They need to make it eligible for Class Action lawsuits to be filed if these are ignored. I wrote a script to routinely test opt out on websites and was stunned to see almost 50% had it implemented incorrectly. This includes high-flying tech companies that went public recently.
Under California’s CCPA / CPRA, most enforcement power lies with the California Privacy Protection Agency (CPPA) and the California Attorney General, not private individuals. This limits the actual downside to a company vs. an unbounded downside of class-action lawsuit threat.
Widespread pre-dispute binding arbitration agreements with class-action waivers and bans on mass arbitration kind of put a damper on that, and the Supreme Court has upheld those nationwide in ways California can't easily override.
But sure, there are still other legislative tricks they could do, like making it mandatory by default for CPPA / CA AG to do the enforcement when they're made aware of a qualifying situation, overriding any NDAs which prohibit any California resident from informing CPPA / CA AG about such a situation, and allowing California residents to sue CPPA / CA AG for a writ of mandamus ordering them to proceed with the enforcement if they're stonewalling - with an award of attorneys fees if the writ is issued, so as to make such lawsuits financially affordable to ordinary plaintiffs. (I say "mandatory by default" to allow for exceptions which the legislature thinks appropriate, but at least those would be subject to democratic disclosure and debate.)
On topics such as this one, I think the CA legislature and governor are more interested in ineffectually making it seem like they're solving the problem than in effectively solving the problem.
There’s actually a more powerful legislative tool available: citizens can be empowered to sue on behalf of the state for what is effectively class relief, and to partake in the recovery (with attorneys fees). This creates a market incentive to prosecute claims like this, and it also circumvents arbitration. PAGA is such a statute.
PAGA can be, and sometimes is, explicitly waived by name and/or by description in arbitration agreements which purport to compel arbitration of even those claims. The Supreme Court recently upheld such a waiver with respect to the individual plaintiffs' claims, but it left open the possibility of a representative PAGA claim; the California courts are still working out whether PAGA still allows such a "headless" claim, with disagreement among different California couts and no ruling yet from the California Supreme Court.
The problem with PAGA in this context is that the citizen is also a party to the arbitration agreement and therefore can be bound by the arbitration agreement, making the Supreme Court's jurisprudence on the Federal Arbitration Act applicable. My proposal avoids this problem since the FAA doesn't prevent citizens from notifying government agencies and doesn't prevent government agencies from suing (except in the rare context of any arbitration agreement to which the government agency is itself a party).
But if you want citizens to have a financial incentive with my proposal, then sure, legislatively give the first person to notify CPPA / CA AG a cut of the eventual proceeds (to be split with anyone else who is the first person to successfully sue for or enforce a corresponding writ of mandamus), and create a way to track who that first notifier is.
It’s weird that laws exist where private individuals can’t take action. We need a constitutional amendment to make it so that laws can be enforced more easily. I’m not sure how it would work but I’m sure someone more legally minded could come up with something.
This is what Texas did for abortion. SB8 allows private citizens who have nothing to do with an abortion to sue the of said abortion. Since the state isn't involved I don't believe it can be challenged in federal court.
I think this is dangerous and not worth the benefits in this case
Excellent news, but also: Let's see the penalties, and let's see the vigorous enforcement. If this doesn't have teeth, it'll be pointless. Let's see a serious fine that puts a scumbag company out of business.
I really don’t like this kind of cynicism. You could use the same argument to say California will never pass a bill to enable universal opt out, which they did.
Assuming part time work (approximately one day every two weeks) at 10% of the yearly ~2000hr worked per year that equates to about $3300 per year, which seems sensible to me.
If by one day, you mean one day and night, since elected officials make all the important decisions at 3 a.m. When you give someone the job of managing billions of dollars of resources and pay them less money per year than their mortgage costs each month, what do you think they're going to do? Be a hero who protects the people from corporations? That's what everyone on this site seems to think politicians do. But the people don't pay them anything. So what makes you think they're looking after you, and not themselves? The only way they can survive is by feeding off the public. Unlike corporations, they do it through force and involuntary exchange.
When I replied to the above comment it said _five_ (not nine as it does now) figure budgets. So I assumed something akin to a person helping a community group, minor league sports team, and definitely not a billion dollar public entity.
