"simple" solution (that breaks a whole lot of the world as we know it): Make a law that states people have ownership (including copyright) over their own PII.
If that goes too far, do something like the UK's Data Protection Act of 1998 that insists almost all PII is subject to review by the individual and they can demand erroneous data be fixed. They can also demand deletion in various scenarios.
But personally, I like the copyright idea. If a copy of a song can be protected from being made legally, even if I personally make the copy, I see no reason why my most personal of details cannot be similarly protected.
I posit that that would make a huge difference in the public. Most people I know, both technical and non-technical, don’t realize such nuances until put in direct laymen’s terms when seeing anything legal related. It’s why companies use dark patterns and vague language around accepting TOSes, EULAs, etc.
The problem isn’t the awareness so much so as who has leverage.
Even people who are aware they are giving up their information are often willing to do so since they know the only alternative is to go without such service all together.
You could just say that requiring a license to use data for purposes that aren't essential to running the service is forbidden, similar to GDPR. The GDPR pop-ups are annoying, but you can genuinely collection of data now.
Consent pop-ups are more appropriately described as "surveillance industry pop-ups" rather than GDPR popups. The GDPR doesn't require nagging someone for consent to process data necessary for the service (otherwise the requests to even show those dialogs would be illegal). Rather the surveillance industry is trying to trick you into giving your consent to use your information for their own non-necessary purposes.
> GDPR is the prop65 of privacy, and there was no chance of any other result.
If this is true, then why do the pop-up dialogs have meaningful choices? And if the dialogs are the fault of the GDPR, why does there exist GDPR-compliant websites without the pop-up dialogs?
You can levy your criticism at the earlier Cookie Law, for its failing to anticipate its nullifcation via terms of adhesion and general lack of technical aptitude. But the GDPR addressed those flaws.
> why do the pop-up dialogs have meaningful choices?
Very few of them do. Typically it’s “accept” and “x”.
> why does there exist GDPR-compliant websites without the pop-up dialogs?
Because GDPR doesn’t make those other sites have them. It’s perfectly possible for GDPR to force some websites to have popups and not force others to. It’s still GDPR forcing the ones that it forces to do the thing it’s forcing them to do.
> But the GDPR addressed those flaws.
As you can clearly see from being on the internet for more than about 5 minutes, it in fact does not.
This is not a comment on GDPR one way or the other; my point is that we shouldn’t engage in political word games to try and avoid the inevitable consequences of actions.
It's not word games, rather it depends on your starting perspective. If you believe in the right of individuals to be generally left alone, then the surveillance industry was aggressing before the GDPR. So surveillance companies adding a nag screen in an attempt to continue surveilling you isn't a fault of the GDPR, rather it's due to their own malicious compliance. They could have also chosen to just respect individuals privacy rather than attempting to ignore the law with a nag wall.
The general fallacy with the rest of your argument is that you're pointing to imperfect enforcement as a reason to indict the law. This is essentially defeatism and acceptance of whatever might be commercially lucrative.
I’ll say it again since you don’t seem to be able to understand. If a law makes you display a banner, it’s that law’s fault that the banner exists. Either change the law or be happy that it’s having it’s intended effect.
As to your strange fallacy paragraph, I’m not sure what you mean by imperfect enforcement. Perhaps you should explain in an amicus brief to the courts that decided those banners are compliant?
> If a law makes you display a banner, it’s that law’s fault that the banner exists
You're treating the surveillance activity as a constant. One could also just stop surveilling, and then one wouldn't need to display a banner either.
What you're saying is akin to saying that the law makes muggers wear masks to hide their faces. If you take the mugging activity as a given, and then compare how muggers act with the law to how they would act if robbery weren't illegal, then sure it's technically true. But unless you're making some larger constructive argument, then that characterization isn't particularly enlightening.
> I’m not sure what you mean by imperfect enforcement ... courts that decided those banners are compliant
Can you point me to these court decisions that say putting take-it-or-leave-it nag walls on websites suffices for obtaining consent to process personal information for non-necessary purposes? Because that would seem to run directly counter to the wording of the law.
It's a "fact" that a book has specific words in a specific order, yet we're not allowed to share that fact with other people without legal repercussions.
I fully understand laws are not written by computer scientists and that nuance is involved, I'm just saying that the idea that PII could be copyrightable doesn't seem THAT crazy to me.
> It's a "fact" that a book has specific words in a specific order, yet we're not allowed to share that fact with other people without legal repercussions.
Talking about the order of words in text X is not the same as a reproduction of text X.
Example:
Original: The quick brown fox jumped over the lazy dog
Reproduction: The quick brown fox jumped over the lazy dog
Talking about the order: In the sentence beginning with the following fair-use excerpt "The quick brown", the word "fox" precedes "dog".
> I'm just saying that the idea that PII could be copyrightable doesn't seem THAT crazy to me
It would be awesome, because then I could license out my address and collect royalties any time it is used or mentioned.
The first word of the sentence is "The".
The second word of the sentence is "quick".
The third word of the sentence is "brown".
The fourth word of the sentence is "fox".
The fifth word of the sentence is "jumped".
The sixth word of the sentence is "over".
