Ask Slashdot: Do We Need Opt-Out-By-Default Privacy Laws? 92
"In large, companies failed to self-regulate," writes long-time Slashdot reader BrendaEM:
They have not been respected the individual's right to privacy. In software and web interfaces, companies have buried their privacy setting so deep that they cannot be found in a reasonable amount of time, or an unreasonable amount of steps are needed to attempt to retain data. These companies have taken away the individual's right to privacy --by default.
Are laws needed that protect a person's privacy by default--unless specific steps are taken by that user/purchaser to relinquish it? Should the wording of the explanation be so written that the contract is brief, explaining the forfeiture of the privacy, and where that data might be going? Should a company selling a product be required to state before purchase which rights need to be dismissed for its use? Should a legal owner who purchased a product expect it to stop functioning--only because a newer user contract is not agreed to?
Share your own thoughts and experiences in the comments. What's your ideal privacy policy?
And do we need opt-out-by-defaut privacy laws?
Are laws needed that protect a person's privacy by default--unless specific steps are taken by that user/purchaser to relinquish it? Should the wording of the explanation be so written that the contract is brief, explaining the forfeiture of the privacy, and where that data might be going? Should a company selling a product be required to state before purchase which rights need to be dismissed for its use? Should a legal owner who purchased a product expect it to stop functioning--only because a newer user contract is not agreed to?
Share your own thoughts and experiences in the comments. What's your ideal privacy policy?
And do we need opt-out-by-defaut privacy laws?
Yes (Score:5, Insightful)
Next question.
Re: (Score:3)
Re: Yes (Score:2)
Also not enforceable in the US.
Re: (Score:1)
"And I have the right to define what is and is not legal" - said every authoritiarian government everywhere, and most non-authoritiarian ones as well.
Re: God Given Right (Score:2)
Re: (Score:2, Informative)
Don't know what good it will do. We have a lawless government right now...
Maybe, if you can get an executive order, you might get "privacy"
Re: Yes (Score:1)
Re: (Score:2)
What is GDPR? (Score:5, Insightful)
GDPR is basically that.
Also "opt-out by default" is called opt-in.
Re:What is GDPR? (Score:4, Insightful)
The EU has received massive flak for the GDPR, both from the US and from within. Some (mostly redneck) US publications still block EU web clients. Now it suddenly turns out, that all these regulations are actually good and worth taking a closer look at. Imagine my surprise!
PS: remember the story with the face detection engine in a soda vending machine [slashdot.org], and especially remember the quote from the vendor:
These systems adhere rigorously to GDPR regulations and refrain expressly from managing, retaining, or processing any personally identifiable information.
Re: (Score:2)
In fact, embracing GDPR was a business opportunity for a company I recently worked at. Their whole business is PII (HR software). We already were "compliant" with GDPR for customers in the EU, but there are lots of companies out there that wanted their data stored geographically in the EU in order to get the full protections of GDPR. So we spun up a production environment in an AWS region in the EU and modified our front-end router to send EU customers to the EU environment, and that represented about $4
Re:What is GDPR? (Score:5, Insightful)
The more such companies cry, the more they prove that the law works.
Yes, of course it kills business models. If your business model is to abuse user data, it deserves to be destroyed. They should never have been allowed to do such things first place
Re: (Score:2)
Also "opt-out by default" is called opt-in.
It certainly is. Of course opting in is implicitly buried in a twelve page legal blurb:
"By using this... you agree to opt in to ... and if we make something up later, you opt in to that too"
There probably should be a more targeted law because this landscape is ridiculous.
Re: (Score:3)
Nah, ToS that allow it by default if you don't use an off-switch are the opt-out model. Opt-In means off by default.
Opt-X means you need to click something to achieve X.
The biggest problems are the pseudo choices:
Do you want cookies? YES ALL / My choices (and then a menu where you can do 200 clicks to disable all advertising partners and then be presented with 20 more that are "legitimate interest" and cannot be disabled).
Re: What is GDPR? (Score:2)
That's actually against the GDPR, too. Google got grilled for it recently.