And in that case it would certainly require a full time job. And it ought to be well paid.
But, no, I still do not subscribe to your related conspiracy theory. Can you provide any tangible examples?
I copied and pasted that line from a tweet I made a while ago. Why don't you Google "san francisco elected official pay school board" ($6000/year) and "san frascisco school board budget" ($1.2 billion). So they actually manage 10 figures up there and they get paid even less than European e-commerce developers. The President of Y Combinator is a died in the wool conspiracy theorist. He tweets all the time about his belief that they're removing algebra from curriculum. Another one of my favorite conspiracy theories is that the SF school board secretly does arms trafficking. You should google it. But at least they're better than european politicians, who are putting larvae in your food supply and want to spy on literally everyone with chat control.
Maybe I'm misunderstanding but even if each business can only ask you once a year, couldn't that still result in most individual sites implementing a nag?
I don't get this. Many years ago there was "Do not track", a header that was sent based on browser configuration. As a data subject, I loved it. As an engineer I also loved it - it was easy. If the header was present don't render any tracking code. If all services acted in good faith, it could have been epic. But there was pushback, and it went away. Sadface.
For what it's worth I think the browser is the right place for tools like this. If the same thing could have been applied to cookies, we'd not be experience cookie-preference-popupageddon.
The article suggests browser vendors are somehow on the hook for implementing "do not sell". Is the idea the same as do not track?
The opppsite would be more logical. Selling data should be opt-in, in the absence of explicit consent no company should be able to sell data.
In case we agree on selling our data we should be able to set our price and get paid for sell, use and resale of data. It's crazy that those parasite companies get that for free.
But why would anyone opt-in to that? You could do what some site are doing put up a "Either pay us or opt-in to cookies and tracking". The problem is I don't think people fully understand how much tracking we're talking about.
Right now a Danish radio station is running a number of news stories about being able to track people who work for military intelligence or as police officers and prison guards. They do this using a free sample a data broker provided. Everyone act surprised when the journalists are able to show up at the home address of military personal or prison guards who have their home address protected/secret.
I don't think there's a safe way to opt-in to selling your data, because most people cannot comprehend how much data, what type or the ramifications.
It's even worse than that now. In privacy circles, it is widely advised to not enable Do Not Track headers, as they are rarely respected and are actually unsurprisingly and commonly used as an additional identifier/data point during browser fingerprinting—in effect, making you less tracked if you deselect "Do Not Track" and more tracked if you enable "Do Not Track."
The "universal opt-out" bill really has no teeth on its own. Combined with the existing CCPA though, it has potential (CCPA is limited to sharing for cross-context behavioral advertising). It just says that browsers and mobile operating systems need to have an easy-to-find setting to signal that the user wants to opt out. The whole bill can basically fit in a tweet. No requirements on what the signal actually looks like, and no requirements that it's respected. There are other laws passed this week with more teeth.
Oh, and we don't have to worry about the "Cookie banner" problem, because a separate law (CCPA) requires a 12 month cooldown before prompting the user for opt-in consent again.
From the law, defining the signal:
> “Opt-out preference signal” means a signal that complies with this title and that communicates the consumer’s choice to opt out of the sale and sharing of the consumer’s personal information.
One easy free-market-friendly libertarian-approved solution would give citizens and residents of California a choice - your data can be kept private, or you can get a sizeable precentage of the value if you opt-in to data collection and sharing.
I'm not really sure how much this would be worth - and would it scale? How much value does the data from a worker at the lower end of the labor pool wage scale have in relation to that from the C-suite members of a mid-size corporation? Should we all have the right to climb up on the block and sell our data to the highest bidders, while collecting the majority of the profits from the transaction ourselves? It might make more sense to sell your data in five-year future contracts - opportunity to renegotiate rates now and then makes sense.
It's informational data, and in worlds like the commodity markets, information is invaluable. Traders have access to everything from satellite data of oil tankers to insider information from drilling rigs and they pay a lot to keep their data current and accurate, get access to proprietary databases and even nation-state classified sources.
