[dalbasal]

So... I'm a worried netizen. I have concerns about data monopolies, privacy, surveillance, the ad-tech industry, cambridge analyticas... which puts me in the hn majority, I guess.

That said, what specifically are we aiming for. Privacy laws? Is there a bullet point of what these laws prohibit/require? Enforcement mechanisms? Standards? Protocols?

"Pro-privacy" isn't really enough, for a political program.

It would be great if one of these think tanks could put forward a specific agenda, preferably one that a large portion of us can support. What is it we want achieved?

[raxxorrax]

I think the best approach to informational self-determination is to define that any information concerning you as a person belongs to yourself. Any diversion needs active consent. This is what this think tank (a name for every sweaty office) allegedly wants to get rid off.

I doubt this clear definition is impractical or utopian and could very well be implemented, so I doubt effective privacy legislation needs to be extensive. People consent to share information all the time. That would of course cost an industry that has stakes in information about you, even if that is not their primary business.

Furthermore it is worth to think about if there is any information about you which you are not eligible to share.

It is not trivial to determine if information is personal. Perhaps there should be a formal process to determine that.

[soared]

> any information concerning you as a person belongs to yourself. Any diversion needs active consent

But in the US that isn't true even outside of the internet. If you walk outside of your home/land, I can legally photograph and record video of you. I can write down what you're wearing, make assumptions about your income based on your address, record you gender/age/etc. All of that is 100% legal - you willingly give up information about yourself when you go to public places.

You could argue the internet is not a public space but that counters most pro-privacy people's opinions on free speech/etc online.

[bduerst]

Exactly. What if I remember seeing you somewhere? Do I need to forget that information if you ask me to, because it's information about you and you own it?

[JohnFen]

> you willingly give up information about yourself when you go to public places.

No, I really don't. I just can't do anything about it. I would agree with some form of this "implied consent" argument if going outside were an optional activity, but it's not.

[soared]

I'm not sure I understand your point, but I don't think going online is an optional activity either.

[JohnFen]

I'm not willingly giving up any information by being in a public space, because I don't have any choice about being in public spaces. Any information people gain about me is being taken, not given freely.

> I don't think going online is an optional activity either.

I think that can be debated, but let's say you're right: that just reinforces my point.

My essential point is that the "public space" argument isn't terribly meaningful. Actual consent can only be given in the absence of coercion. If being surveilled is a requirement in order to simply function as a human being, then consent doesn't enter into it.

And, in my view, all of the arguments about privacy and spying hinge on the issue of consent. If data is being gathered about me without my consent, then I'm being spied on.

[gcb0]

and where do you draw the line when moving from real world example to digital?

watching tv at home and netflix tracking everything about you?

alexa being actively used in your home to check the weather?

alexa and LG tvs passively listening in your home? and reporting back all the offline media you play?

google tracking what you search in your property (devices) in incognoto mode?

you using a mobile device that is technically owned by the wireless provider for another 11mo?

[tensor]

I very strongly disagree. There is a ton of data that wouldn't exist without the products you use. At best, it would be jointly owned because it is jointly created, but just as you are deserving of privacy, so too are companies with respect to their code and technology.

Do you "own" server logs simply because they reference your user id or an action you performed? Do you own the model architecture of machine learning models that may have incorporated your data?

The idea that you should own any information relating to you is entirely impractical, and completely disregards any notion of intellectual property too. There needs to be some protections for users with respect to privacy, absolutely, but it cannot be anywhere close to that one sided.

In particular, if you as a user want to use a service, you must agree that some data derived or about you is going to be kept private, because it is combined with IP of the company providing the service to you. It's reasonable to limit what companies providing services can do with such data, but at a minimum "providing the service to you" must be protected.

[raxxorrax]

You can use data without being the owner. HR isn't allowed to share your personal data on 4chan.

[amalcon]

I think the biggest problem here is that nobody can agree on the sort of information that they want to protect. Obviously everyone is fine with these organizations collecting their forum posts (this is the whole point). Likewise, few want these organizations collecting unauthorized photos by way of laptop cameras. There seems to be some legitimate disagreement on whether organizations should be allowed to collect e.g. your browsing history.

[ocdtrekkie]

Fundamentally, I think we need two key concepts:

- US equivalent of GDPR: A law that would guarantee us the right to control data about us, be informed of data collected on us, and request a copy or delete that data. The critical impact here is to protect our privacy with regards to corporations.

- A generally-defined right to privacy: The EU enshrines privacy as a fundamental human right, the US equivalent would be for us to define a general right to privacy as an amendment to the Constitution. Much like the original Bill of Rights, I would like a right to privacy which is more solidified than the implied one built on other existing rights, but open to interpretation enough to allow for it to adapt to changing situations in the future. The core concept here is to protect our privacy with regards to the government.

[dalbasal]

Parts of the gdpr are good. Imo, these are mostly the data security elements (leak reporting to users and legal barriers data selling).

The consent/privacy elements are near useless, imo. In practice, they amount to a "we value your privacy" notice. I don't think individually "negotiated" consent for users visiting a website or downloading an app is useful or privacy promoting. It just amounts to "tick this box to use this app," most of the time. Other times, there is a UI actively directing the large majority of people away from the rational choice.

[ocdtrekkie]

I disagree wholeheartedly. In many cases the "tick this box to use this app" is not GDPR compliant, and once more enforcement is done, you'll see this pattern diminish or go away. Businesses will eventually transition away from surveillance capitalism, as it becomes increasingly less profitable and it's visibility makes products using it increasingly less appealing to consumers.

Furthermore, GDPR is already in effect in the EU, and multinational companies already have to follow it. There's no reason for us to fail to implement all of GDPR, since so many already have to implement all of it anyways.

[JohnFen]

> Is there a bullet point of what these laws prohibit/require?

I can only offer my bullet point: true consent should be required for anybody to collect or use data that relates to me or my equipment.