Добавить новость
smi24.net
News in English
Апрель
2024

Any Privacy Law Is Going To Require Some Compromise: Is APRA The Right Set Of Tradeoffs?

0

Privacy issues have been at the root cause of so many concerns about the internet, but so many attempts to regulate privacy have been a total mess. There’s now a more thoughtful attempt to regulate privacy in the US that is (perhaps surprisingly!) not terrible.

For a while now, we’ve talked about how many of the claims from politicians and the media about the supposed (and often exaggerated, but not wholly fictitious) concerns about the internet are really the kinds of concerns that could be dealt with by a comprehensive privacy bill that actually did the right things.

Concerns about TikTok, questionably targeted advertising, the sketchy selling of your driving records, and more… are really all issues related to data privacy. It’s something we’ve talked about for a while, but most efforts have been a mess, even as the issue has become more and more important.

Part of the problem is that we’re bad at regulating privacy because most people don’t understand privacy. I’ve said this multiple times in the past, but the instincts of many is that privacy should be regulated as if our data were our “property.” But that only leads to bad results. When we treat data as property, we create new, artificial, property rights laws, a la copyright. And if you’re reading Techdirt, you should already understand what kind of awful mess that can create.

Artificial property rights are a problematic approach to just about anything, and (most seriously) frequently interfere with free speech rights and create all sorts of downstream problems. We’ve already seen this in the EU with the GDPR, which has many good characteristics, but also has created some real speech problems, while also making sure that only the biggest companies can exist, which isn’t a result anyone should want.

Over the last few weeks, there’s been a fair bit of buzz about APRA, the American Privacy Rights Act. It was created after long, bipartisan, bicameral negotiations between two elected officials with very different views on privacy regulation: Senator Maria Cantwell and Rep. Cathy McMorris Rodgers. The two had fought in the past on approaches to privacy laws, yet they were able to come to an agreement on this one.

The bill is massive, which is part of the reason why we’ve been slow to write about it. I wanted to be able to read the whole thing and understand some of the nuances (and also to explore a lot of the commentary on it). If you want a shorter summary, the best, most comprehensive I’ve seen came from Perla Khattar at Tech Policy Press, who broke down the key parts of the bill.

The key parts of the bill are that it takes a “data minimization” approach. Covered companies need to make sure that the data they’re collecting is “necessary” and “proportionate” to what the service is providing. This means organizations making over $40 million a year, processing data on over 200,000 consumers, and that transfer covered data to third parties. If it’s determined that companies are collecting and/or sharing too much, they could face serious penalties.

Very big social media companies, dubbed “high impact social media companies,” that have over $3 billion in global revenue and $300 million or more global monthly active users, have additional rules.

I also greatly appreciate that the law explicitly calls out data brokers (often left out of other privacy bills, even though data brokers are often the real privacy problem) and requires them to take clear steps to be more transparent to users. The law also requires data minimization for those brokers, while prohibiting certain egregious activities.

I always have some concerns about laws that have size thresholds. It creates the risk of game playing and weird incentives. But of most bills in this area that I’ve seen, the thresholds in this one seem… mostly okay? Often the thresholds seem ridiculously low, covering small companies too readily in a way that would create massive compliance costs too early, or only target the very largest companies. This bill takes a more middle ground approach.

There are also a bunch of rules to make sure companies are doing more to protect data security, following best practices that are reasonable based on the size of the company. I’m always a little hesitant on things like that because whether or not a company took reasonable steps is often viewed through the lens of retrospect, after some awful breach occurs, when we realize how poorly someone actually secured their data, even if upfront it appeared secure. How this plays out in practice will matter.

The law is not perfect, but I’m actually coming around to the belief that it may be the best we’re going to get and has many good provisions. I know that many activist groups, including those I normally agree with, don’t like the bill for specific reasons, but I’m going to disagree with them on those reasons. We can look at EFF’s opposition as a representative example.

EFF is concerned that it does not like the state pre-emption provisions, and also wishes that the private right of action (allowing individuals to sue) would be stronger. I actually disagree on both points, though I think it’s important to explain why. These were two big sticking points over previous bills, but I think they were sticking points for a very good reason.

On state pre-emption: many people (and states!) want to be able to pass stricter privacy laws, and many activists support that. However, I think the only way a comprehensive federal privacy bill makes sense is if it pre-empts state privacy laws. Otherwise, companies have to comply with 50+ different state privacy laws, some of which are going to be (or already are) absolutely nutty. This would, again, play right into the hands of the biggest companies, that can afford to craft different policies for different states, or that can figure out ways to craft policies that comply with every state. But it would be deathly for many smaller companies.

Expecting state politicians to get this right is a big ask, given just how messed up attempts to regulate privacy have been over the last few years. Hell, just look at California, where we basically let some super rich dude with no experience in privacy law force the state into writing a truly ridiculously messed up privacy law (then make it worse before anything was even tested) and finally… give that same rich dude control over the enforcement of the law. That’s… not good.

