SB 242: Unintended consequences of California privacy bill

by Larry Magid
This article first appeared in the 5/23/11 edition of the San Jose Mercury News

There’s quite a bit of conflict and confusion over a proposed California bill that would require social networking sites to have users opt in before the site could display any information other than the user’s name and city of residence without the user’s express agreement.

The bill’s author, state Senate Majority Leader Ellen Corbett, D-San Leandro, said in an interview that the proposed law, which also would require websites to explain privacy options in “plain language,” would apply only to information that could lead to identify theft, fraud or endangerment. But a coalition of companies, including Facebook, Google , Yahoo, Twitter, Zynga, eHarmony and Match.com, says the proposed legislation, SB 242, would have all sorts of negative consequences.

In an open letter to Corbett, the companies argue that her bill would result in less privacy because it “would require social networking sites to force users to make decisions about privacy and visibility of all of their information well before they have ever used the service.”

Out of Context

I agree that it’s hard to make privacy decisions out of context. It may sound paternalistic, but I think people need to understand that sharing information about themselves doesn’t necessarily bring them any harm. In fact, there are benefits to be gained by some information sharing — including your name, hometown, schools attended and places of employment — if that information helps unite you with people you want to become acquainted or reacquainted with.

I can understand why Match.com and eHarmony oppose this bill. Their business depends on users sharing enough information to entice strangers to consider dating them. I also agree with the companies’ contention that “contextual” or “just-in-time privacy or visibility controls” make more sense than agreeing to a disclosure before using a service, even if that disclosure is written in plain English.

In our rush to take advantage of these services, many of us often mindlessly click “accept” when asked to grant permission to websites. It’s a lot more useful to get a notice just before you’re about to take an action about possible negative consequences. I’m reminded of a dispute I had with a credit card company that charged me a fee for a cash advance based on a disclosure they sent me when I opened the account years earlier. It would have been more helpful if they informed me right before I applied for the advance.

The companies also say the bill is unconstitutional because it would “interfere with the right to freedom of speech.” I’m not a lawyer and have no idea how a judge might rule, but on the surface, it seems that this is not really a free-speech issue — at least for adult users — unless they can make a convincing argument that having to review and set privacy policies in advance of using the service would have a chilling effect on speech.

Free Speech Issues for Teens

However, there are free-speech issues for teens because the bill gives parents the right to order the removal of personal identifying information about their children who are registered as under 18. Although I support the right and responsibility of parents to supervise their children, I think we need to tread very carefully before passing legislation that could limit teens’ ability to reach out to others.

I also worry about this provision endangering teens with a parent or guardian who is abusive, neglectful or unsupportive of their political or religious views or their sexual orientation. There is also the issue of how the person claiming to be the parent can prove custodial rights. Of course, teens can get around this by lying about their age, but that prevents the companies from providing minors with extra levels of protection, as does Facebook and some other social networking services.

Corbett assured me that this provision is designed to empower parents to take down personally identifiable information, not postings or opinions. But I’m concerned that it could be more broadly construed, especially since the bill’s definition of personal information includes name and location, which can help teens connect with friends.

Another issue is whether it makes sense to regulate the Internet on a state by state basis. It’s hard enough on a national level, but it makes no sense to have 50 different state laws to regulate an industry that transcends state, let alone national borders.

I applaud Corbett’s intentions and hope that her bill gets thoughtful scrutiny. I’m not sure it’s the right bill, but it’s the right time for a conversation about making sure we understand how to control our own information.

Disclosure: Facebook, Yahoo and Google provide financial support to ConnectSafely.org, the nonprofit Internet safety organization where I serve as co-director.

 

Share Button
This entry was posted in Child safety. Bookmark the permalink.

Leave a Reply