I’m thinking something along the lines of the GDPR where companies must get consent to track you, and must delete your data upon request.
I see a few arguments here:
- yes, websites are like stores and have the obligations of a store to protect user data (IP address, HTTP headers, etc)
- no because the internet is “the commons,” so no expectation of privacy (no expectation that the website follows your local laws)
- no because you’re voluntarily providing the data, but you’re well within your rights to block tracking attempts
So, some questions to spark discussion:
- does data collection violate the NAP?
- does sale of personal data (without a TOS in place) violate the NAP?
- if no to each of the above, is it worth violating the NAP to enforce a right to digital privacy?
I think the whole idea of a “right to privacy” is misleading and destructive, since it places the focus incorrectly.
The question shouldn’t be whether or not people have a “right to privacy,” but whether or not other people should have the right to violate their privacy.
And the clear answer to that, IMO, is no.
So for instance, if you provide personal information to a website, the concept is that they have the right to do as they please with it unless and until you are declared to have a right to maintain the privacy of that information.
But I think that starts with a flawed presumption - the company should NOT have an inherent right to do as they please with that information. That information is not their property - it’s yours. You shared access to it with them for a specific purpose, and the presumption right from the start should be that the only right THEY possess regarding that information is to use it for that specific purpose. You shouldn’t need a right to stop them from doing any more with it because they shouldn’t be seen to have the right to do so in the first place.
Of course that’s not going to happen in our surveillence autocracy - the last thing in the world the wealthy and empowered few want is to have to make a case for a right to every abuse they want to pursue rather than being able to do as they please save for the bare handful of rights to be free from abuse that they grudgingly allow us plebes to claim, but still…
deleted by creator
I think in general the larger the organization (government, business, etc) the fewer rights/more restrictions they should have.
As far as for individuals, my beliefs are closest to the third argument:
no because you’re voluntarily providing the data, but you’re well within your rights to block tracking attempts
You do not understand how data brokers work if you think they only have information you voluntarily provided them. Facebook started collecting information on everyone, even people without accounts over 15 years ago. Google started way before that. Informatica knows everything about you.
These huge tech corporations have tracking scripts are spread over the entire Internet. They’ve written sophisticated methods to circumvent cross-site scripting, and cross-site tracking. Don’t believe me? Install DuckDuckGo and activate app tracking. Wait like an hour. Don’t even touch your phone. Just pick it back up in an hour and see how many apps sent data to Google during that time.
Google, Facebook, and Twitter offered free things to the internet. Google offers analytics, Facebook as stupid like buttons and stuff like that, and Twitter has embedded stories, and a few other things. This stuff is littered all over everything. Every single app or site with one of these or the 100 other things they offer to webmasters gives them more tracking. They use AI to extract meaning from millions of lines of text you send, sites you visit, etc. and they build a profile on you. Then they sell it to Cambridge Analytica, Informatica, and other data brokerages. This is a super simplified explanation, because it would take me all night long to type it out technically.
If you don’t care about that, then you might care that they’re selling the information to the federal government too. The FBI, NSA, and a bunch of other agencies are using your tax dollars to spy on everything you do, all without a warrant. It’s no different than if they wanted to plant microphones in your house, and read your mail, but they had no justifiable reason to obtain a warrant, so they just paid Blackrock to do it and then share the information with them. They’re violating the Constitution on a colossal scale every single day, and they’re using your money to do it.
Sorry if my comment was unclear, I do care about digital privacy laws. I was just trying to say that they should be applied only to groups of people (Meta/Facebook, NSA, etc) rather than individuals. Edit: typo
So perhaps any for-profit entity? Businesses generally have to provide some level of confidentiality when accepting user data (varies by industry), so it sounds like maybe you’d just extend that to online entities?
How far would go you? Can you waive your copyright to posts with one of those “you agree to these terms by continuing to use the site” notices? Or would there need to be a more explicit contract?
I want to include more than just for-profit entities for example any of the government agencies.
Also I think it makes sense to limit the amount of power an entity can acquire through “online contracts” (EULA, cookie preferences, click to agree to terms of service, etc) especially since those are often ignored or blindly accepted by many people.
How is this even in question? Of course there should be. What happens now is atrocious. Plus the government is using private corporation’s spying as a workaround to the constitutional right to privacy, trading your tax dollars to Facebook and the like for your information. They’re circumventing the Constitution as if the digital world is somehow exempt from the laws that protect us.
the government is using private corporation’s spying as a workaround to the constitutional right to privacy
First of all, the government generally has more restrictions than private parties. So whether governments are allowed to buy your personal data is a completely separate matter than if a company is.
I think the government buying your personal information is a violation of the fourth and fifth amendments. If it needs your data as evidence for a crime you’re accused of, it can go through the proper legal channels and subpoena the specific information it has sufficient, articulable reasons to believe exists and is relevant to the crimes you’re accused of.
I should’ve been more clear that I’m more interested in a general right to privacy, like the GDPR is based on. Should companies like Google and Facebook be allowed to track you across the web through agreements with other websites? Should they be allowed to sell that data to other non-government entities? Should they be obligated to delete your data upon request?
We have case law that indicates an expectation of privacy when you’re in your home or in your vehicle, as well as no expectation of privacy when you’re in a public place or on someone else’s property. Which does the internet fall under? And would a right to privacy be considered a negative right or a positive right? Negative rights are generally protected by default, whereas positive rights need to be explicitly granted in law.