Opting out isntallowed to be substantially more complicated than opting in. We're still left with anti-patterns, so it's not a level playing field by any definition. But at least we have a reasonable chance.
Re: What is GDPR? (Score:2)
Baby don't opt me in, don't opt me in, no more.
Re: (Score:2)
GDPR is on paper great, but could do with better enforcement. One of the most common issues is websites that opt you in to unnecessary cookies by default. At least you can get a browser add-on that automatically opts you out (or better still CookieAutoDelete that just blows away all site local storage after you leave).
So I'd say model it on GDPR but make enforcement stronger, and learn the kinds of tactics companies use to try to get around it and make sure those are covered.
Re: (Score:2)
GDPR isn't bad, but it could be improved. The EU was somewhat hesitant to prevent workarounds. Cookie banners aren't required by law. They're a workaround to obtain user consent that isn't actually needed (except for "legitimate interest," which is interpreted liberally). Ideally, regulators should have stepped in when the first cookie banner appeared, stating, "The law says you shouldn't process data without user consent, not force users to give consent when they don't want to." However, this is difficult
Re: (Score:2)
Recital 32 of GDPR basically bans cookies banners, but the problem is it hasn't been enforced. It says that consent must be freely given and not coerced in any way, and clearly an annoying banner is coercion.
A court just ruled that they have to at least put a "decline all" button with equal prominence on the banner though. I think it was in Germany.
Re: (Score:2)
I think this one is a even stronger case. They had one court case that resulted in Google getting its "reject all" button, but now a belgian court ruled that the "consent string" created by the cookie banners is personal data.
https://www.ccm19.de/en/iab-tc... [ccm19.de]
Re: (Score:2)
Nice. Hopefully there will be a reduction in the banners due to rules like that. Clearly anything that interrupts you is not compliant IMHO, but getting regulators to enforce it that way is proving difficult.
Re: (Score:2)
That would mean reducing tracking. There is a whole industry devoted to providing tracking solutions. Of course, they find another way to obtain alleged consent, and it then takes another five to ten years for a court to rule it invalid. If we're unlucky the next step is "Login to read".
I suppose we would already have this if sites didn't lose too many readers when they tried it. However, when they can't use tracking ads, the math looks different, and they'd rather start enforcing a login than provide a sit
Re: What is GDPR? (Score:2)
A better regulation would be to force browser makers to allow optin resources for third parties or block specific resources domains without any plugins. If I browse to https://slashdot.org/ [slashdot.org] any resources that is not from slashdot.org should be opt in.
Re: (Score:2)
You can do that with uBlock Origin I think. You have to turn on advanced mode.
I'd say 3rd party cookies should definitely die, and there should be a standard way for the browser to signal to websites that the user rejects all non-essential cookies and other data storage without having to click anything.
Re: What is GDPR? (Score:2)
UBlock is good for me, but making third party resources opt in for everyone is good for the Internet.
We need smartphones (Score:3)
Re: We need smartphones (Score:1)
In a world where groupthink says profit is the highest goal, why not liberate financial markets so the crowd can play with virtual derivative assets while real things like phones become hobbyist enterprises that engineers on a strong basic income actually want to use?
Re: (Score:2)
We also need "highly immoral" browsers that can be configured, by users, to lie, mislead and spoof by default. There are only very particular times when I want to be logged in to anything, and I'd rather do that on a tab basis, and that tab should be a world unto itself.
No one else should be in a position for deciding if we're opt-out-by-default, it should be nearly impossible to opt us in to anything.
Re: (Score:3)
Re: (Score:2)
That are actually secured that dont datamine and dont spy on users, and without backdoors
That are actually Open Source at all levels - hardware, firmware, software. If what you're holding in your hand isn't totally open and transparent and auditable, then the only sensible default assumption is that you don't truly own it, and that it's spying on you.
The infrastructure that your device connects to is a whole other matter; but again, openness and transparency are vital. The fact that, as members of ostensibly free societies, we actually sign up and pay for being pwned on a daily basis, is tragic
Why Should Companies Respect Privacy? (Score:2, Informative)
Re: (Score:2)
Consumers themselves show little respect for their own privacy.
