[berkes]

How would that legal "protection" work in practice? What would it protect against? Who would it protect?

What you say sounds reasonable. And I'm not trying to say "well, it's impossible because of some current status quo", because we could change that.

What I'm trying to say is that we need this "industry" to work out the practicalities. Otherwise we are "protected" in a same way the GDPR protects us against 3rd part trackers (you don't need a cookie banner if you don't allow 3rd parties to track your users. Yet here we are...)

[alemanek]

Full liability for secondary harms caused by the leak of data that wasn’t directly required to provide a service to those same end users. Selling of data to third parties doesn’t transfer this liability but expands it to include any leaks or misuse coming from the entities the data is sold to. No statute of limitations.

So if company X sells data to company Y and then Y sells to company Z then company X has full liability for leaks or misuse from all entities in the chain.

No more free credit monitoring. Banks, credit card companies, and end users get to directly sue these companies. May not completely solve it but you can try to make it so expensive to mine data you don’t truly need that it ends the whole industry.

I am sure there are holes in this but we can at least try to kill the data brokers and bad actors.

[_heimdall]

We don't need more laws to solve this if your concern is a more harsh punishment for data leaks, we need to remove existing laws that limit the damages a company can be liable for and we need consumers that care enough to sue when they are harmed.

[alemanek]

That is what I am saying above. Full liability for the data stored and shared with others. Transitive liability would need to be a new law though as I don’t believe that currently exists.

EDIT: forgot to mention consumers don’t need to care much for this to be effective. If there are damages to be had law firms are incentivized to file class action lawsuits and recruit affected customers. So, there is an incentivized actor within this framework to do the leg work to get a big payday.

[_heimdall]

> Transitive liability would need to be a new law though as I don’t believe that currently exists.

That likely would end up just being case law rather than legislation. Meaning, a lawsuit can be filed for it today and its up to the courts to decide if that liability is reasonable.

[bondarchuk]

We don't necessarily need the ad industry to work out the practicalities if we simply do away with the whole ad industry. We could quite easily outlaw receiving payments from a third party in exchange for displaying information to your users.

[berkes]

That hardly worked when implemented in the GDPR, where this exchange is most often "free". Why would it work this time?

[bondarchuk]

Sorry, what do you mean ""that" hardly worked"? Making any regulation at all? The GDPR did not do at all what I proposed.

[ninjin]

There is a (lazy) line of argument related to GDPR, cookie banners, etc. that goes something like this: "That legislation failed, thus any legislation will fail." It was a while since I did proof by induction, but I do believe there is some step missing here.

Personally, I am open to an argument that any legislation is folly. But we need to raise the discourse rather than just bash legislative failures (or merely partial successes) of the past.

[berkes]

I wasn't trying to make the argument that since some parts of the GDPR didn't work out as intentended/hoped, other legislation will fail too.

My point was specifically that the GDPR put a law in place that when you send private data from users to third parties, you must ask the user for permission and allow that user to decline this and then not send that users' private data to these third parties.

The idea and intention and hope is clear: that site/app/platform owners don't send/sell data to other parties. Or, if they still do so, are punished by having to nag users with popups/banners etc.

The ad industry then spun this around, ensured that virtually every site nags users (mitigating that punishment), continue harvesting data exactly like before, and -above all- pursuade the general public that "the EU is forcing you to click cookie banners all day" or similar double-speak.

With which I was trying to put forward that any legislation must be a lot better than what the GDPR did here. So as to avoid being circumvented by the industry and also hated by the public.

[bondarchuk]

Ok, sure, but that's exactly what I said: simply outlawing advertising leaves a lot less wiggle room than allowing it but with some minor semblance of consent.

[talkin]

Legal: “it’s forbidden to target ads at specific users”

Done.

[SebastianKra]

My perfect world would have a law against advertising in general. If someone's paying you to say something, it's a conflict of interest and illegal.

Hopefully, the vacuum of people needing to know things would result in better independent Product reviews.

And the vacuum of not spending 30% of your company budget on advertising would hopefully lead to sinking prices and people being more willing to spend on things that were previously funded by advertising.

[_heimdall]

> If someone's paying you to say something, it's a conflict of interest and illegal.

That already misses a huge problem though, I don't pay Mozilla for Firefox and I don't pay most online sites and services that gobble up my data and sell it off.

[robin_reala]

Mozilla has never given us a choice to pay for Firefox.

[_heimdall]

Sure, but I don't think that really changes anything here. The idea of a law that bans advertising when the customer pays you would miss a huge portion of advertising and data collection including Firefox.

[nemomarx]

I read their post as banning it when the advertiser pays anyone else?

[SebastianKra]

That's what my third paragraph was for.

[_heimdall]

Is the concern you want fixed only that paid products still collect and sell data?

I may have misunderstood you, but my read on the third paragraph was mainly that Firefox, in this case, could still have a free browser that collects and sells data. That rule would just add one more fsctor for them to consider if they ever want a paid browser, they both need a viable market and be willing to give up the option to sell data.

[berkes]

Sounds reasonable.

But I highly doubt it removes the want for private data, though. Tracking is also there to measure performance, do AB tests, etc etc.

I'm sure such a broad sweeping law would solve some. But it won't make the ad industry suddenly "good" or go away, or get purged or such.

[eleveriven]

I think legal protections can effectively safeguard user data