US senator's proposed data privacy law could fine company execs $5 million and send them to prison for 20 years

[Delicieuxz]

Proposed data privacy law could send company execs to prison for 20 years

 

Quote

 

Sen. Ron Wyden, D-Ore. announced a discussion draft of his Consumer Data Protection Act yesterday. The bill would establish new privacy rules that major companies must follow and establish fines and prison sentences big enough to make even the largest companies take notice.

 

Consumers would have the right to opt out of systems that share their data with third parties. Companies that don't follow the proposed law could be fined up to 4 percent of annual revenue on their first offense. The FTC currently is unable to fine first-time corporate offenders, and "fines for subsequent violations of the law are tiny, and not a credible deterrent," Wyden's bill summary says.

 

Besides giving the FTC new powers, the bill would let the agency hire another 175 staffers "to police the largely unregulated market for private data," Wyden's bill summary says.

 

Under the proposed law, executives could be "fined not more than $5,000,000 or 25 percent of the largest amount of annual compensation the person received during the previous 3-year period from the covered entity, prisoned not more than 20 years, or both," the bill says. (The more readable bill summary is available here.)

 

...

 

"Today's economy is a giant vacuum for your personal information," Wyden said. "Everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation's database."

 

US residents know very little about how their data is collected, used, and shared, Wyden continued. "It's time for some sunshine on this shadowy network of information sharing," he said. "My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans' most private information."

 

 

 

What's missing from these data privacy law proposals is the awareness that companies could aggregate personal data and then sell it without it being any identifiable person's data - yet, the existence and value of that data would still be a person's personal data, and its acquisition was only possible by taking it from somebody. The cost of generating that data would still be imposed upon individuals by companies which would still be enriching themselves are people's expense, and therefore still be unjust enrichment, misuse of property, etc.

 

Data-privacy legislation needs to mandate that people are able to never have their data (as in, data that's not essential to a requested function) harvested by companies in the first place, so that the matter of reselling it, or anonymizing or aggregating it is never a possibility in the first place.

 

I oppose companies commercializing my computer, my electricity, my hardware, software, housing, etc, and my time and my activity to profit themselves. What they're doing is data-theft and unjust enrichment. It is literally no different than if some hacker installs a cryptocurrency mining virus on everybody's computers that forwards the proceeds of mining digital currency to their own wallet.

 

It's theft, misuse of property, unjust enrichment, commercialization without a license, etc, in their most basic forms.

Since companies are unilaterally using our personal and personally-owned data to profit themselves, aren't we therefore all also entitled to do the same with their data? Since companies are making us subsidize their businesses by stealing our electricity, processing power, components, space, time, etc... aren't all therefore justified to do the same with theirs? The actions of the companies that create revenue from our data justify any attacks on their servers by outside parties, as well as any acquisition and exploitation of the data that's on their internal servers and private computers.

 

 

 

If you think you don't care about your data being harvested and sold, then kindly PM me so that we can arrange for me to install a cryptocurrency miner on your system that will use your hardware, electricity, and processing power to mine cryptocoins while funnelling all the proceeds to a private cryptocurrency wallet of mine. This arrangement will be even better for you than what corporations are doing because it won't involve any personal data of yours being distributed.

 

And if you oppose having me do that to your PC, then you've proven that you believe everybody is entitled to not have their data harvested by companies in the first place, let alone sold and used to profit companies.

[Cereal5]

@Crunchy Dragon Might as well lock this one as well since Senators and Laws are inherently political.

 

Google is gonna have to really change if this goes through lol (it won't)

[captain_to_fire]

Does it mean we might see Mark Zuckerberg behind bars? 

[Delicieuxz]

9 minutes ago, Cereal5 said:

@Crunchy Dragon Might as well lock this one as well since Senators and Laws are inherently political.

 

Google is gonna have to really change if this goes through lol (it won't)

 

Google, Microsoft, Facebook, Twitter, etc already have to implement those would-be required changes, at least for California (the US' largest state economy), as a result of California passing its Consumer Privacy Act, which mandates that all Californians can choose to not have their data collected, or just not sold if they prefer.

 

California's legislation passed unanimously in the Californian senate and comes into effect January 2020.

 

 

[Speed Weed]

30 minutes ago, Cereal5 said:

@Crunchy Dragon Might as well lock this one as well since Senators and Laws are inherently political.

 

Google is gonna have to really change if this goes through lol (it won't)

The thread is open. 

[poochyena]

1 hour ago, Delicieuxz said:

It's theft

You are literally giving it to them. You can't give someone something, and then claim theft. They only know what you tell them or show them.