You state that as if it's a well-known fact. I don't think it is. Please elaborate and support your statement.
Re:Why Should Companies Respect Privacy? (Score:5, Interesting)
Re: (Score:2)
I hate online flame wars, but you've misunderstood me and missed my point.
Many people do what you did- dive into the details. My point is: most Android and iPhone users are totally unaware of the lack of privacy in their phones (and computers). Nobody I know knows or cares, and some think I'm "paranoid" because I do care, and try to take steps to limit my exposure to hoovering.
You mentioned iPhone privacy settings: what percentage of iPhone users even know about it?
In case I'm not being clear, my point is:
Re:Why Should Companies Respect Privacy? (Score:5, Insightful)
Are laws against fraud "paternalistic"? Are laws against computer viruses paternalistic? I suppose so. Anything that protects people is paternalistic. But if you think people should own the information about themselves then any use of it without their approval is theft. We don't let someone buy a copy of a painting and make 50 million more copies with the defense that they bought it. But someone can collect your address and sell it to as many people as they want along with whatever other information they have about you.
We now live in a world where there is no reasonable expectation of privacy. And ultimately, that means there is no freedom.
Re: (Score:1)
The answer only depends on how paternalistic you views are.
What a psychopathic view you have.
Consumers themselves show little respect for their own privacy.
Consumers have very little awareness of how much companies know about them.
Even if they do, they have very little understanding of the risks about someone knowing so much (including potential/future ones due to a changing world **cough**america**cough**).
And this is not just about companies, this is also about people who can access to that data, or can acquire it later.
Why Should Companies Respect Privacy?
That's the whole point! Because they don't, we need laws to force them!!
Re: (Score:2)
Consumers themselves show little respect for their own privacy.
If that's true, then it's arguably a matter of education, and of countering corporate and government propaganda.
Do we need opt out by default? The answer only depends on how paternalistic you views are.
Paternalism in any social hierarchy more than a few levels deep is pretty much inevitable. So the question becomes one of what flavour of paternalism you support. Which would you prefer - paternalism which promotes your freedom and your best interests in both the short term and the long term, or paternalism that propagandizes, gaslights, and defrauds you while making you more dependent on the olig
Re: (Score:2)
Not really. I choose to opt out now, but as pointed out in the summary the options to do so are often buried under a ton of unlikely crap. In addition, it's all too common for the settings to "accidentally" flip back to default or new settings appear set to opt-in with no notice to me that it even exists.
I don't think I'm trying to be my own dad when I say default should be opt-out by law. Once that is done, the incentives change and suddenly privacy settings will be easy to find and change and new options
I get other peoples data... (Score:2)
Re:I get other peoples data... (Score:4, Interesting)
Re: I get other peoples data... (Score:3)
The best one was a dentist that kept emailing me appointment information for someone else's kids.
I had something similar and I emailed back to cancel the appointment. They soon updated their records.
Re: (Score:2)
Re: (Score:3)
People need to own their life/data from birth (Score:2)
I used to say people should own copyright to their own data from birth, but with what happen in last week copyright no longer means anything. Two the major AI companies are leaning heavily on current administration to allow then to use copyrighted data to train AI on. The current administration loves tech so they just fired the woman who headed copyright and was fighting to stop AI from using copyrighted material without permission. Add to that Musk is pushing is buddy in office to get rid of law on
Re:People need to own their life/data from birth (Score:5, Informative)
The current administration loves tech
Correction: The current administration loves billionaires. And those billionaires told the Admin that they should love "tech". Given that the Ed. secretary doesn't know the difference between steak sauce and LLMs, and according to Trump "Everything's Computer", it's not to hard to figure out the admin doesn't know what it's talking about.
Entire industry needs regulation (Score:5, Insightful)
The personal data brokerage industry is vile.
Opt-out web pages are mostlt exercises in collecting additional data to complete the dataset.
Theses companies are scum, and they make a *lot* of money trading *our* personal data.
They should be regulated out of existence.
Re: (Score:1)
Work in progress: https://project2029.site/consu... [project2029.site]
KNIFE in the back (Score:2)
I get a lot of spam. When I complain I'm told "you can just delete it."
