Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
mikece 8 hours ago

How about this as a privacy law: if you collect data about people without their EXPLICIT permission[1] you can be charged with digital stalking. Same principle as stalking; escalating penalties for repeat offenses and for doing so in bulk or en masse.

EDIT: And you cannot share information gained by permitted collection unless EXPLICIT permission to share is granted.

[1] Eg: it's not sufficient to disclose this in equivocal text buried in 25k lines of EULA text.

kragen 4 hours ago | parent | next [-]

Your proposed law would mostly be used against people who were publicizing the criminal record of the mayor's nominee for police chief or the ruling party's nominee for mayor.

Aloisius 3 hours ago | parent | prev [-]

What constitutes data about people?

If I save your comment, am I a digital stalker? Is Google a digital stalker because they archived this page? Is HN a digital stalker because they didn't get your explicit permission to show a profile page with your karma on it?

imiric 3 hours ago | parent [-]

You're being deceptively dense.

PII has a very clear definition. Posts on a public forum are not part of it.

mpyne 2 hours ago | parent [-]

> PII has a very clear definition.

It doesn't, actually, as many would-be DoD IT system owners are surprised to find that simply generating a 32-bit random UUID as a user ID is, per the regs, PII, and therefore makes your proposed IT system IL4 with a Privacy Overlay (and a requirement to go into GovCloud with a cloud access point) instead of IL2 and hostable on a public cloud.

Oh and now you need to file a System of Records Notice into the Federal Register (which is updated only by DoD, and only infrequently) before you can accept production workloads.

There is a separate concept of "sensitive PII" (now Moderate or High Confidentiality impact under NIST 800-122) which replaces what people used to call the "Rolodex Business Exemption" to PII/privacy rules.

But PII is very clear: "Personally Identifiable Information". Any information that identifies a specific individual, like for example, your HN username. Unless a collective is posting on your handle's behalf?