HanaBothWays t1_jdtcbfs wrote
Reply to comment by Educational-Ice-319 in The RESTRICT Act: A Potential New Enforcement Tool to Address Economic and National Security Concerns Posed by Foreign Information and Communications Technologies by AlphaWolfDesign
So you have to go hunting for settings somewhere and be presented with choices that may or may not be easy to interpret in order to opt out, instead of being automatically protected? Or having the option of not letting these entities collect your data in the first place?
Also, what happens if they violate these statutes? Not enough to keep them from doing it again.
Educational-Ice-319 t1_jdtdy41 wrote
No. You don’t have to go hunting. The text:
> (a) Initial notice and opt-out requirement —
> (1) In general. You may not use eligibility information about a consumer that you receive from an affiliate to make a solicitation for marketing purposes to the consumer, unless:
> (i) It is clearly and conspicuously disclosed to the consumer in writing or, if the consumer agrees, electronically, in a concise notice that you may use eligibility information about that consumer received from an affiliate to make solicitations for marketing purposes to the consumer;
> (ii) The consumer is provided a reasonable opportunity and a reasonable and simple method to “opt out,” or prohibit you from using eligibility information to make solicitations for marketing purposes to the consumer; and
> (iii) The consumer has not opted out.
There’s more, but this comment displays a fundamental lack of familiarity with US privacy law. For example, they can’t collect data unless it’s for credit approval purposes. Meaning you must seek the service and consent to provide the info for a limited purpose. And even GDPR respects that.
HanaBothWays t1_jdtfuwq wrote
In practice, none of this really helps and there is no rigorous monitoring of compliance with it or consequences to violations of it. If there were, credit bureaus would no longer be a viable business model and some kind of public agency would have to perform the function instead.
Educational-Ice-319 t1_jdti7g7 wrote
The FTC regularly fines and issues consent decrees, and has done so for literally decades…..
HanaBothWays t1_jduoz8x wrote
You keep finding new ways to tell me about how our our privacy regulations aren’t effective.
Educational-Ice-319 t1_jduwn7u wrote
No I don’t. You seem to be deliberately ignoring the fact that privacy regulations can either deter or punish, or both. And just because some firms fuck up doesn’t mean the regulations aren’t effective. Even in the EU they don’t achieve 100% compliance all the time.
HanaBothWays t1_jdux4yz wrote
> Even in the EU they don’t achieve 100% compliance all the time.
I mentioned that earlier.
Educational-Ice-319 t1_jdv0obd wrote
No you didn’t. You don’t understand what Google Analytics is if you think that Google is the one slapped with a violation lol.
HanaBothWays t1_jdv2wcx wrote
Yes they are. Who do you think Google Analytics belongs to? It’s not like it’s a different company that happens to have a similar name.
And they keep having problems because users in EU countries where Google Analytics is banned keep finding the Google Analytics script running in their browsers anyway because Google is not err on the side of caution when it comes to what browser clients Google Analytics does and doesn’t run on.
Educational-Ice-319 t1_jdv3cey wrote
Sigh. Let me explain:
Google Analytics is a service. A company based in the EU pays to run it on their platform. The one who gets fined isn’t Google, but the company who uses it in violation of the ban
HanaBothWays t1_jdv3p06 wrote
Service providers are also supposed to make sure that their services are running with configurations appropriate to geographical/jurisdictional restrictions as dictated by statutes (or not running, as appropriate).
Educational-Ice-319 t1_jdv3zrh wrote
Except that’s not what the fine is for. The fine is for using a banned service.
EDIT: Additionally, it is not Google’s job to make sure another Company is compliant.
thatattyguy t1_jdys4qi wrote
Does it matter in your mind whether these fines and consent decrees actually deter bad actors from focusing on protection of consumer data over profit?
If breaking the law earns a company $200 million p/year, not breaking the law nets it only $100 million p/year, and the penalty for getting caught breaking the law is $10 million p/year, then it's just a tax by another name. It's the feds taking a taste via a garden-variety mobster protection scheme. "You break the law, you make a lot of money, you break us off our piece and we'll sanction the behavior on an ongoing basis.
At the higher end, with the larger corporations, it's impact on behavior is likely somewhere between negligible-to-non-existent. The money is not enough to do more than subsidize on-going collection efforts.
The lesson here to private industry is to scale your criminality in order reduce the impact of real civil world consequences. Though is it even "criminality" to protect consumer data as cheaply as possible while still being able to maintain the pretense of respectability? Especially when the payment of the fine seemingly washes away past transgressions, and no criminal charges are ever filed?
It doesn't feel satisfying, as a person whose data has been ripped more than once. Make the penalty big enough to bk the company. Put some teeth in it.
Viewing a single comment thread. View all comments