Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"We didn't violate your privacy because we bought the information from a private company that violated your privacy. But it's ok, because you clicked a button, or signed a EULA."

That's the legal justification behind law enforcement fusion centers gathering, deanonymizing, and sharing data harvested by adtech firms, device manufacturers, and service providers.

It's a gotcha with the same intellectual weight as "I know you are but what am I?"

We need legislation with consequences lethal to companiesthat violate privacy.

Something like this - Every individual variable that a company wants to obtain from a person should be consensual with no option to select all, and the data and permission should be ephemeral. At any time a person should be able to inspect, delete, or allow continued possession of private data. They should be able to allow or deny sale or transfer of the data, and any recipient of the data must confirm permissions before taking receipt. Any algorithm or software or human analysis of data must be public and transparent. A record of any decision or business logic involving private data must be kept, and that record becomes private data, subject to the same constraints.

Stealing someone's identity should have a mandatory minimum of 2 years of community service, and total loss of opt in privileges for 5 years. No free web services or social media if you fuck around with someone else's privacy. Violations result in fines, paid to the victim and more community service.

A business caught abusing private data is subjected to a fine of 5% of company net worth per day. Half of the fine goes to the regulatory bureau, half to the victims.

Law enforcement must obtain warrants specific to known individuals - no geofencing or search term fishing expeditions. Digital data is subject to the same 4th amendment protections as physical papers and property.

Leaks would mean the end of an organization. If a company can't protect private data, then it can't participate in collecting it.

I'm sure there are flaws, but the gist of this seems a good starting outline. Anything less won't solve the problems and there should still be a mechanism for consensual participation in data markets. This would nuke credit bureaus, rein in isps and big tech abuses.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: