Internet Bill of Rights
Kara reports Khanna’s list: … “You should have the right”:
- to have access to and knowledge of all collection and uses of personal data by companies;
- to opt-in consent to the collection of personal data by any party and to the sharing of personal data with a third party;
- where context appropriate and with a fair process, to obtain, correct or delete personal data controlled by any company and to have those requests honored by third parties;
- to have personal data secured and to be notified in a timely manner when a security breach or unauthorized access of personal data is discovered;
- to move all personal data from one network to the next;
- to access and use the internet without internet service providers blocking, throttling, engaging in paid prioritization or otherwise unfairly favoring content, applications, services or devices;
- to internet service without the collection of data that is unnecessary for providing the requested service absent opt-in consent;
- to have access to multiple viable, affordable internet platforms, services and providers with clear and transparent pricing;
- not to be unfairly discriminated against or exploited based on your personal data; and
- to have an entity that collects your personal data have reasonable business practices and accountability to protect your privacy.
Some of these seem pretty obvious. Others, like #5, seem gratuitous, while others such as #3 depend a lot on the particulars. I recommend reading thoroughly.
Twenty-odd years ago, when I was working for <giant telecom/cable company> I was one of the few people there who believed TCP/IP was going to win as the standard for data services. At that time, the top three things on my list of guarantees for the customers were (1) every household gets a public IP address, (2) every household gets a permanent DNS name, and (3) no restrictions on what servers people run. Most of that, of course, was me being selfish. I had a Linux box at home doing household server chores, and I wanted to run mail and web services for the family as well.Report
Numbers 9 and 10 are awfully important to that whole framework, but depend entirely on how you want to define “unfairly” and “reasonable.” And that reminds me that most of these conversations about how the internet ought to be are based on a presumed set of norms that haven’t actually become norms yet.
For instance, what is my ownership stake in “my personal data?” I’m not sure that I recognize that as something that I own at all. It really seems quite ephemeral. I’m not saying that it doesn’t exist, just that I haven’t yet fully thought through what it means if it does exist. And I don’t think that I am alone.Report
I’m torn between how this is all going to play out. The feds are making noise about this now that the GDPR and California Consumer Privacy Act are out there, but both of those laws are IMO fatally flawed. The EU approach is bad because of how heavy handed it is. For that reason alone the application is guaranteed to be more political than principled and probably will stifle trade and development. The California approach on the other hand is so riddled with exceptions and tension with other privacy regulatory frameworks that I think it will likely amount to nothing.
I know this is a pipe dream but I think the regulate first approach might be getting it backwards. Instead, governments should invest in the development of individual data control technology to get a sense of whats feasible, then the regulatory framework should follow. Maybe I’m wrong and the regulations will spur the development governments and consumers want to see but I’m really skeptical that legislatures and enforcement bodies have the expertise to get this right. Right now its all been reactive (the California law was rammed through to prevent a referendum, for example).Report
If you go back and read the original Bill of Rights, you’ll see that it’s purely a restriction on government power, and imposes no restrictions or obligations in private actors. Putting aside the question of whether these are good policies, there’s something deeply Orwellian about creating a set of policies that does nothing but empower government to restrict private actors and calling it a Bill of Rights.Report
This is myopic. Yea calling it a bill of rights isn’t the term I’d use and its sort of out of step with the history of rights. What it is proposing in practice is a cause of action for individuals and probably an ability for regulators to bring enforcement actions in the public interest. It’s very important to get the policy right but overall these concepts are a very normal function of government.Report
Yep. Under the guise of these new rights, anyone who can hire a lawyer and find the right judge could wreck the Internet.
1. means that any company that collects data has to provide it to not only you, but to everyone, even your ex, bill collectors, and stalkers.
2. means that you have to give your consent everytime you reply, because the person you reply to will then have whatever data you provided in your comment, such as your opinion o f Star Wars episode IX. This will be inconvenient, to say the least.
3. Is a great way to kill Wikipedia when we realize that no two people have the exact same definition of “fair process”, and when we realize that we’re all third parties.
4. begs the question of what the penalty is for failing to secure data as long as they tell you everytime there’s a breach. You could get beeped ten times an hour with “Someone read your personal data again!”
5. WTF? The right to move data from one network to the next? What is the “next” network? Does this include the right to move data from a classified network to an unclassified public network? Is this just a “save Hillary” ploy?
6. means that critical communications during disasters can’t be prioritized over elf porn.
7. means that a person running the network can’t collect data on how fast their network processed your communications, etc. Just the fact that you sent packets is, itself, data.
and on and on.Report