[Delicieuxz]

54 minutes ago, poochyena said:

You are literally giving it to them. You can't give someone something, and then claim theft. They only know what you tell them or show them.

This subject isn't about data that is given to companies for the sake of using a service, but about data that is non-essential to requested actions, that is unilaterally taken by companies, without non-coerced permission and often without any type of permission whatsoever. There is an enormous amount of the latter type of data being taken by companies without people's awareness of it - such as perhaps you have just demonstrated.

 

 

I haven't given my data to many of the companies that are taking it, like Microsoft is.

 

It's non-authorized taking of this data is theft precisely because I and others haven't authorized those companies to take or use it, or even authorized them access to my computer from where they are taking the data - yet they are taking it without permission. Nor have I used any services that require that data to be taken to complete the function I request.

 

 

What many companies, for example, Microsoft, are doing is literally theft, and no different than somebody walking into your house and taking your possessions which they then use for their own self-profiting purposes.

 

 

People can use the Microsoft Diagnostic Data Viewer tool to watch which data Microsoft is stealing from their PC:

 

https://www.microsoft.com/en-us/p/diagnostic-data-viewer/9n8wtrrsq8f7

 

People can also look through this page to view all the data that Microsoft steals from their PCs no matter how they set the telemetry setting in Windows 10 Home and Pro:

 

https://docs.microsoft.com/en-gb/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809

 

 

Basically, every mouse-click you make in Windows 10 is recorded into data and that data is then stolen from your PC by Microsoft. And Microsoft doesn't ask for permission to take that data, nor do you give it to Microsoft. Microsoft doesn't even tell Windows owners within the Windows 10 OS that they're taking that data. Microsoft just takes it, and uses it to profit themselves.

[mr moose]

2 hours ago, Delicieuxz said:

It's theft

 

So piracy is not theft because nothing physical was taken from the owner, but this is?

 

For the record I agree with these privacy measure and hope they go through without too much bastardization, however if theft can't be used to describe taking IP and CR content  without paying for it then you can't claim the same about data. 

[Delicieuxz]

8 minutes ago, mr moose said:

So piracy is not theft because nothing physical was taken from the owner, but this is?

 

For the record I agree with these privacy measure and hope they go through without too much bastardization, however if theft can't be used to describe taking IP and CR content  without paying for it then you can't claim the same about data. 

I agree that those things can certainly be described as theft. But, have I advocated taking IP and Copyright content without authorization? I don't think so.

 

Companies taking your and my data from our machines and using it for their profit is the same as you or I taking their data and using it for our profit. If we do that, it's called data-theft, and hacking and property violation charges are applied. And if we use some company's resources, such as their electricity and computers, without authorization to fuel our own separate business, that's called theft, misuse of property, unjust enrichment, and we'd be sued for doing those things if caught.

 

It is the same when a company does it with our data, and when a company uses our resources to run their business.

[Andreas Lilja]

Lmao Americans and their hard-on with prison.

 

 

[poochyena]

1 hour ago, Delicieuxz said:

no different than somebody walking into your house and taking your possessions which they then use for their own self-profiting purposes.

 

1 hour ago, Delicieuxz said:

People can use the Microsoft Diagnostic Data Viewer tool to watch which data Microsoft is stealing from their PC:

You are giving them the data by using windows. They aren't stealing it. I'm not sure you understand the concept of theft.
If you go outside, everyone around sees what clothing you are wearing. Are all those people that look at you stealing personal data from you because you didn't tell them that they can take that data?

[mr moose]

6 minutes ago, Delicieuxz said:

I agree that those things can certainly be described as theft. But, have I advocated taking IP and Copyright content without authorization? I don't think so.

 

Companies taking your and my data from our machines and using it for their profit is the same as you or I taking their data and using it for our profit. If we do that, it's called data-theft, and hacking and property violation charges are applied. And if we use some company's resources, such as their electricity, without authorization to fuel our own separate business, that's called theft and we'd be sued if caught.

 

So should it also be when a company does it with our data, and when a company uses our resources.

I agree with that.  I'm just not that sure many of the common larger companies are doing it without our permission.

[Delicieuxz]

7 minutes ago, poochyena said:

You are giving them the data by using windows. They aren't stealing it. I'm not sure you understand the concept of theft.
If you go outside, everyone around sees what clothing you are wearing. Are all those people that look at you stealing personal data from you because you didn't tell them that they can take that data?

Now there's are a couple of flagrant false analogies. And it's clear that you don't understand the concepts of personal property, of ownership, and of using your own property.