Thus, if human data is so valuable, the humans generating the data should be the ones collecting the majority of its financial value if they opt to sell it. From this view, the real crime here is theft of worker value by data collectors and resellers in a monopolistic market system.
The are two projects that I know which attempted to solve that problem.
India's has DEPA (Data Empowerment And Protection Architecture) framework that addresses the data consent problem. (e.g bank will ask your consent before sharing the data). The advantage here is it providers legal framework as well.
The solid project from Tim Berners-Lee (who invented world wide web) is an attempt to solve that. https://solidproject.org/. This is pure consumer owned but there is no legal protection from the government.
> One easy free-market-friendly libertarian-approved solution would give citizens and residents of California a choice - your data can be kept private, or you can get a sizeable precentage of the value if you opt-in to data collection and sharing.
Some business models that depend on unscrutinized unlawful or antisocial behavior turn out to be unviable when they're forced to operate in a way that is lawful / not an attack on the public.
I would love to drop some of the extensions that I currently have loaded for this purpose, but sadly I'm not confident the positive signal instructing opt-out will be honored, and I'll need to retain my defensive extensions.
Nice. But if you really gave a shit about privacy it’d be opt in.
Nobody in their right mind wants their information shared for marketing purposes. Turn it off.
The absolute mess that is US privacy legislation is going to undermine the US single market advantage. Truth is the big players don’t sell your data, they use it. Only small companies are hurt by this.
I don't see how this is enforceable across state lines. What is stopping a data harvesting company in Nevada from just harvesting everything from people in California and selling it?
Often wondered about this idea- its been kicked around in startup-land for like forever, but I have never seen a serious attempt at trying to make it work.
It seems to provide a universal and sensible offer to members of the public: "I am happy to be advertised to for a small fee".
The first requirement for this to work is a bulletproof framework to hold companies financially accountable if they use your personal information without your explicit consent.
At the moment, they get all your data anyway and can do whatever they want and get 100% of the profit and there’s nothing you can do about it. Where’s the incentive for them to share any of it?
> It seems to provide a universal and sensible offer to members of the public: "I am happy to be advertised to for a small fee".
Generally, you are provided a sensible offer: You can use many games, search engines, communication platforms, and other internet services for free. Those tools cost a lot of money to build and maintain, and you don't pay anything.
Also, I have seen products pretty similar to what you suggest. There have been apps and websites that promise you gift cards in exchange for watching ads. Basically trying to increase Adsense traffic in exchange for cash-equivalents. They're obviously ripe for abuse, and surely the ads have terrible clickthrough rates.
but then the websites may offer a banner to ask the user to opt-in again
and this information can be saved in a cookie, so it would not be asked again
maybe they can call it the "cookie banner"
oh, and also, if it would be annoying to keep saying "no, I don't want to opt-in again" the websites owners may say that it is government fault, as now they are required by law to show this banner
The received wisdom is that the Trump administration does big business' bidding. Thus, the FTC rescinds federal click to cancel.
But now CA passed its own click to cancel. Surely other states will follow.
How is fighting dozens of different statutes better than working around one in federal courts that are backed up by the business friendly Supreme Court? Businesses are greedy but they aren't dumb. What am I missing?
Tip to others that may have this issue: If you need to cancel Planet Fitness (may work for other national gyms), move your home gym to a location in California and an option to cancel online appears.
I think you're comparing apples and oranges: a federal rule vs a state law. I don't know what kind of federal click-to-cancel legislation initiatives exist, but I know the last two federal digital privacy bills have failed because big tech wants a watered-down federal 'ceiling', while tech states (like CA) want a baseline federal 'floor' that doesn't preempt their more advanced state protections.
Well, but more than that, the executive is dumber. They can't wage some complex strategic battle through legislation when the guy in charge needs his talking points fed to him through Fox & Friends. Get a win for business, it keeps the checks rolling in to keep fighting the ideologue war. They'll lose the small battles but eventually win the war.
In CA websites are already required to respect the opt-out setting implemented in the Global Privacy Control [1] extension. It's basically the same thing as do-not-track but starting from a clean slate so that the meaning of the setting in law is clearly defined.
This bill basically allows the regulator to make sure everyone in CA gets this extension automatically.