The seventh word of the sentence is "lazy".
The eighth word of the sentence is "dog".
Eight facts. Would replicating an entire book like this violate the copyright? The entire text is reproduced in order, there's just a bunch of junk added. I suspect courts would rule that it is a copyright violation.
Yea because your “fact” is literally a reproduction of the creative work with superfluous additions. Instead, if you publish a list of books and their unique word count it would be a collection of facts - and someone can copy your list (including mistakes) because your list isnt covered by copyright.
Huh, one can obviously share snippets of paragraphs or pages for review and all for books. Same with address, it is snippet of information about a person and not the whole detail of everything in a house.
Yes, exceptions exist. But while you can use a small sample of a song in a review (say), you can't take the same sample and use it in your own song, even if it's just a few seconds.
Perhaps PII for commercial use could be treated differently than for private use?
You can measure the duration, key, BPM etc and publish that which are all facts.
A recording of a song (even if it falls under fair use) is not a “fact”, it’s information that took creativity to produce, multiple people working independently would not produce the same exact song - unlike going around and measuring the height of bridges where if multiple people did it they would arrive at the same measurement
Just as it's a fact that PI is 3.14 when approximated to 3 digits, it's also a fact that a particular recording can be represented by an MP3 file when approximated to about 3 MB.
One portion of our daily 10,000 steps will be to write out some copywritten works in the GPS path to make sure our data is doubly copywritten and should not be reproduced!
> You can choose to not give away your data by not using those services.
This is just plain wrong. There are privacy violating services where people are not given a choice. I don't have a Facebook account, but they bought tons of data about me from brokers and used to it to create a shadow profile that they continuously update using any scrap of information on me that they can find including what they can get out of the conversations held by my friends and family members who do have facebook accounts. What choice did I have in any of that?
Critical services and even government websites force you to hand information over to privacy hostile companies.
You can't even go to irs.gov without pinging Google's servers, allowing them to collect data on you. Sorry, but "never use the internet again" isn't really a viable option and as long as you use the internet your data will be taken from you without your consent, or even your awareness. Choice, isn't really a factor.
To your point on family ties, potential DNA matching between relatives will not be avoidable. I wonder if there could be a constitutional amendment to protect us.
FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising [2023/02/01]
Under proposed order, GoodRx will pay a $1.5 million civil penalty for failing to report its unauthorized disclosure of consumer health data to Facebook, Google, and other companies
FWIW, I used to work in healthcare IT, mid 2000s. At the time, it was understood that sharing data for the purposes of marketing and advertising was illegal.
Also, being a geek somewhat familiar with stuff like tracking pixels, I'm still not sure what to make of GoodRx's response.
If I can't make head's or tails of this case, what hope does a layperson have?
That would never work for a variety of reasons, namely that it would result in an unsustainable amount of litigation. Arguments would also be made that copyright exists not just for the creator but for the public good, and if it harms society as a whole (which is conceivable if any given datum shared has a high probability of being a copyright violation) then it couldn't be justified. That is, of course, the insidiousness of copyright; it's used against the public routinely under the guise that it helps the public.
> people have ownership (including copyright) over their own PII
I like this idea in concept. The catch is how to define "PII". The current definition of it is incredibly inadequate, as it omits a great deal of information that is personally identifying.
I do object to the expansion of copyright that this would require, though. Copyright law is already overly oppressive, and I fear this would make that worse. Perhaps make a distinct property right over PII instead?
For copyright there has to be a minimum amount of creativity involved before the law applies. Small snippets of PII would not overcome that hurdle but these small pieces of PII are protected like you describe in the UK and the EU (GDPR).
The rights grante by the GDPR cannot be signed awy by a licensing agreement, but the can be overruled by other laws (e.g. mandatory retention times for tax purposes).
Perhaps in tandem, incorporate everyone/turn everyone into LLCs. Corporations seemed to have more rights than people even before corporations were "people". Might as well level the playing field there too.
I used to add a copyright notice to the bottom of my resume, to prevent distribution. Don't know how well this works practically speaking, especially in this electronic day and age.
The law would also need a provision that the right to use someone else's personal information could only ever be licensed, and that license could be revoked at any time. Otherwise the surveillance industry would just do the usual American dance of nullifying rights through contracts of adhesion.
The FBI here is merely a symptom and the tip of the iceberg. The US sorely needs something akin to the GDPR, to prohibit this unaccountable shadow government that is the surveillance industry. I personally think passing the GDPR verbatim and letting the courts sort it out would be a decent approach given how our legislative process otherwise undermines regulation by letting corporate lobbyists buy exceptions that destroy the intent of the law while leaving only the bureaucratic red tape intact as an anticompetitive warning. But I do think that if the GDPR were to be translated into the US legal concepts, it would take the shape you've started to lay out.
If that goes too far, do something like the UK's Data Protection Act of 1998 that insists almost all PII is subject to review by the individual and they can demand erroneous data be fixed. They can also demand deletion in various scenarios.
But personally, I like the copyright idea. If a copy of a song can be protected from being made legally, even if I personally make the copy, I see no reason why my most personal of details cannot be similarly protected.