It seems like the only workable way to do this without doing real harm to smaller companies is to have the federal government step in and say “here is the standard across the board.” I have seen some state officials upset about this, but the law still leaves the states’ enforcement powers on the more national standard.

That said, I’m still a bit wary about state enforcement. State AGs (in a bipartisan manner) have quite a history of doing enforcement actions for political purposes more than any legitimate reason. I do fear APRA giving state AGs another weapon to use disproportionately against organizations they simply dislike or have political disagreements with. We’ve seen it happen in other contexts, and we should be wary of it here.

As for the private right of action, again, I understand where folks like the EFF would like to see a broader private right of action. But we also know how this tends to work out in practice. Because of the ways in which attempts to stifle speech can be twisted and presented as “privacy rights” claims, we should be wary about handing too broad a tool for people to use, as we’ll start to see all sorts of vexatious lawsuits, claiming privacy rights, when they’re really an attempt to suppress information, or to simply attack companies someone doesn’t like.

I think APRA sets an appropriate balance in that it doesn’t do away with the private right of action entirely, but does limit how broadly it can be used. Specifically, it limits which parts of the law are covered by the private right of action in a manner that hopefully would avoid the kind of egregious, vexatious litigation that I’ve feared under other laws.

Beyond the states and the private right of action, the bill also sets up the FTC to be able to enforce the law, which will piss off some, but is probably better than just allowing states and private actors to be the enforcers.

I do have some concerns about some of the definitions in the bill being a bit vague and open to problematic interpretations and abuse on the enforcement side, but hopefully that can be clarified before this becomes law.

In the end, the APRA is certainly not perfect, but it seems like one of the better attempts I’ve seen to date at a comprehensive federal privacy bill and is at least a productive attempt at getting such a law on the books.

The bill does seem to be on something of a fast track, though there remain some points of contention. But I’m hopeful that, given the starting point of the bill, maybe it can reach a consensus that no one particularly likes, but which actually gets the US to finally level up on basic privacy protections.

Regulating privacy is inherently difficult, as noted. In an ideal world, we wouldn’t need regulations because we’d have services where our data is separate from the services we use (as envisioned in the protocols not platforms world) and thus more in our own control. But seeing as we still have plenty of platforms out there, the approach presented in APRA seems like a surprisingly good start.

That said, seeing how this kind of sausage gets made, I recognize that bills like this can switch from acceptable to deeply, deeply problematic overnight with small changes. We’ll certainly be watching for that possibility.








В мэрии назвали условия присвоения Элджею звания почётного жителя

Модель Анастасия Решетова перенесла вирус с осложнениями

В Третьяковке на Кадашевской набережной открылся концертный зал

118 лет назад, 25 июля 1907 года, Ставропольская психиатрическая больница приняла первых 47 пациентов


Juventus and Roma weigh up McKennie & Cristante swap

Brit Who Fought Usyk Calls For Daniel Dubois To ‘Leave The Sport’ After Staying Down In Rematch

Stanford dropout Sam Altman says college is ‘not working great’ for most people—and predicts major change in the next 18 years

UFC Abu Dhabi live blog: Shara Bullet vs. Marc-Andre Barriault


HRlink упростил контроль за сроками подписания кадровых документов

Utrace запускает услугу по валидации IT-систем для фармацевтического рынка

Летним утром туманы душистые

Платформа для нормализации данных EstiOne внесена в реестр программ для ЭВМ


Quarantine Zone creator reveals 3 reasons the zombie sim went viral on TikTok

Первый трейлер Battlefield 6

Краткая биографическая справка о центральных персонажах Mafia: The Old Country

Brütal Legend is free in honor of Ozzy Osbourne, but only for 666 minutes



«Спартак» разгромно проиграл «Балтике» после двух удалений

"НАТО следит за Россией: как медиа рассказывают о воздушной разведке"

Уникальная возможность пройти эстетические процедуры с большими скидками

Пловец из Москвы погиб во время заплыва на Волге


Елена Игоревна Вселенная — писатель, публицист, автор масштабного многотомного проекта «Наследие России»

Технологии будущего: MGIMO Ventures объявляет старт четвертого сезона акселерационной программы

Главные новости дня, 26 июля 2025 года

В Санкт-Петербурге обсудили внедрение ИИ в разработку и оптимальные корпоративные архитектуры


Путин вмазал по НАТО кувалдой. Угрозы Калининграду встали альянсу поперек горла

"Локомотив" победил действующего чемпиона РПЛ

Пловец из Москвы погиб во время заплыва на Волге

Россия заработает триллион долларов, а Европа столкнется с новой «чумой»: неожиданные последствия аномального лета 2025


Весной его дисквалифицировали за мат, а теперь он герой Универсиады. Кто такой Владимир Сидоренко?