 

1. Using something, much less your property, isn't giving anything to anybody. When you use your car, you aren't giving the car manufacturer the right to watch you via cameras inside the vehicle. Them doing such would be an invasion of private property and of privacy - just like it is when companies access your computer and take your personal and personally-owned data from it.

 

2. When you buy something, you own that thing and all entitlements regarding it are yours. Using something you bought and own doesn't entitle the manufacturer to your things. Buying a power tool doesn't entitle the manufacturer to come into your garage and use it for their business.

 

3. People seeing the clothing you wear in public is analogous to people seeing the things you post on online forums and other public spaces. Companies taking your personal and personally-owned data is analogous to people walking into your house and taking your possessions out of it, all without permission.

[mr moose]

9 minutes ago, Delicieuxz said:

2. Using something you bought and own doesn't entitle the manufacturer to your things. Buying a power tool doesn't entitle the manufacturer to come into your garage and use it for their business.

 

 

It would if the contract of sale had a condition that meant they could come and take photos of the work you do with it.  Here is the problem with trying to compare physical products to software products, software products come with the inherent ability to go further in data acquisition (hence the reason this is a problem in the first place).    And to be honest the only time this becomes a problem is when you don't have a viable alternative for the software you are using.  Because then you do you don't have to agree to the data clauses in their product design.

[poochyena]

1 minute ago, Delicieuxz said:

2. Using something you bought and own

you don't own windows. You buy a license for it.

[Delicieuxz]

55 minutes ago, poochyena said:

you don't own windows. You buy a license for it.

False, on the first part.

 

You buy a license, a license being a right, to use the Windows intellectual property via an instance of it. But, you buy your non-reproduceable copy of the Windows IP.

 

'This software is licensed, not sold' means 'this software' (IP) is licensed, not sold. But, 'this software' (instance / copy / license) is sold, not licensed or leased.

 

'Windows' is the description of both its IP and the individual copies of it, just like the name of a car model is the same for both its its IP and for the individual instances of it that people buy and own. Your copy of Windows 10 is your property that you exclusively own.

 

It is exactly the same situation with software as it is with all the physical goods that you own, such as your clothes - you didn't buy their intellectual properties, but you bought a licensed-instance of them. Software and physical goods are the same in this reagard, as ruled by top courts around the world.

 

I have a link in my signature about that.

 

 

Whenever you give money for something, you've become owner over some entitlement. In the case of Windows 10, which is a product and a good, when you give money (or accept a free upgrade offer) for the packaged product of Windows 10, you become the sole owner of your copy of Windows 10. It is your personal property, which is why Microsoft entering into your OS to take data that is non-essential to a requested action without authorization is property violation and theft.

 

Though, even with the matter of the OS aside, your hardware is also your property distinct from your OS property and using any software on your hardware doesn't grant any company any limited ownership over your hardware to be able to use it for their purposes.

[poochyena]

to be clear, they aren't taking data, they are copying data, so its not theft. When you buy windows, you agree to send them data and to let them make modifications to your OS. So yes you own the OS, but they own it too.
You might not like it, but you volunteered yourself to it by buying and using windows.

[Delicieuxz]

34 minutes ago, poochyena said:

to be clear, they aren't taking data, they are copying data, so its not theft. When you buy windows, you agree to send them data and to let them make modifications to your OS. So yes you own the OS, but they own it too.
You might not like it, but you volunteered yourself to it by buying and using windows.

Again, that's not true.

 

If you access a company's computers and take their data - as in, you copy it while leaving the original copy on their computers, that's officially called data-theft.

 

When you take and use an IP without permission, even though you didn't remove the IP from the owner's possession, it's called IP-theft.

 

When you violate a copyright, it's called copyright-theft, even though you merely copied the owned content, and didn't remove it from the original owner.

 

These things are theft, plain and simple, because ownership includes decision-making authority over the thing that is owned, and so anybody deciding to make use of what is yours has violated your ownership over that thing by stealing an entitlement from you.

 

 

 

Also, nobody volunteered to such by purchasing and using Windows. The Windows 10 EULA doesn't contain such a claim, nor do the Windows 7 and 8 EULAs that many people received their 'free upgrade' of Windows 10 from.

 

This part from the Windows 10 EULA (which I think doesn't exist in the Windows 7 and 8 EULAs - and one party cannot unilaterally change the terms of a contract once it's accepted) :

Quote

3.      Privacy; Consent to Use of Data. Your privacy is important to us. Some of the software features send or receive information when using those features. Many of these features can be switched off in the user interface, or you can choose not to use them. By accepting this agreement and using the software you agree that Microsoft may collect, use, and disclose the information as described in the Microsoft Privacy Statement (aka.ms/privacy), and as may be described in the user interface associated with the software features.

