Privacy and the sharing — and keeping — of data collected via the Internet is getting a lot of attention lately. California just passed and Governor Jerry Brown signed into law the nation’s toughest consumer data protection law.
More on that in a bit.
The Senate Commerce Committee is now looking at a set of national rules to regulate how companies use your data. The Internet industry wants a lighter government burden and with a Republican-controlled Congress it may get what it wants. From their perspective, critics and privacy advocates say — unfortunately — the law being looked at will keep states from enacting their own, stricter privacy laws.
Companies need and want the data — where you’ve been, what you view, sites you frequent, who your friends are, etc. — to market their products. The concern is special interests who mine that information to sell for a profit.
Those supporting a weaker law that limits what states can do include AT&T, Amazon, Google, Twitter and Charter Communications. They want a law that negates what they term are “inconsistent” state data safety laws. Apple — who attended the recent committee hearing with the other companies — is more in favor of a stronger federal law.
Some Democrats in Congress say a bill that is less restrictive about how information can be mined won’t get bipartisan support. However, committee chairman Sen. John Thune — a Republican from South Dakota — said he hopes a consensus can be reached between the two parties to “help consumers, promote innovation, reward organizations with little to hide and force shady practitioners to clean up their act.”
Doing away with Obama administration protections, President Trump — favoring less restrictions — signed a bill into law last year that allows Internet providers to sell information about the web-browsing habits of their customers.
That’s not going to work for consumer advocates.
Public Knowledge is one of the consumer groups most concerned at a proposed soft law and what the Trump administration favors. Its policy counsel is Allie Bohm. She said a lot of companies don’t just use data for marketing. Many will restrict what some people can see. She cited African Americans not getting access to housing ads and older people not being able to see job postings.
Privacy advocates also want legislation that takes into account, and tracks how data is collected, used, kept, shared and sold so it cannot be abused. It’s what is being done in Europe’s 28-nation European Union. Companies have to justify what they’re doing.
California’s law is the most restrictive in the nation. It requires companies to inform customers — upon request — about what data they’ve collected and then how it is being used. In return companies can give discounts to people — or pay them outright — for the use of their data. Compensation will depend on how much the company gets for the data.
Amazon’s general counsel is Andrew DeVore. His firm doesn’t like the California law and he said the Senate needs to consider what’s wrong with California’s take on data capture and sharing. Amazon contends it defines “personal information” too broadly.
However, California’s law won’t take effect until 2020 and it only applies to the Golden State. And while a lot of Internet-based firms aren’t happy with data collection part of what California is doing, they are equally concerned with the state’s take on the Internet of Things (IoT).
Security expert and pundit Robert Graham said the law has good intentions but it’s not that practical. “It's based on the misconception of adding security features. It's like dieting, where people insist you should eat more kale, which does little to address the problem you are pigging out on potato chips. The key to dieting is not eating more but eating less. The same is true of cybersecurity, where the point is not to add ‘security features’ but to remove ‘insecure features,’” he wrote. “For IoT devices, that means removing listening ports and cross-site/injection issues in web management. We don't want arbitrary features like firewall and anti-virus added to these products. It'll just increase the attack surface making things worse.”
In conclusion, Graham said, “this law is based upon an obviously superficial understanding of the problem. It in no way addresses the real threats, but at the same time, introduces vast costs to consumers and innovation.”
Source links: Insurance Journal, ZDNet, Digital Trends