Yeah, it's crazy that when you register to vote, the DMV turns around and sells that contact information on to any political campaign/operation that wants to pay for it.
California politicians are the worst. They have no accountability because it’s just one party and they are beholden to nobody but big donors and Gavin Newson’s narcissistic ambitions.
What’s wrong with this from your perspective? IMO it’s too little too late and should have been a federal law years ago.
Don’t get me wrong - Newsom is a slippery snake politician and is beholden to rich scumbag donors but I don’t see how this in particular is due to his and the dems big donors.
That said you seem to imply that only one side of this shitshow is beholden to big donors but corruption and general degeneracy is far more prevalent in the elephant party.
Yeah donors on both sides are a problem, but there is no both sides in California. It’s the Democrats and their big donors all the way down. And that is the problem.
Even good new laws (new laws are rarely good imo) are only secondary to the powers that be winning at any cost. After going on and on about fair elections(tm) for about a decade and burning a ton of money and political opportunity cost, the Party is now going to gerrymander-max the entire state to the cost of what billions of dollars to specifically disenfranchise any voters that they disagree with. “We’re doing it To-Save-Democracy!”
In other words, there are no principals behind anything, only the Party’s needs. So a law like the featured one only exists to the extent it benefits the Party or hurts its opponents, and when that stops being true the law gets changed or some new law created to carve out exceptions for big blue donors like LinkedIn or anybody that has deep pockets for Newsome’s federal ambitions. Consider the two-faced orientation with respect to oil companies. Gavin talks tough about climate change while, as churches are locked down, going to French Laundry dinners to get wined and dined by fossil fuel lobbyists, and the prols are too stupid to know better! The loyal and earnest supporters (dupes) keep giving their money and votes to the machine while poor old people die of heat stroke because they can’t afford to run AC anymore.
I don't care about privacy. IMO, it's a distraction to draw attention away from a far more significant topic; algorithm-based media monopolization... And ironically, while we have such high degree of media monopolization, privacy violations are in fact a non-issue for the vast majority of people. The fact is; nobody cares about you. Your privacy doesn't need to be protected because nobody cares to violate it. However, you are broke because your small business has a 0% chance of appearing in search results of any major media platform and you cannot form communities because your kind simply cannot find each other (unless it's some dumb mainstream group; designed explicitly to waste your time). What is a bigger problem?
They need to make it eligible for Class Action lawsuits to be filed if these are ignored. I wrote a script to routinely test opt out on websites and was stunned to see almost 50% had it implemented incorrectly. This includes high-flying tech companies that went public recently.
Under California’s CCPA / CPRA, most enforcement power lies with the California Privacy Protection Agency (CPPA) and the California Attorney General, not private individuals. This limits the actual downside to a company vs. an unbounded downside of class-action lawsuit threat.
Widespread pre-dispute binding arbitration agreements with class-action waivers and bans on mass arbitration kind of put a damper on that, and the Supreme Court has upheld those nationwide in ways California can't easily override.
But sure, there are still other legislative tricks they could do, like making it mandatory by default for CPPA / CA AG to do the enforcement when they're made aware of a qualifying situation, overriding any NDAs which prohibit any California resident from informing CPPA / CA AG about such a situation, and allowing California residents to sue CPPA / CA AG for a writ of mandamus ordering them to proceed with the enforcement if they're stonewalling - with an award of attorneys fees if the writ is issued, so as to make such lawsuits financially affordable to ordinary plaintiffs. (I say "mandatory by default" to allow for exceptions which the legislature thinks appropriate, but at least those would be subject to democratic disclosure and debate.)
On topics such as this one, I think the CA legislature and governor are more interested in ineffectually making it seem like they're solving the problem than in effectively solving the problem.
There’s actually a more powerful legislative tool available: citizens can be empowered to sue on behalf of the state for what is effectively class relief, and to partake in the recovery (with attorneys fees). This creates a market incentive to prosecute claims like this, and it also circumvents arbitration. PAGA is such a statute.
