And, here's EFF's position: " Americans Deserve More Than The Current American Data Privacy Protection Act" https://www.eff.org/deeplinks/2022/07/americans-deserve-more...
> SEC. 210. UNIFIED OPT-OUT MECHANISMS. For the rights established under sections 204(b) and (c), and section 206(c)(3)(D) not later than 18 months after the date of enactment of this Act, the Commission shall establish one or more acceptable privacy protective, centralized mechanisms, including global privacy signals such as browser or device privacy settings, for individuals to exercise all such rights through a single interface for a covered entity to utilize to allow an individual to make such opt out designations with respect to covered data related to such individual.
Paying any sum of money to receive a copy of or request to delete my private data is unreasonable in nature.
You talk to people and ask them why they are worried about companies collecting data, and a certain percentage will tell you they don't like that the government could get it with a court order. That'd be a HUGE improvement over the current situation where they don't have to, they just collect it directly.
I think this is not about protecting the rights to data and privacy of american indivudal citizens...the other kind of american citizen, the american corporation, on the other hand, stands to gain a lot from this.
> To provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.
ah, so corporations can well-foundedly and meaningfully consume the data of 'consumers' (an euphenism for fuel) in a way such that the historic shadow suckers of everything's energy (banks) can continue to partake on the sucking down of everybody's data/information (with real time measurements, which is a novelty in this ancient system build around trade, commerce, insurance, and power-authority concentration).
So far five states have passed local Data Privacy laws (CA, VA, UT, CT, MA). They are all different. This situation makes it much more likely that federal data privacy legislation will happen: while companies wish they could have 0 laws, they would still much rather prefer 1 law rather than 5 (trending towards 50) different laws that contradict each other.
There's a whole buncha specifics about what data is covered and what companies are covered and bleh blah bluh. That's not the most important thing. There are two things which are more important than that. These two issues also happen to be the topics most hotly debated between Dems & Repubs.
1. Private Right of Action, aka "Can I, a private citizen, sue someone?"
Everyone violates GDPR a dozen ways to Sunday, and nothing happens. Why? Because no one can actually enforce the law except for the local regulators who are underfunded. By contrast, the ADA lets anyone sue over violations, and as a result companies care a lot about handicap accessibility.
To my understanding the current negotiations are trending towards a limited Private Right of Action. Meaning it will exist for some violations but not others. This is how CCPA works in California right now: private citizens can sue over data breaches, but any other violation can only be enforced by the Office of the Attorney General.
2. Pre-emption, aka "Does this repeal CCPA."
Can states give additional protections to their residents, or is the Federal government removing the ability of states to define additional requirements for businesses. Again, the current state of negotiations seems to trend towards partial, but not total, pre-emption.
Simple: store all your user data in an intermingled fashion, such that a read or update of any individual record necessarily involves a read or update of one or more unrelated records. Now you don't need to act on data access requests.
SEC. 203. INDIVIDUAL DATA OWNERSHIP AND CONTROL. (e) Verification And Exceptions.— (1) REQUIRED EXCEPTIONS.—A covered entity shall not permit an individual to exercise a right described in subsection (a), in whole or in part, if the covered entity— (C) determines that the exercise of the right would require access to or correction of another individual’s sensitive covered data; or
Of the 15 or 20 business owners in the room, I was the only "pro privacy" voice. People were very focused on what would be the perceived additional cost of complying with any GDPR-style rules in the US, and weren't yet thinking about the negative effects of having different privacy rules in different markets. "Different markets have different rules all the time," in short.
I maintain that it would be less complicated, less expensive, and more human-friendly to use data privacy rules as globally universal as can be achieved. There will always be capitalism leeches that drain money through arbitrage between the policy gaps, yes, but it would help.
(Also: there is zero chance this gets through the current US Senate. Would never clear filibuster.)
Reading the tea leaves a bit, Speaker Pelosi seems dead set against it and I dont think will allow it to be moved as is. she has publicly stated that "states must be allowed to address rapid changes in technology", IE, the bill preempts to many state privacy regulations, esp in California. But as a rule my default assumption for the "real reason" why Pelosi is against something is because she thinks it will harm chance of caucus holding majority in house.
Skeptical as I am of her motives / methods, I'm inclined to agree with her in this case. Act should be a floor not a ceiling.
The only way implement these sorts of mandates is stomping all over a developer's right to freedom of expression. I'm a firm believer that code is speech and that limiting what a developer can do is infringing on his own right to free speech.