This is a proposed law that make privacy simple. Web browsers have a setting called “do not track”. Simply put it would be the law that anyone with this setting enabled would automatically not be tracked:
“No third-party tracking by default.”
“No first-party tracking outside what the user expects.”
Some things I like and dislike about it. Like you said @Free, it doesn’t rely on warning boxes. Great thinking there.
A couple of areas still need work. I don’t understand the section where they give the states permission to enforce the law. Do they understand how the Constitution works? States don’t need permission to innovate new laws. Look at marijuana legalization and the Wyoming Blockchain Coalition. Better to work with states instead of going straight to the belly of the beast.
You also have a potential loophole in the definition of “party:”
“Party” means a User, an Organization, or a group of legal entities that share common ownership and control, operate as an integrated enterprise, and have a group identity that is easily discoverable by a User. Common branding or publishing a list of affiliates that is readily available online via a prominent link from a Resource where a party describes its DNT practices are deemed easily discoverable.
Does this mean that you can just create a phony umbrella group that’s your company + all your scummy partners and throw up a website to promote them to first parties? Now it’s not Google tracking you but “The Google Data Excellence Project.” or some other B.S. Boom, done, track away.
I have to second this. A simple solution to a complex problem is never going to work. You also have to now define what is expected by the user. Given that some users expect to be abused by everything they touch online, while others have no idea what is happening to their data… is that really the right language?