PAGA can be, and sometimes is, explicitly waived by name and/or by description in arbitration agreements which purport to compel arbitration of even those claims. The Supreme Court recently upheld such a waiver with respect to the individual plaintiffs' claims, but it left open the possibility of a representative PAGA claim; the California courts are still working out whether PAGA still allows such a "headless" claim, with disagreement among different California couts and no ruling yet from the California Supreme Court.
The problem with PAGA in this context is that the citizen is also a party to the arbitration agreement and therefore can be bound by the arbitration agreement, making the Supreme Court's jurisprudence on the Federal Arbitration Act applicable. My proposal avoids this problem since the FAA doesn't prevent citizens from notifying government agencies and doesn't prevent government agencies from suing (except in the rare context of any arbitration agreement to which the government agency is itself a party).
But if you want citizens to have a financial incentive with my proposal, then sure, legislatively give the first person to notify CPPA / CA AG a cut of the eventual proceeds (to be split with anyone else who is the first person to successfully sue for or enforce a corresponding writ of mandamus), and create a way to track who that first notifier is.
Would you mind sharing the script?
It’s weird that laws exist where private individuals can’t take action. We need a constitutional amendment to make it so that laws can be enforced more easily. I’m not sure how it would work but I’m sure someone more legally minded could come up with something.
This is what Texas did for abortion. SB8 allows private citizens who have nothing to do with an abortion to sue the of said abortion. Since the state isn't involved I don't believe it can be challenged in federal court.
I think this is dangerous and not worth the benefits in this case
Nah, this is bananas
Many thanks, CA lawmakers. Now let's hope it works as intended and that the inevitable loopholes are plugged as soon as they're found.
Excellent news, but also: Let's see the penalties, and let's see the vigorous enforcement. If this doesn't have teeth, it'll be pointless. Let's see a serious fine that puts a scumbag company out of business.
It won't have teeth because politicians want to skim off the top.
I really don’t like this kind of cynicism. You could use the same argument to say California will never pass a bill to enable universal opt out, which they did.
In California, I know elected officials who get paid 4 figure salaries to manage 9 figure budgets.
If you think they're not skimming off the top, then you don't know what they are.
Minimum wage for one adult with one child in California is $16.50/hr: https://livingwage.mit.edu/states/06
Assuming part time work (approximately one day every two weeks) at 10% of the yearly ~2000hr worked per year that equates to about $3300 per year, which seems sensible to me.
If by one day, you mean one day and night, since elected officials make all the important decisions at 3 a.m. When you give someone the job of managing billions of dollars of resources and pay them less money per year than their mortgage costs each month, what do you think they're going to do? Be a hero who protects the people from corporations? That's what everyone on this site seems to think politicians do. But the people don't pay them anything. So what makes you think they're looking after you, and not themselves? The only way they can survive is by feeding off the public. Unlike corporations, they do it through force and involuntary exchange.
When I replied to the above comment it said _five_ (not nine as it does now) figure budgets. So I assumed something akin to a person helping a community group, minor league sports team, and definitely not a billion dollar public entity.
And in that case it would certainly require a full time job. And it ought to be well paid.
But, no, I still do not subscribe to your related conspiracy theory. Can you provide any tangible examples?
I copied and pasted that line from a tweet I made a while ago. Why don't you Google "san francisco elected official pay school board" ($6000/year) and "san frascisco school board budget" ($1.2 billion). So they actually manage 10 figures up there and they get paid even less than European e-commerce developers. The President of Y Combinator is a died in the wool conspiracy theorist. He tweets all the time about his belief that they're removing algebra from curriculum. Another one of my favorite conspiracy theories is that the SF school board secretly does arms trafficking. You should google it. But at least they're better than european politicians, who are putting larvae in your food supply and want to spy on literally everyone with chat control.
Thanks for the comedy gold, well worth my time.
> Now let's hope it works as intended
I predict another popup to close on every damn website.
They already thought of that.
> Businesses must wait at least 12 months before asking you to opt back in to the sale or sharing of your personal information.
https://oag.ca.gov/privacy/ccpa#sectionb
Maybe I'm misunderstanding but even if each business can only ask you once a year, couldn't that still result in most individual sites implementing a nag?
Do you authorise us to circumvent California’s privacy law for your own good?
YES or YES ?
