PPI In 48
What the bill says: "A social networking Internet website shall remove the personal identifying information of a registered user in a timely manner [48 hours] upon his or her request. In the case of a registered user who identifies himself or herself as being under 18 years of age, the social networking Internet website shall also remove the information upon the request of a parent of the registered user."
Translation: If I want my personal data off your site, you've got 48 hours to do it including my name, address, telephone number, driver's license number, Social Security number, place of employment, employee identification number, mother's maiden name, demand deposit account number, savings account number, credit card number, and GPS location coordinates (including photograph metadata). Parents have the right to demand their kids' data be erased within 48 hours if the child is under 18.
What the industry says: "[This law] would impose a duty on social networking sites difficult or impossible to discharge using existing technologies...[it] would [also] disrupt the legitimate speech [of others]...For example, hundreds of Californians can rightly claim the California Senate as their place of employment. Under SB 242, any one of those individuals would have the right to demand that any other mention of California Senate by another user be taken down."
Reality check: Considering the massive server farms these companies use to store data, 48 hours may not be enough time to scrub your information completely. But a clearly defined time limit to scrub your data wouldn't be such a bad thing. The bill would also make more sense if it clearly spelled out that sites had to take down personal information supplied by you, and not data supplied by others.
Privacy and the law
California's Social Networking Privacy Act, if passed, might make it difficult for social networks to carry out their operations. But at the same time the bill includes some good privacy proposals. Restricting what social networks can do with your home address and telephone number without your explicit consent is a good idea considering Facebook's recent attempt to open up your home address to third-party developers. A clearly defined requirement to remove user data within a certain time frame would also go a long way to protecting personal data.