California’s Proposed Online Privacy Act Faces Stiff Opposition
By Ian Paul
Facebook, Twitter, Google and others are worried about a proposed California law that would impose new privacy regulations on social networks, stop personal data from being displayed without your consent, and give new powers to parents over their kids’ profiles. If social networks failed to live up to any of the bill’s requirements, the companies would face a fine of up to $10,000 for each violation.
Needless to say, social networking companies that stand to be affected are not happy with the proposed legislation, dubbed the Social Networking Privacy Act. A coalition of 17 companies and trade groups that includes eHarmony, Facebook, Google, the Internet Alliance, Match.com, Skype, Twitter, Yahoo and Zynga have sent a letter to the bill’s sponsor, State Senator Ellen Corbett, voicing their concerns over the new bill, according to All Things D.
The companies argue that to comply with California’s proposed law, they would have to impose these regulations on all users worldwide. It would be impossible, the companies argue, to know for sure who is and who is not a California resident. The new law could also stifle innovation causing “significant damage to California’s vibrant Internet commerce industry at a time when the state can least afford it,” the companies say.
Breaking down the bill
Are the service providers right? Is California about to ruin social networking online forever? Let’s take a look at key components of the new bill as it stand right now, and what the industry has to say about it.
Locked down by default
What the bill says: “(a) A social networking Internet website shall establish a default privacy setting for registered users of the site that prohibits the display, to the public or other registered users, of any information about a registered user, other than the user’s name and city of residence, without the agreement of the user…(d) [these] provisions shall only apply to a text field specifically designated to display the registered user’s home address or telephone number.”
Translation: Social networks by default cannot display your home address or telephone number without your consent. Although the language does suggest this regulation could be interpreted as applying to almost all your profile data.
What the industry says: “By hiding from view of all existing users’ information until they made a contrary choice,” the State of California would be significantly limiting those users ability to “freely speak, write and publish his or her sentiments on all subjects.”
Reality check: The industry’s argument sounds like complete nonsense to me. You can still open up your profile information to others with just a few clicks in your privacy settings. Besides, it appears this regulation only applies to your home address and telephone number, although the wording of the bill is confusing.
Privacy settings first
What the bill says: “A social networking Internet website shall establish a process for new users to set their privacy settings as part of the registration process that explains privacy options in plain language … privacy settings [must be] available to all users … in a conspicuous place and an easy-to-use format.”
Translation: New users have to configure their privacy settings before they can use the site, and privacy settings have to be simplified for all users.
What the industry says: “[The bill would] force users to make decisions about privacy and visibility of all of their information well before they have ever used the service. … A description of all availability [sic] privacy and visibility options to a consumer who has never used the service in question could take thousands of words and up to half an hour to read.”
Reality check: Making privacy settings simpler would be a great thing, especially for Facebook users. But the industry makes an interesting point. How do you know how private you want a service to be if you’ve never used it and don’t know what it will be like? Twitter, for example, works best as a completely public network, while Facebook is designed to share information with your friends. Perhaps a better solution would be to require users to go through a privacy settings wizard within the first week they use a new service. That said, I doubt it would take “thousands of words and up to a half-hour to read” to explain privacy settings to a new user.
PPI In 48
What the bill says: “A social networking Internet website shall remove the personal identifying information of a registered user in a timely manner [48 hours] upon his or her request. In the case of a registered user who identifies himself or herself as being under 18 years of age, the social networking Internet website shall also remove the information upon the request of a parent of the registered user.”
Translation: If I want my personal data off your site, you’ve got 48 hours to do it including my name, address, telephone number, driver’s license number, Social Security number, place of employment, employee identification number, mother’s maiden name, demand deposit account number, savings account number, credit card number, and GPS location coordinates (including photograph metadata). Parents have the right to demand their kids’ data be erased within 48 hours if the child is under 18.
What the industry says: “[This law] would impose a duty on social networking sites difficult or impossible to discharge using existing technologies…[it] would [also] disrupt the legitimate speech [of others]…For example, hundreds of Californians can rightly claim the California Senate as their place of employment. Under SB 242, any one of those individuals would have the right to demand that any other mention of California Senate by another user be taken down.”
Reality check: Considering the massive server farms these companies use to store data, 48 hours may not be enough time to scrub your information completely. But a clearly defined time limit to scrub your data wouldn’t be such a bad thing. The bill would also make more sense if it clearly spelled out that sites had to take down personal information supplied by you, and not data supplied by others.
Privacy and the law
California’s Social Networking Privacy Act, if passed, might make it difficult for social networks to carry out their operations. But at the same time the bill includes some good privacy proposals. Restricting what social networks can do with your home address and telephone number without your explicit consent is a good idea considering Facebook’s recent attempt to open up your home address to third-party developers. A clearly defined requirement to remove user data within a certain time frame would also go a long way to protecting personal data.
Are you for or against governments restricting how social networks treat user data? Read the industry letter and SB242 for yourself and let us know what you think in the comments below.