[alextingle]

How would you formulate such a law? What does Germany's Telemedia Act actually say?

I can refuse to let you into my house if you won't show me your passport. If you don't have a passport, then I can just refuse to let you in no matter what. How does that change if I'm running a business? Or a web-site?

Surely it would be better to focus on supply rather than demand. If government ID is mandatory for everyone (e.g. Germany, Belgium), then it makes it easy for businesses to demand to see it. If government ID is entirely optional (e.g. UK) then insisting on seeing it will exclude too many potential customers.

If FB asks me for government-issued photo ID, then they will effectively be kicking me out - I'm not going to go through the rigmarole of applying for a passport just to get a FB log on.

[aestetix]

That's been the question of a lot of debate, which is why we're focusing on policy right now (hopefully eventually law).

The Telemedia Act specifically allows use of non-government-issued ID online. This has been the subject of a big lawsuit with Facebook: http://fusion.net/modern_life/story/german-state-fine-facebo...

Regarding the second set of questions, that's the big question right now. IANAL, but the "my house" is a domicile related context. While Facebook is not a domicile, they are a company, and a company can set their own policies. The challenge is that the people using Facebook aren't really employees, and they are using it like a public forum, which it isn't. There are a lot of social issues revolving around this. There's also the 3rd party doctrine to take into account (which incidentally is how NSA is justifying a lot of their monitoring).

In terms of government ID being mandatory, you have two issues: one, that while many countries do have a national ID, the US does not. Second, if you require an ID for a website, then you run into all kinds of issues: data retention, access privilege, fraud problems, etc. South Korea had a related law which they abandoned in 2012 after several years, and China just adopted one.

So the general answer is "it's complicated, it's a discussion much longer than a hnn thread offers, and nobody really knows yet." Hope that helped :)

[rmc]

How would you formulate such a law? What does Germany's Telemedia Act actually say?

I can refuse to let you into my house if you won't show me your passport. If you don't have a passport, then I can just refuse to let you in no matter what. How does that change if I'm running a business? Or a web-site?

Well they basically say "It's illegal to ask for and store personal information like that". "Fine", you say, "I'll just deny you access unless you do this and that". "Fine", they say, "We'll see you in court".

It's like anti-discrimination law. Sure you're free to run a business, but there are legal limits to what you can do.

[ZoFreX]

> I can refuse to let you into my house if you won't show me your passport. If you don't have a passport, then I can just refuse to let you in no matter what. How does that change if I'm running a business? Or a web-site?

Well, you would presumably be keeping some kind of record of my ID. Perhaps you write down my name, date of birth, and passport number. As a business, in the UK you would have to (amongst other obligations):

* Not keep the data any longer than is necessary * Update any inaccuracies in the data upon request * Tell me what data you are keeping upon request

It's not about asking for data, it's about what you do after I give it to you. (NB to those wanting to know more about this, these particular obligations are due to the Data Protection Act)

[alextingle]

I'm not sure the DPA needs to come into it. If a nightclub bouncer checks your ID, then he's free to forget all about it once he lets you inside. If all FB do is set an "ID checked" flag (and discard data collected as part of the checking process) then I think they'd be in a similar position - I'm not sure whether you could successfully argue that an "ID checked" flag could count as additional personal data.

(Then again, I'm sure FB hold on to data like thieving magpies, so the idea that they would delete your passport number/image/whatever once they have it is, I agree, laughable.)

[ZoFreX]

I agree 100%, a simple "ID checked" flag would be OK. Where I think the DPA fits into it is that without the DPA, a lot more people would store those details just because. With the DPA in place I'm a lot more comfortable sharing information like that, knowing that either they just store a flag, or if they store more than that I am protected.

[aestetix]

Not necessarily. What happens if someone challenges Facebook on their flags? If you're a bouncer, you can hunt down the person who looks underage and re-check their ID. It's much harder to do that with something like Facebook.