[idontknowtech]

This seems to be the crux of their argument, and I find it convincing:

> Passing comprehensive privacy legislation would be a major public good–but APRA no longer can be called comprehensive. Civil rights guardrails are essential for consumer trust in a system that allows companies to collect and use personal data without consent. The new draft strips out anti-discrimination protections, AI impact assessment requirements, and the ability to opt-out of AI decision-making for major economic opportunities like housing and credit. We cannot abide a regime that would perpetuate, in the words of Dr. Ruha Benjamin, a form of ‘Jim Code’: ‘the employment of new technologies that reflect and reproduce existing inequities.’

[giantg2]

So by what logic can you support privacy?

If the systems recreate existing inequalities, then we haven't solved these issues in real life. How can we solve these issues comprehensively?

Seems a better approach is pass privacy protections, then pass laws addressing specific things as we have solutions for them. The AI impact assessment would be better in an AI specific bill that tackles other AI issues too (like law enforcement or government use, what types of systems should require human in the loop, etc).

[thomastjeffery]

I think any talk of anti-discrimination falls way too far behind the bar.

Privacy is an incredibly basic and fundamental right. If there is any provision for data collection without consent ("AI" or otherwise), then that right is violated. No amount of "guardrails" can recover that violation.

[blackeyeblitzar]

I don’t find it convincing at all. Why do privacy protections need to be coupled to anti discrimination language? Pass them as a separate bill, and start with blanket protections on privacy, explicit consent, a ban on data brokers who operate without end user consent, and transparency around how data is obtained. This just looks like an uncontroversial and obvious good (privacy) is being bogged down with politically loaded riders.

[karmajunkie]

FTA:

> The new draft of APRA also creates a massive loophole for personal data collected and used on an individual’s device. Tech companies would be able to do almost anything they want with data that stays on a personal device–no data minimization rules, no protections for kids, no advertising limits, no transparency requirements, no civil rights safeguards, and no right to sue for injured consumers. As AI and computing become more powerful, allowing more processing to occur on a device, this loophole will grow. As a result, this draft of APRA is weaker than state laws it is preempting.

That hardly amounts to an uncontroversial and obvious good—I would say regardless of your feelings on the anti discrimination provisions that it should be the uncontroversial to reject this legislation.

[spencerflem]

If it stays on your device, how is it a privacy violation? It sucks that this preemps stronger laws ofc.

[SamuelAdams]

It depends on how you define what data must stay on the device. You see this all the time with data processing.

Individual actions and usernames are recorded. Let’s call that personal data. That has to stay on the device.

But what if I also ran a “collect usage metrics” process that ran once a week and summarized your actions, removed your username and replaced it with a random GUID, and otherwise painted a profile of how you used my software over the last seven days?

Is that summary level data still considered protected? Can I send that back to my servers without telling you, or if I add a settings toggle for “share usage data to help improve our products”, is that ok?

At what point does data become generic enough to not be personal?

[lesuorac]

Also that data when it's anonymous might be done with a K-Means of 1 or 3 which is basically unanonymous.

https://en.wikipedia.org/wiki/K-means_clustering

[karmajunkie]

This guy GDPRs... ^^