That's like someone knifing you in the back and the police say "Well you can just pull out the knife."
The right answer is no spam, no privacy violation, no selling of private data (or PII), and no need to "opt-out".
If you CHOOSE to opt-in, well that's a problem of your own making.
But government have made too many carve-outs. So political donation requests and direct marketing that has an "unsubscribe" link are magically ok.
See knife an
Re: (Score:2)
Things would change if courts would award damages for time and effort wasted fixing the problems caused by all of this personal information gathering and correlating. Poster above mentions getting incorrect bills because someone used (or perhaps mistyped) his email address. If we could track our time spent fixing these things, then charge the offenders at lawyer's fees ($300/hr for example), maybe people would be much more careful with our personal information.
There should be NO Out Out by default (Score:1)
Re: (Score:2)
I hate Microsoft Recall but at least it is Opt in, not Opt Out!
First time?
Yes but unfortunately (Score:2)
We need faster than light travel (Score:2, Interesting)
If you're going to ask for things you're not going to get why stop at privacy laws? I mean I'm assuming you're American if you're asking this question at all.
Americans have an entire different set of priorities besides privacy and a stable economy. That was made crystal clear last November.
But of course we need more (Score:1)
Antitrust laws although. Whatever the case the actual solution is antitrust law enforcement so we can go back to having competition. Capitalism without competition is just fascism.
Market consolidation and a complete lack of antitrust law enforcement means that if you try to go fast and break things you will either get run out of business or if you're really really lucky a few million bucks tossed your way to go away.
I suspect if we had proper antitrust law enforcement HP would not be allowed to do these kin
Yes, and... (Score:2)
Quite obviously yes (Score:4, Interesting)
There is no way that the likes social networks would do this shit otherwise that's for sure.
Opt-out by default will never happen (Score:2)
At the federal level in the United States. States may try, but our current regime (i.e. the US Federal Government) may prohibit them from doing so.
These are precarious times folks. You are going to need to do more planning ahead, as well as thorough research to avoid the pitfalls which are being placed in our way by the current regime through the budget reconciliation process.
One of the main goals of the current regime is to make it easier businesses to "harvest cash" from the citizenry. In fact, I almost
Re: (Score:2)
Corporations were doing that long before the current regime. Do you have any examples of the current regime forcing citizens to hand over cash?
These days, I tend to think of corporations as vampires - not so much because they act like human parasites (although that's very true) but because they can't suck you dry if you don't invite them in. As soon as you purchase their product or service,
Law does not apply (Score:2)
It really does not matter what the law says. Certain companies will continue to do what they want regardless, and the enforcement will always be lacking.
Beware of unintended consequences (Score:2)
Do you consent to forfieting your privacy?
_ YES, give me the 50% sucker discount off your listed price which is twice what your services is worth
_ NO, charge me the inflated list price [DEFAULT]
If "opt in" becomes the law, everyone may make you choose some version of the above. They won't be so obvious of course, they will just have higher prices but you can opt in for "membership special offers."
Oh wait, that's happening already.
Come to think of it, it was happening long before computers. "Hey kids, send
Has all this been worth it? (Score:2)
I guess I'm not a marketer but for all this god knows how many TB of data out there, billions of human-hours, spent so websites can find the "perfect" ad just for me and is the success rate really that much better than when mad-men style agencies try to read trends and appeal to broader segments?
There's little social utility, I would argue little economic or business utility to this ever boundless tracking and it creates a lot of perverse incentives. If that's all true those are things we can and should be
of course (Score:2)
by the time the customers opt out, the companies already got your data.
"No more half measures, Walter." (Score:2)
Perhaps we need apps that are data-less, Placeholder App Model so to speak.
What I mean by that is that perhaps we need apps that are built in a way that they do not store or extract user data out of the device at all. Apps that run on your device, do all the processing on your device, but your data never leaves your hardware. The app simply connects to your data store, fills in all the placeholders on the page with your data, calculates the rest, does something useful with it and that's all.
I know it's a ve
Re: Absolutely yes; penalize offending companies! (Score:2)
The penalties don't have to be that high as long as they are paid to the complaintant and reporting/adjudication is very simple. Fines paid to the government for this are dumb as shit. This should be turned into a bounty on bad actors.
