Privacy groups, online firms gird for battle over California online data-disclosure bill
Recently-filed 'Right to Know Act' would require firms to disclose data collection and data sharing habits
Internet companies and privacy advocates appear headed for a fight over a proposal to broaden California's so-called Shine the Light Law, which requires online companies to disclose to consumers how their personal information is used.
The so-called "Right to Know Act" (AB 1291) would also require online companies to give users access to any data compiled on them.
Privacy groups say the new bill would give consumers more visibility into the data collection and sharing habits of online companies they interact with. Some industry groups, however, contend that the proposal is too broad -- and is unworkable.
The new bill, sponsored by Assemblywoman Bonnie Lowenthal (D-Long Beach), would broaden the provisions of the 10-year-old Shine the Light Law, which requires disclosure of how personal consumer information is used and how it is shared for direct marketing purposes. Lowenthal's bill also requires that online companies provide consumers who ask with specific details on how their personal information is shared with data brokers, online advertisers and application vendors.
Under the proposed law, individual consumers could ask Internet companies like Google and Facebook once a year for a complete accounting of how their data is being collected and used.
The bill gives companies a safe harbor if they take adequate measures to anonymize consumer data before storing or sharing it. In addition, if an online company cannot reasonably link a data profile to a specific person, it would not be obligated to respond to a data disclosure request.
The Right to Know Act helps bring some transparency to how online companies collect and use consumer information, said Rainey Reitman, activism director at the Electronic Frontier Foundation.
The EFF supports the proposed bill.
Most Internet users today are unaware of how much of their personal information is routinely gathered and shared by Internet companies, Reitman said. The proposed legislation would give consumers a view of that, she said.
The law imposes no restrictions on information collection, sharing or selling.
It would not require Internet companies to change current data collection, sharing, storage or security processes, Reitman said. In fact, the provisions contained in the bill are similar to data disclosure laws in Europe, laws that many American online firms must already comply with, she noted.
The bill also provides much flexibility to online firms, said Chris Conley, technology and civil liberties fellow at the American Civil Liberties Union (ACLU) of Northern California.
For instance, instead of having to respond to individual data disclosure queries, an online firm could simply provide just-in-time notices to consumers. The notices could inform consumers of what data of theirs is being collected at a specific moment, and with whom it is being shared, he said.
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Gov't Legislation/Regulation White Papers | Webcasts