I’m thinking something along the lines of the GDPR where companies must get consent to track you, and must delete your data upon request.
I see a few arguments here:
- yes, websites are like stores and have the obligations of a store to protect user data (IP address, HTTP headers, etc)
- no because the internet is “the commons,” so no expectation of privacy (no expectation that the website follows your local laws)
- no because you’re voluntarily providing the data, but you’re well within your rights to block tracking attempts
So, some questions to spark discussion:
- does data collection violate the NAP?
- does sale of personal data (without a TOS in place) violate the NAP?
- if no to each of the above, is it worth violating the NAP to enforce a right to digital privacy?
You do not understand how data brokers work if you think they only have information you voluntarily provided them. Facebook started collecting information on everyone, even people without accounts over 15 years ago. Google started way before that. Informatica knows everything about you.
These huge tech corporations have tracking scripts are spread over the entire Internet. They’ve written sophisticated methods to circumvent cross-site scripting, and cross-site tracking. Don’t believe me? Install DuckDuckGo and activate app tracking. Wait like an hour. Don’t even touch your phone. Just pick it back up in an hour and see how many apps sent data to Google during that time.
Google, Facebook, and Twitter offered free things to the internet. Google offers analytics, Facebook as stupid like buttons and stuff like that, and Twitter has embedded stories, and a few other things. This stuff is littered all over everything. Every single app or site with one of these or the 100 other things they offer to webmasters gives them more tracking. They use AI to extract meaning from millions of lines of text you send, sites you visit, etc. and they build a profile on you. Then they sell it to Cambridge Analytica, Informatica, and other data brokerages. This is a super simplified explanation, because it would take me all night long to type it out technically.
If you don’t care about that, then you might care that they’re selling the information to the federal government too. The FBI, NSA, and a bunch of other agencies are using your tax dollars to spy on everything you do, all without a warrant. It’s no different than if they wanted to plant microphones in your house, and read your mail, but they had no justifiable reason to obtain a warrant, so they just paid Blackrock to do it and then share the information with them. They’re violating the Constitution on a colossal scale every single day, and they’re using your money to do it.
Sorry if my comment was unclear, I do care about digital privacy laws. I was just trying to say that they should be applied only to groups of people (Meta/Facebook, NSA, etc) rather than individuals. Edit: typo
So perhaps any for-profit entity? Businesses generally have to provide some level of confidentiality when accepting user data (varies by industry), so it sounds like maybe you’d just extend that to online entities?
How far would go you? Can you waive your copyright to posts with one of those “you agree to these terms by continuing to use the site” notices? Or would there need to be a more explicit contract?
I want to include more than just for-profit entities for example any of the government agencies.
Also I think it makes sense to limit the amount of power an entity can acquire through “online contracts” (EULA, cookie preferences, click to agree to terms of service, etc) especially since those are often ignored or blindly accepted by many people.