 

... defers to Microsoft's Privacy Statement, which itself, from what I recall from the last time I thoroughly read it, only specifies data transmission in the course of utilizing online services that require that data - yet, in observable practice, Windows 10 transmits far more data than simply what's needed for those services. Nowhere does the Microsoft Privacy Statement entitle Microsoft to any data that is not relevant to the functioning of online services.

 

Nor would it be reasonable to conflate use of software as having the type of strings attached that would grant the publisher some entitlement, which would be some ownership, over your hardware, electricity, etc.

 

With most online services (Amazon, Facebook, Google, Twitter...) that you use, the analysis, computation, generation, and collection of user data occurs on the side of the service provider, by their own servers - and so there's no commercialization or violation of your property involved. With Windows 10, it's different: The generation, organization, and processing of data occurs firstly on your own computer, using your electricity and hardware and software resources - and that is a commercialization and violation of your property.
 

 

There's also the matter of the reasonable person test, which is really strained by a claim that by using a product the manufacturer is entitled to something for your usage of it: https://en.wikipedia.org/wiki/Reasonable_person

 

There's also fact that in some countries any agreement that isn't presented on the outside of a product's packaging is invalid by default.

 

There's also the fact that EULAs don't count for anything in the European Union, and have had very limited success in court in other countries.

 

There are also contradictions between selling something and being able to claim entitlements to something that is no longer yours after you've sold it.

 

And there are still other issues with the idea that somehow these companies are justified in taking people's data. They aren't, they've simply been doing it off the radar for a long time. And now that what they're doing is becoming revealed in the public space, governments around the world are cracking-down on it.

[Taf the Ghost]

Can robots serve Jail Time? Seems like a relevant question to this issue.

[RejZoR]

Good, because the way most companies treat privacy is lets just say "excessively overreaching".

 

Has anyone read Google's privacy statement? They have it with colorful animations and everything and they say they take your privacy very seriously and that they don't share your info with anyone. And then in the next paragraph they go on how they share your data with pretty much everyone they stumble upon with an explanation they are doing it to make your experience better. Sure you do...

[Trik'Stari]

6 hours ago, Delicieuxz said:

data that's not essential to a requested function

I've been saying this for a while now.

 

My fear is that their argument will be, and I think alot of you will agree with me on this, 

 

"If we can't collect X, we can't sell it, and can't afford to provide the requested function".

 

Which is an asinine argument. My analogy would be GPS. Your GPS needs your location or an location in order to function. However it does not need to know where you've been shopping for the last six months. Although I'm sure they could find a function that could actually require that data in order to provide some service.

 

However, I don't think they should be able to sell peoples data to 3rd parties without consent. The implied choice should be to opt-out, and the customer should need to go out of their way to opt-in. Even if they do, maybe they should be entitled to a little compensation for the sale of their data.

 

And they absolutely SHOULD be completely responsible for who they choose to sell that data to, and whether or not their ability to store said data is secure.

[mr moose]

2 hours ago, RejZoR said:

Google's privacy statement?

Not sure what describes these three words in that order best:

 

Oxymoron

Hypocritical

irony in effect

nugatory.

 

 

Whilst I think oxymoron might be the closest to semantically true, I find the word nugatory to have the added quality of sounding funny.

 

[Trik'Stari]

3 minutes ago, mr moose said:

Not sure what describes these three words in that order best:

 

Oxymoron

Hypocritical

irony in effect

nugatory.

 

 

Whilst I think oxymoron might be the closest to semantically true, I find the word nugatory to have the added quality of sounding funny.

 

I don't think I've ever heard or seen that word used. Neato.

 

Side note: Seriously, can we get some legislation or an international agreement to change website standards to black background with white or otherwise colored text? White background with black text is getting so annoying these days. IIRC it would be power saving as well as reducing eye strain.

[mr moose]

2 minutes ago, Trik'Stari said:

I don't think I've ever heard or seen that word used. Neato.

You can thank my cheap imitation bourbon fueled brain state for digging that out of somewhere,   and having the presence of mind (what's left of it) to check it was contextually accurate.

[Trik'Stari]

Just now, mr moose said:

You can thank my cheap imitation bourbon fueled brain state for digging that out of somewhere,   and having the presence of mind (what's left of it) to check it was contextually accurate.

I'm sitting in a dark hotel room with a hangover. Woke up an hour early (or late?) thanks to the time change and my seeming inability to sleep more than 4-6 hours straight. Got drunk last night, had a massive steak on the company last night. Worth it.