I don't get this. Many years ago there was "Do not track", a header that was sent based on browser configuration. As a data subject, I loved it. As an engineer I also loved it - it was easy. If the header was present don't render any tracking code. If all services acted in good faith, it could have been epic. But there was pushback, and it went away. Sadface.
For what it's worth I think the browser is the right place for tools like this. If the same thing could have been applied to cookies, we'd not be experience cookie-preference-popupageddon.
The article suggests browser vendors are somehow on the hook for implementing "do not sell". Is the idea the same as do not track?
The opppsite would be more logical. Selling data should be opt-in, in the absence of explicit consent no company should be able to sell data.
In case we agree on selling our data we should be able to set our price and get paid for sell, use and resale of data. It's crazy that those parasite companies get that for free.
But why would anyone opt-in to that? You could do what some site are doing put up a "Either pay us or opt-in to cookies and tracking". The problem is I don't think people fully understand how much tracking we're talking about.
Right now a Danish radio station is running a number of news stories about being able to track people who work for military intelligence or as police officers and prison guards. They do this using a free sample a data broker provided. Everyone act surprised when the journalists are able to show up at the home address of military personal or prison guards who have their home address protected/secret.
I don't think there's a safe way to opt-in to selling your data, because most people cannot comprehend how much data, what type or the ramifications.
> But why would anyone opt-in to that?
The answer is there:
>> In case we agree on selling our data we should be able to set our price and get paid for sell, use and resale of data.
> But why would anyone opt-in to that?
100% this. Nobody wants to be tracked, it is dystopian, it is dangerous.
> I don't think there's a safe way to opt-in to selling your data
Exactly.
It's even worse than that now. In privacy circles, it is widely advised to not enable Do Not Track headers, as they are rarely respected and are actually unsurprisingly and commonly used as an additional identifier/data point during browser fingerprinting—in effect, making you less tracked if you deselect "Do Not Track" and more tracked if you enable "Do Not Track."
Official post: https://www.gov.ca.gov/2025/10/08/governor-newsom-signs-data...
The "universal opt-out" bill really has no teeth on its own. Combined with the existing CCPA though, it has potential (CCPA is limited to sharing for cross-context behavioral advertising). It just says that browsers and mobile operating systems need to have an easy-to-find setting to signal that the user wants to opt out. The whole bill can basically fit in a tweet. No requirements on what the signal actually looks like, and no requirements that it's respected. There are other laws passed this week with more teeth.
Oh, and we don't have to worry about the "Cookie banner" problem, because a separate law (CCPA) requires a 12 month cooldown before prompting the user for opt-in consent again.
From the law, defining the signal:
> “Opt-out preference signal” means a signal that complies with this title and that communicates the consumer’s choice to opt out of the sale and sharing of the consumer’s personal information.
https://legiscan.com/CA/text/AB566/id/3117187
https://oag.ca.gov/privacy/ccpa
One easy free-market-friendly libertarian-approved solution would give citizens and residents of California a choice - your data can be kept private, or you can get a sizeable precentage of the value if you opt-in to data collection and sharing.
I'm not really sure how much this would be worth - and would it scale? How much value does the data from a worker at the lower end of the labor pool wage scale have in relation to that from the C-suite members of a mid-size corporation? Should we all have the right to climb up on the block and sell our data to the highest bidders, while collecting the majority of the profits from the transaction ourselves? It might make more sense to sell your data in five-year future contracts - opportunity to renegotiate rates now and then makes sense.
It's informational data, and in worlds like the commodity markets, information is invaluable. Traders have access to everything from satellite data of oil tankers to insider information from drilling rigs and they pay a lot to keep their data current and accurate, get access to proprietary databases and even nation-state classified sources.
Thus, if human data is so valuable, the humans generating the data should be the ones collecting the majority of its financial value if they opt to sell it. From this view, the real crime here is theft of worker value by data collectors and resellers in a monopolistic market system.
The are two projects that I know which attempted to solve that problem.
India's has DEPA (Data Empowerment And Protection Architecture) framework that addresses the data consent problem. (e.g bank will ask your consent before sharing the data). The advantage here is it providers legal framework as well.
