies the "my way or the highway" type of settings.

[mr moose]

2 minutes ago, LAwLz said:

What you are describing is illegal according to GDPR.

Companies MUST give users the choice to not have their personal information collected unless it can be argued in court that the data collection is essential on a technical level to providing the service. For example you must use the GPS coordinates to provide them with a service like Google Maps.

However, Google or Facebook collecting information like what preferences I have is not essential to the service they provide.

 

GDPR explicitly denies the "my way or the highway" type of settings.

It doesn't appear they got the memo.

https://www.theguardian.com/technology/2018/may/24/sites-block-eu-users-before-gdpr-takes-effect
 

Quote

The US media network NPR took a simpler approach. Users could either agree to the new terms, or decline and be taken to a plain-text version of the site, looking for all the world like it had last been updated in 1996.

 

Quote

Other companies have taken a more permanent approach. Unroll.me, an inbox management firm, announced it was completely withdrawing services for EU companies due to an inability to offer its product – which is monetised by selling insights gleaned from reading users’ emails – in a way that was compatible with EU law. “We are truly sorry that we are unable to offer our service to you,” the company told EU users.

Quote

American media network A+E has blocked EU visitors from all its websites, including History.com, and some multiplayer online games, including Ragnarok Online, have switched off their EU servers.

 

Some users on this forum even posted screen shots of agreements that you either had to agree to or cease using the product. 

 

[LAwLz]

3 minutes ago, mr moose said:

It doesn't appear they got the memo.

https://www.theguardian.com/technology/2018/may/24/sites-block-eu-users-before-gdpr-takes-effect
 

 

Some users on this forum even posted screen shots of agreements that you either had to agree to or cease using the product.

Hmm, maybe I am misremembering or misunderstanding something, but I am fairly sure that was not allowed.

I'll try and find the GDPR text.

[mr moose]

2 minutes ago, LAwLz said:

Hmm, maybe I am misremembering or misunderstanding something, but I am fairly sure that was not allowed.

I'll try and find the GDPR text.

it's probably not allowed, but since when do some companies play by the rules?  Even the EU itself doesn't always stick to their directives letter for letter.