Here Comes the US GDPR: APRA, the American Privacy Rights Act
2024-4-9 01:2:28 Author: securityboulevard.com(查看原文) 阅读量:13 收藏

Reimagined “Just a bill” of Schoolhouse Rock fameA draft federal privacy act has Washington DC buzzing. But it’s just a bill—and it’s a long, long journey before it becomes a law.

It’s about time: After the EU and some states showed the way, we might finally see a U.S. privacy law. The billmoms, Sen. Maria Cantwell and Rep. Cathy McMorris Rodgers “certainly have a lot of patience and courage.”

We’ve been here before. In today’s SB Blogwatch, we hope against hope.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: My Oh My Oh My.

Enter the Lobbyists

What’s the craic? Andrew Desiderio, John Bresnahan and Jake Sherman broke the story: Now the hard part starts

Concerns from Big Tech
A bipartisan, bicameral agreement on data privacy has finally emerged after years of hand-wringing and competing proposals. … As we scooped on Friday, … Cantwell (D-Wash.) and … McMorris Rodgers (R-Wash.) have unveiled a joint proposal on an issue that has so far stymied lawmakers. [It] would essentially create the first-ever national data privacy standard [and would] hold companies accountable if data is hacked or stolen.

But there are already concerns from the Big Tech companies. … We’re hearing complaints about … allowing individuals to “opt out” of targeted advertising. [But] the major tech companies will likely be OK with a national standard … versus a plethora of different state standards. … What is clear is that this will be a huge lobbying bonanza for K Street, where Big Tech spends money freely.

What do they propose? David Shepardson adds: US lawmakers strike deal

Annual reviews of algorithms
[The] bipartisan data privacy legislation … would restrict consumer data that technology companies can collect … give Americans the power to prevent selling of personal information or compel its deletion … and require disclosure if data has been transferred to foreign adversaries. … The lawmakers said the plan gives the Federal Trade Commission and state attorneys general broad authority to oversee consumer privacy issues and establish “robust enforcement mechanisms … including a private right of action for individuals.”

Consumers could sue “bad actors who violate their privacy rights.” … The bill would require “annual reviews of algorithms to ensure they do not put individuals … at risk of harm.”

What else? Cantwell and McMorris Rodgers are the horse’s mouths: Historic Draft Comprehensive Data Privacy Legislation

The American Privacy Rights Act: …

    • [Sets] one national privacy standard, stronger than any state’s.
    • Minimizes the data that companies can collect, keep, and use … to what companies actually need. …
    • Gives Americans control over where their personal information goes. …
    • Requires companies to let people access, correct, delete, and export their data. …
    • [Requires] affirmative express consent before sensitive data can be transferred. …
    • Prevents companies from enforcing mandatory arbitration. …
    • Allows individuals to opt out of a company’s use of algorithms to make decisions. …
    • Makes executives take responsibility for ensuring that companies [obey this] law.

Sounds good, if they can make it stick. steelframe worries it’ll be watered down:

A representative for my state has recently been bragging about her efforts to protect people’s privacy … by requiring them to disclose whether they offer a way to opt-out of your data being used in certain ways, or they will have to pay a fine. This is far, far below the bar for me.

This legislation really needs to make any data collection in the first place illegal except on an opt-in basis. None of this, “Oh you can keep collecting the data all you like, but if someone asks you to pretty-please not use it in certain ways, maybe you should pinky-swear that you’re going to do that.”

But if the American people want this so badly, why not? _xeno_ knows why not:

The open secret is that the NSA has largely outsourced mass surveillance. There’s no need for the government to spy on everyone if private industry already does—just make sure private industry pumps all that data to the NSA.

The other thing a “privacy law” would likely be used for is to attack foreign apps, like TikTok, in an attempt to ensure that the US continues having access to the data they gather. … The one thing we can be certain of any “bipartisan law” is that the people being *****ed are the American people.

But those self-same American people don’t care as deeply as we might think. That’s what foremi concludes:

The problem is that people legitimately just don’t actually care. … That’s the reality.

It doesn’t matter if it’s Facebook or Google—who … collect everything they can on you to then just sell ads to you—or it’s a Chinese CCP owned company selling literal cameras and mics to stream and record everything 24×7.

How do we make them care? Razengan has an idea:

Picture a possessive ex peeping through your window with binoculars. Following you everywhere you go. Wiretapping your house. Hacking your accounts to see all your photos. … A privacy watchdog really should publish an ad like that, to really drill into the common masses about what corporations do to us.

The big win for business is surely the pre-emption. u/ZigZagZedZod thinks so too:

The devil’s in the details … but my first reaction is that a consistent federal privacy law has to be better than an inconsistent patchwork of state laws. I’m eager to follow the debate on this legislation.

Meanwhile, u/jonathanrdt fears Not Invented Here:

This is a decade overdue. … Europe and California have already written the laws. [We] just need to adapt them.

And Finally:

Max vs. Cabello

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: Shelly ʕ•ᴥ•ʔ (cc:by; leveled and cropped)

Recent Articles By Author

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 601 posts and counting.See all posts by richi


文章来源: https://securityboulevard.com/2024/04/apra-us-gdpr-privacy-act-richixbw/
如有侵权请联系:admin#unsafe.sh