HanaBothWays t1_jdrgi4h wrote
Gonna be really funny when EU countries get the idea to ban Meta and Twitter and the like because, since they are based in a country (America) with terrible laws around privacy and personal data collection, they pose unacceptable risks to EU citizens/national security.
Educational-Ice-319 t1_jdt15ni wrote
Already happening. Google Analytics is banned in Germany and Italy. Also, the US’ patchwork isn’t far off from GDPR, it’s just far less cohesive. US citizens have many of the same rights and control over their data, and have for decades in some cases.
HanaBothWays t1_jdt2ncx wrote
> Google Analytics is banned in Germany and Italy.
Alas, Google violates this all the time and gets only relatively light fines as punishment. If what TikTok is supposedly doing is bad enough to get them banned in the U.S. then EU countries might decide that taking extreme measures is the way to go.
>Also, the US’ patchwork isn’t far off from GDPR, it’s just far less cohesive. US citizens have many of the same rights and control over their data, and have for decades in some cases.
Functionally, no. You don’t really have a choice when it comes to, say, the information that credit bureaus collect about you, because you can’t opt out, and they will up and sell that to anyone. They also don’t secure their databases that well.
Educational-Ice-319 t1_jdt451p wrote
You actually can. FCRA and FACTA provide you a ton of control and opt-out….
HanaBothWays t1_jdtcbfs wrote
So you have to go hunting for settings somewhere and be presented with choices that may or may not be easy to interpret in order to opt out, instead of being automatically protected? Or having the option of not letting these entities collect your data in the first place?
Also, what happens if they violate these statutes? Not enough to keep them from doing it again.
Educational-Ice-319 t1_jdtdy41 wrote
No. You don’t have to go hunting. The text:
> (a) Initial notice and opt-out requirement —
> (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless:
> (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer;
> (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and
> (iii) The consumer has not opted out.
There’s more, but this comment displays a fundamental lack of familiarity with US privacy law. For example, they can’t collect data unless it’s for credit approval purposes. Meaning you must seek the service and consent to provide the info for a limited purpose. And even GDPR respects that.
HanaBothWays t1_jdtfuwq wrote
In practice, none of this really helps and there is no rigorous monitoring of compliance with it or consequences to violations of it. If there were, credit bureaus would no longer be a viable business model and some kind of public agency would have to perform the function instead.
Educational-Ice-319 t1_jdti7g7 wrote
The FTC regularly fines and issues consent decrees, and has done so for literally decades…..
HanaBothWays t1_jduoz8x wrote
You keep finding new ways to tell me about how our our privacy regulations aren’t effective.
Educational-Ice-319 t1_jduwn7u wrote
No I don’t. You seem to be deliberately ignoring the fact that privacy regulations can either deter or punish, or both. And just because some firms fuck up doesn’t mean the regulations aren’t effective. Even in the EU they don’t achieve 100% compliance all the time.
HanaBothWays t1_jdux4yz wrote
> Even in the EU they don’t achieve 100% compliance all the time.
I mentioned that earlier.
Educational-Ice-319 t1_jdv0obd wrote
No you didn’t. You don’t understand what Google Analytics is if you think that Google is the one slapped with a violation lol.
HanaBothWays t1_jdv2wcx wrote
Yes they are. Who do you think Google Analytics belongs to? It’s not like it’s a different company that happens to have a similar name.
And they keep having problems because users in EU countries where Google Analytics is banned keep finding the Google Analytics script running in their browsers anyway because Google is not err on the side of caution when it comes to what browser clients Google Analytics does and doesn’t run on.
Educational-Ice-319 t1_jdv3cey wrote
Sigh. Let me explain:
Google Analytics is a service. A company based in the EU pays to run it on their platform. The one who gets fined isn’t Google, but the company who uses it in violation of the ban
HanaBothWays t1_jdv3p06 wrote
Service providers are also supposed to make sure that their services are running with configurations appropriate to geographical/jurisdictional restrictions as dictated by statutes (or not running, as appropriate).
Educational-Ice-319 t1_jdv3zrh wrote
Except that’s not what the fine is for. The fine is for using a banned service.
EDIT: Additionally, it is not Google’s job to make sure another Company is compliant.
thatattyguy t1_jdys4qi wrote
Does it matter in your mind whether these fines and consent decrees actually deter bad actors from focusing on protection of consumer data over profit?
If breaking the law earns a company $200 million p/year, not breaking the law nets it only $100 million p/year, and the penalty for getting caught breaking the law is $10 million p/year, then it's just a tax by another name. It's the feds taking a taste via a garden-variety mobster protection scheme. "You break the law, you make a lot of money, you break us off our piece and we'll sanction the behavior on an ongoing basis.
At the higher end, with the larger corporations, it's impact on behavior is likely somewhere between negligible-to-non-existent. The money is not enough to do more than subsidize on-going collection efforts.
The lesson here to private industry is to scale your criminality in order reduce the impact of real civil world consequences. Though is it even "criminality" to protect consumer data as cheaply as possible while still being able to maintain the pretense of respectability? Especially when the payment of the fine seemingly washes away past transgressions, and no criminal charges are ever filed?
It doesn't feel satisfying, as a person whose data has been ripped more than once. Make the penalty big enough to bk the company. Put some teeth in it.
opticd t1_jdto0b8 wrote
EU countries are taking a different approach. They’re passing regulation that isn’t entirely feasible to comply with and assigning large % global revenue fines for non compliance. Their plan is to just skim revenue and benefit rather than banning.
Viewing a single comment thread. View all comments