Of course opt out by default. (Score:2)
Their privacy deficiency is a deficiency to the community we are all part of.
And don't say you are not part of a community, we all are.
Difficulty (Score:2)
for me is you need a coherent framework not only for current circumstances but a future technologies. And that is not just limited to corporations. Your local busybody with a swarm of drones eyeing the neighborhood is just as bad.
As we have now, regulation cannot hope to keep pace with technological development. And government contracting the private sector (or foreign countries) as an end-around the law will not be put back in the bottle.
The best I think you can do is HEAVY penalties for database breaches
Odd omission in the US Constitution (Score:2)
I mean, the founders did try to think ahead, and they did try to limit governmental power ("The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures..."). Even that has been watered down beyond belief: the government has full insight into your entire financial life, as employers, banks, and everyone else reports financial data to the government. However, they did not foresee the invasiveness of private companies into your private life.
Is
Re: (Score:2, Insightful)
The whole point of making the Bill of Rights open ended is that it covers all these special cases. James Madison was a really smart guy. He deliberately wrote the 9th and 10th Amendments to provide for everything not explicit. It was fully intended that any such rights asserted would apply not just to government but also to private entities.
After all, the Founding Fathers were quite familiar with the problems private entities could pose to individual freedom as a result of their studies of Roman history,
Re: Odd omission in the US Constitution (Score:2)
"the government has full insight into your entire financial life, as employers, banks, and everyone else reports financial data to the government"
You can work for yourself doing contracting or running a small business, and avoid banks if you want to skip this sort of government oversight. Lots of things the government only has authority to do because it bribes states and citizens to subject themselves to rules that they otherwise would not have to follow. Don't take the bribe.
The reality is when the country
Make software and internet services (Score:2)
opt out or opt in (Score:2)
Yes, But No (Score:2)
No, because people are the product when it comes to software and services. Collecting data about your use of software or a service for metrics/analytics and then selling that data allows the software/service to be provided for free. No one will opt-in to have their privacy turned off, so the model collapses. When that model collapses, no more free things.
It's all about perspective (Score:2)
Wouldn't these companies say that it's all "opt-out by default" because by "default" you aren't doing business with them?
By doing any level of business with a company you are, in effect, opting-in. Just like when you shake a stranger's hand you're opting in to viral exposure, and if you walk down the sidewalk you're voluntarily exposing yourself to pollution and dirt on your shoe.
When you deal with a company you have to either do a bunch of research to understand what you're opting in to, or you just have t
Re: It's all about perspective (Score:2)
Vast majority of consumer protection law is protecting you from yourself, rather than companies. You always have the option of verifying everything, reading all the fine print, hiring attorneys as necessary, etc. for every transaction you make. But most people will fuck this up all the time. So consumer protection laws limit your ability to enter into various abusive contracts, whether entered into explicitly or implicitly, thus protecting you from yourself.
Yes, but your corrupt political apparatus can't (Score:2)
hear you over all that bribe money (lobbyists).
Laws? (Score:3)
Who actually thinks that laws have any merit in the US any more? We have bigger problems than trying to regain some level of privacy that is never going to be returned, short of forcibly taking it back. The cow has left the barn. Laws? Legislation? Too late kiddies.
Yes (Score:2)
And, you know, you _can_ just copy the GDPR that has all that and that is currently in no way ruining Europes IT industry, despite predictions of gloom and doom.
Re: Yes (Score:2)
"no way ruining Europes IT industry"
Yeah, cause European software is so relevant to every body. Europeans barely use any American software because they have such a vibrant homegrown tech industry.
Re: (Score:2)
You have no clue what you are talking about. The usual for an US cretin.
Not if you want FREE services... (Score:1)
but but (Score:2)
privacy (Score:2)
Privacy is not privacy if you have to opt out of surveillance.
It will be like cookies popups (Score:2)
Essentially you won't be able to use the service unless you consent, sooo... pretty much everyone will have to opt-in if they plan to do anything online.
Either that or you pay a subscription up-front. Make your pick.