The solid project from Tim Berners-Lee (who invented world wide web) is an attempt to solve that. https://solidproject.org/. This is pure consumer owned but there is no legal protection from the government.
> One easy free-market-friendly libertarian-approved solution would give citizens and residents of California a choice - your data can be kept private, or you can get a sizeable precentage of the value if you opt-in to data collection and sharing.
Good luck operationalizing that
Some business models that depend on unscrutinized unlawful or antisocial behavior turn out to be unviable when they're forced to operate in a way that is lawful / not an attack on the public.
who cares if libertarians approve?
they are one of the most ideologically inconsistent groups i can think of besides the hardcore maga crowd.
I would love to drop some of the extensions that I currently have loaded for this purpose, but sadly I'm not confident the positive signal instructing opt-out will be honored, and I'll need to retain my defensive extensions.
In spirit this is great.
Nice. But if you really gave a shit about privacy it’d be opt in. Nobody in their right mind wants their information shared for marketing purposes. Turn it off.
I am fine with my information shared if it means I can use sites for free.
Then prompt people and refuse access if they say no. Assumed consent is not okay.
Those sites aren't free, you're just paying indirectly and an surcharge to pay for all the middlemen involved to make that happen.
This is just word games. I obviously mean I don't need to exchange legal tender to use the site.
As if paid sites/services won't also share your information...
My sweet child, we shall shape the world for you
[flagged]
Many are not.
[flagged]
That's actually probably not true at all
The absolute mess that is US privacy legislation is going to undermine the US single market advantage. Truth is the big players don’t sell your data, they use it. Only small companies are hurt by this.
> Truth is the big players don’t sell your data, they use it.
No? Eg. giant telecom send me contract to sign with TWO A4 PAGES TO OPT-OUT :>> Guess half was about 3rd partys.
I don't see how this is enforceable across state lines. What is stopping a data harvesting company in Nevada from just harvesting everything from people in California and selling it?
When universal opt-out isn’t available https://simpleoptout.com/
How about everyone gets a cut each time their data is sold?
Often wondered about this idea- its been kicked around in startup-land for like forever, but I have never seen a serious attempt at trying to make it work.
It seems to provide a universal and sensible offer to members of the public: "I am happy to be advertised to for a small fee".
The first requirement for this to work is a bulletproof framework to hold companies financially accountable if they use your personal information without your explicit consent.
At the moment, they get all your data anyway and can do whatever they want and get 100% of the profit and there’s nothing you can do about it. Where’s the incentive for them to share any of it?
The problem seems to be that it’s already out there, why would the data brokers and companies cut into their margins?
> It seems to provide a universal and sensible offer to members of the public: "I am happy to be advertised to for a small fee".
Generally, you are provided a sensible offer: You can use many games, search engines, communication platforms, and other internet services for free. Those tools cost a lot of money to build and maintain, and you don't pay anything.
Also, I have seen products pretty similar to what you suggest. There have been apps and websites that promise you gift cards in exchange for watching ads. Basically trying to increase Adsense traffic in exchange for cash-equivalents. They're obviously ripe for abuse, and surely the ads have terrible clickthrough rates.
I am all for this. However I suspect there will be lawsuits, which would probably include freedom of speech for these data brokers. yay
Surely the default should be opt out and it should require action to opt in? This is the real problem.
Microsoft tried this with DNT and data-dependent businesses refused to respect it as a result.
Yes, that's why it needs to be the law. Then any businesses who ignore it can be shut down.
but then the websites may offer a banner to ask the user to opt-in again and this information can be saved in a cookie, so it would not be asked again
maybe they can call it the "cookie banner"
oh, and also, if it would be annoying to keep saying "no, I don't want to opt-in again" the websites owners may say that it is government fault, as now they are required by law to show this banner
They are not required by law to show any banner. The banner is the website actively being belligerent.
Oh, can I opt out of sharing my ehealth record anonymized or not? Does the law have any teeth per violation?
The received wisdom is that the Trump administration does big business' bidding. Thus, the FTC rescinds federal click to cancel.
But now CA passed its own click to cancel. Surely other states will follow.
How is fighting dozens of different statutes better than working around one in federal courts that are backed up by the business friendly Supreme Court? Businesses are greedy but they aren't dumb. What am I missing?