Болбой раздавил спасенного теннисисткой Cаккари жука на турнире WTA-500 в США

Калинская пробилась в полуфинал турнира в Вашингтоне.

Теннисист Медведев не прошел в полуфинал турнира ATP в Вашингтоне


Заболотный принес извинения болельщикам за неудачу в матче с "Балтикой".

Подросток выстрелил в сотрудника транспортной безопасности в Москве

Юрий Кара: «Даже Харви Вайнштейн хотел заполучить голую Вертинскую»

"Спартак" крупно проиграл "Балтике" в матче второго тура РПЛ


Музыкальные новости

В мэрии назвали условия присвоения Элджею звания почётного жителя

«Стал таким, каким должен быть мужчина в 45»: Баста об ошибках молодости

«Молодежь любит так же, как мы»: Баста рассказал о смыслах своего мюзикла

Цискаридзе-Николаев откроет сезон МХТ. Какие еще премьеры обещают театры?


Пловец из Москвы погиб во время заплыва на Волге

«Спартак» разгромно проиграл «Балтике» после двух удалений

Уникальная возможность пройти эстетические процедуры с большими скидками

Ni Mash: пловец из Москвы умер во время заплыва на Волге в Нижнем Новгороде


В мэрии назвали условия присвоения Элджею звания почётного жителя

«Ужас, который я пережила, никому не пожелаю!»  Алёна Блин взяла в заложники ловца в новой серии «Погони» на ТНТ

В Томске смс-рассылка обошлась "Сберу" в 500 тысяч рублей

Лео Канделаки и Анжелика Стубайло сыграют в новую трэвел-игру «Кто куда» на ТНТ


На Московской столкнулись электровелосипед и легковушка

В центре Москвы крупная авария парализовала движение автомобилей

В Подмосковье в аварии погибли два водителя и ребенок.

Подмосковные власти ужесточили контроль за платными дорогами


«Личная боль Путина, а им всё равно»: Военный не сдержался после выходки в Москве. Капитан тремя словами подписал себе «приговор»

Почтовая карточка в честь основателя авиации внутренних войск


Профессор Баранова рассказала, кому опасен новый штамм коронавируса



Ликсутов: в Москве увеличивают объем выпуска и ассортимент продуктов для здорового питания

"Осторожен за свое здоровье": Станкович высказался о усталости после игры с "Балтикой".

Максим Ликсутов: Тренд на здоровье: московские ...

Клиника гнатологии в Москве


Почему Израилю можно ВСЁ: Аннексия Палестины и молчание мира

Киев — часть России. Официально: О чём забыли Зеленский и Алиев, сговорившись о "деоккупации"

Турция заявила о договоренности по возможной встрече Путина и Зеленского


Ni Mash: пловец из Москвы умер во время заплыва на Волге в Нижнем Новгороде

"Локомотив" победил действующего чемпиона РПЛ

«Спартак» разгромно проиграл «Балтике» после двух удалений

Пловец из Москвы погиб во время заплыва на Волге



Собянин: Строительство детского сада в Очаково-Матвеевском завершится в 2026

Сергей Собянин. Главное за день

Собянин рассказал, каким будет новый детский сад в Очаково-Матвеевском

Сергей Собянин поздравил работников торговли с профессиональным праздником


В Крыму потушен лесной пожар на территории три гектара.

Катар предупредил Европу о возможности прекращения поставок газа.

В стране, любимой российскими туристами, срочно установили новые правила.

Греция обратилась к Евросоюзу с просьбой предоставить шесть самолетов для борьбы с лесными пожарами.


Заболотный принес извинения болельщикам за неудачу в матче с "Балтикой".

Кечинов сомневается в победе «Зенита» над «Рубином»

Губернатор Воробьев: авария в Королеве устранена, подача воды возобновляется

Юрий Кара: «Даже Харви Вайнштейн хотел заполучить голую Вертинскую»


В Архангельске началось обучение бойцов СВО, сообщил Цыбульский.

Настольный термотрансферный принтер штрих-кодов iDPRT iE4P

70 участников СВО в Архангельске показали мотивацию выше госслужащих — Цыбульский

Путин дал указание рассмотреть проблемы онкологии в Архангельской области.


Прогноз погоды в Крыму на 26 июля

К парню с костылем подошли трое с требованием уступить. Он был готов, но заступилась бабушка по соседству

Как пережить аномальную жару в Крыму без вреда для здоровья: пять правил

Прогноз погоды в Крыму на субботу


Московская область выиграла первый командный чемпионат России по гольфу

Россия заработает триллион долларов, а Европа столкнется с новой «чумой»: неожиданные последствия аномального лета 2025

Профессор Баранова рассказала, кому опасен новый штамм коронавируса

Пловец из Москвы скончался во время заплыва по Волге в Нижнем Новгороде














СМИ24.net — правдивые новости, непрерывно 24/7 на русском языке с ежеминутным обновлением *