| > how about not-tech-specific rules around data sharing transparency Such as... a General Data Protection Regulation?
GDPR is not "tech-specific", it applies to technical solutions, yes, but also to business requirements and administration, and non-technical data collection. One non-tech consequence here is that stores are encouraged not to ask your SSID equivalent, since that exposes deeply personal information to others nearby. > Just require details on what's shared and with whom for those seeking it That's a big part of GDPR, actually. You're allowed to collect data, with certain rules about transparency and anonymization, and as long as there are reasonable motivators for collecting it. Within reason and with exceptions, I'm sure, but nonetheless, that's a big part of it. > You're gonna find most people don't care anyways I'm willing to bet few people cared about regulations on traffic safety and alcohol as well. That doesn't mean that regulations to hold bad actors responsible aren't necessary, as has been proven countless times through leaks, sometimes very large or sensitive leaks. > And please please learn from EU mistakes and establish enforcement mechanisms. What do you mean by this? What "mistake" has the EU made? They have enforcement mechanisms in place to target companies for violations of GDPR. It will take time to work out the details and establish case law, but I don't see anyway around that. Even if you introduce "small" regulations, companies will fight the charges or fines that you bring to establish precedent. > If we all have to hire lawyers and/or compliance assistance, then the first step is too large. You all don't. Larger corporations probably do, but that's unavoidable. GDPR was announced something like two years before implementation, and published in a lot of different ways beforehand. There were compliance consultants, yes, but there were also PSAs, education, advertisement, easy-to-read summaries and tons and tons of material to read up on. > heavy-handed government regulations on the internet bring more bad than good The view of pre-GDPR internet as something free of regulation, or free from government involvement, or as nothing but a land of milk and honey seems to me like a pretty severe case of rose-tinted glasses, especially if we're talking the last 10-15 years. There have been a lot of issues with the internet, even without mentioning all the severe privacy breaches, or breaches that are a concern for national security. |
Without the rest, sure. Law's also exist for consumer data sharing transparency in the US, they just need to require more detail and have their scope increased (again, if we're resigned to the fact that something must happen).
> That's a big part of GDPR, actually
Right, my whole point is starting small, i.e. without all the other big parts.
> I'm willing to bet few people cared about regulations on traffic safety and alcohol as well
We have to stop debating like this. I could bring up drug laws or prohibition to bolster my point about government regulatory overreach and its consequences. But doing this at a high level negates the nuances in the debate on this issue which has no historical equivalences from which to draw.
> What do you mean by this?
I have not seen large scale equitable enforcement of EU internet laws to justify their size. It's becoming a more rational approach to ignore the laws. Even proponents of the GDPR use subjective enforcement to allay small business fears of compliance. This is why I promote proving you can enforce before expanding scope.
> You all don't
That is a product of levels of risk, legislation scope, and market reaction to the general murkiness of how it will be interpreted and enforced. It's like telling a business they don't need an accountant, the information is all out there.
> The view of pre-GDPR internet as something free of regulation, or free from government involvement, or as nothing but a land of milk and honey seems to me like a pretty severe case of rose-tinted glasses, especially if we're talking the last 10-15 years.
Agree and I definitely don't share that view. I am proud of my peers for fighting it where we have, I just wish we could separate what we want vs how we get it.
Speaking of breaches, I think that's a great initial place to direct legislation and build citizen support against reckless companies without going all in on legislation of data specifically. It also has the benefit of punishing violations instead of prescribing specific maintenance rules.