Oh dip, I missed this entirely. Only saw the Federal news and thought, "Maybe again in four more years."
Now I might sign up for the local gym that opened up, knowing they cannot jerk me around when I want to leave.
Tip to others that may have this issue: If you need to cancel Planet Fitness (may work for other national gyms), move your home gym to a location in California and an option to cancel online appears.
Or just start charging back their fees
That does not absolve the debt. From their perspective, you are refusing to pay, and they are entitled to send you to collections.
I think you're comparing apples and oranges: a federal rule vs a state law. I don't know what kind of federal click-to-cancel legislation initiatives exist, but I know the last two federal digital privacy bills have failed because big tech wants a watered-down federal 'ceiling', while tech states (like CA) want a baseline federal 'floor' that doesn't preempt their more advanced state protections.
[flagged]
Well, but more than that, the executive is dumber. They can't wage some complex strategic battle through legislation when the guy in charge needs his talking points fed to him through Fox & Friends. Get a win for business, it keeps the checks rolling in to keep fighting the ideologue war. They'll lose the small battles but eventually win the war.
isn't this sort of a spineless law?
it says Browsers must send an opt-out signal.
Browsers have already had a do-not-track setting, and websites universally* ignored it.
* 99%
In CA websites are already required to respect the opt-out setting implemented in the Global Privacy Control [1] extension. It's basically the same thing as do-not-track but starting from a clean slate so that the meaning of the setting in law is clearly defined.
This bill basically allows the regulator to make sure everyone in CA gets this extension automatically.
[1] https://oag.ca.gov/privacy/ccpa/gpc
Do Not Track failed because it wasn’t legally required to be respected.
Now do the DMV
Yeah, it's crazy that when you register to vote, the DMV turns around and sells that contact information on to any political campaign/operation that wants to pay for it.
they also sell your vehicle information.
[flagged]
You love to see it.
California politicians are the worst. They have no accountability because it’s just one party and they are beholden to nobody but big donors and Gavin Newson’s narcissistic ambitions.
What’s wrong with this from your perspective? IMO it’s too little too late and should have been a federal law years ago.
Don’t get me wrong - Newsom is a slippery snake politician and is beholden to rich scumbag donors but I don’t see how this in particular is due to his and the dems big donors.
That said you seem to imply that only one side of this shitshow is beholden to big donors but corruption and general degeneracy is far more prevalent in the elephant party.
Yeah donors on both sides are a problem, but there is no both sides in California. It’s the Democrats and their big donors all the way down. And that is the problem.
Even good new laws (new laws are rarely good imo) are only secondary to the powers that be winning at any cost. After going on and on about fair elections(tm) for about a decade and burning a ton of money and political opportunity cost, the Party is now going to gerrymander-max the entire state to the cost of what billions of dollars to specifically disenfranchise any voters that they disagree with. “We’re doing it To-Save-Democracy!”
In other words, there are no principals behind anything, only the Party’s needs. So a law like the featured one only exists to the extent it benefits the Party or hurts its opponents, and when that stops being true the law gets changed or some new law created to carve out exceptions for big blue donors like LinkedIn or anybody that has deep pockets for Newsome’s federal ambitions. Consider the two-faced orientation with respect to oil companies. Gavin talks tough about climate change while, as churches are locked down, going to French Laundry dinners to get wined and dined by fossil fuel lobbyists, and the prols are too stupid to know better! The loyal and earnest supporters (dupes) keep giving their money and votes to the machine while poor old people die of heat stroke because they can’t afford to run AC anymore.
I don't care about privacy. IMO, it's a distraction to draw attention away from a far more significant topic; algorithm-based media monopolization... And ironically, while we have such high degree of media monopolization, privacy violations are in fact a non-issue for the vast majority of people. The fact is; nobody cares about you. Your privacy doesn't need to be protected because nobody cares to violate it. However, you are broke because your small business has a 0% chance of appearing in search results of any major media platform and you cannot form communities because your kind simply cannot find each other (unless it's some dumb mainstream group; designed explicitly to waste your time). What is a bigger problem?
This is the way forward. Hopefully the EU will do similarly