That is the problem: we have nothing to hide until someone changes the law. Suddenly those things that were legal yesterday become the crimes of today.
And as their data was harvested, consumers were told: Relinquish your private data to us, it's a fine and normal thing to do, we are trustworthy corporate citizens and privacy is a concern expressed only by those who wear hats of tinfoil.
It's a good question actually. The law was on the books but not being enforced because of Roe. But then the supreme court says Roe doesn't apply and law is fine as-is. Isn't this legally different from an ex-post-facto law?
From the point of view of the company for who it is just a pot of data with no context until analysed, maybe.
It will sure seem retroactive to someone who might have acted differently so the data wouldn't be available to be handed over, if the current laws were in action at the point they could have done something to avoid the data being collected¹².
--
[1] "Generated" is too benign a word here IMO, hence using "collected" instead
[2] "inferred" might be a better choice as the data could be incorrect³ but that still seems to imply less agency than the companies have in their very deliberate stalky behaviour
I used "generated" viewed from the user, "collected" would be from the perspective of the company. I wonder whether there is a legal difference in the case of law changes, which date would be taken?
The classic form of retroactive application of laws would be if someone performed an action, the law was backdated so that action becomes illegal and the performer becomes a criminal.
In this case we're talking not about direct action as the action is implied via the data collected. So if the action was performed before the backdating of the law but the data was collected after the backdating, is the performer a criminal?
> That is the problem: we have nothing to hide until someone changes the law.
As it happens the Dutch authorities were pretty good with collecting ethnicity and confessional data in the inter-war period, then the very bad guys came along and we know what followed.
Data collection at scale and especially data centralization has always been a mistake, too bad many of the livelihoods of us here depend on exactly that.
In the US’s case I don’t think it would take an invasion to put people’s lives at risk because of innocuous (at the time) data collection on sensitive societal issues. This article is just proof of that.
And as their data was harvested, consumers were told: Relinquish your private data to us, it's a fine and normal thing to do, we are trustworthy corporate citizens and privacy is a concern expressed only by those who wear hats of tinfoil.