We need a very simple law. “1. You cannot track a user or send marketing spam without their explicit consent. 2. The user can take away the consent at anytime and you gotta stop the peepin. 3. The user can ask for what you’ve tracked and you gotta give it to them. 4. The user can ask you to delete their data and you gotta respect that.”
I know this is what GDPR is but we need a saner US version of it.
We can’t be technology leaders and still pretend it’s the Wild West.
Not only is it not enforced (why are Google and Facebook still around considering their entire business is to basically violate the GDPR?), but there are plenty of exemptions that can be abused to argue that nasty behavior falls under "legitimate interest".
Making a complaint is also super difficult. The ICO (UK's privacy regulator) for example insists that you have to first contact the offending company and give them 3 months to reply which is an insane amount of effort and not always possible (what if there's no way to contact the company, or you have to login/create an account first). There should be just a simple form where you send the URL of the offending page and they take it from there.
I know this is what GDPR is but we need a saner US version of it.
We can’t be technology leaders and still pretend it’s the Wild West.