Comment by kibwen

Comment by kibwen 8 hours ago

20 replies

View on Hacker News

The fact that my data can be stolen in the first place is already outrageous, because I neither consented to allowing these companies to have my data, nor benefit from them having my data.

It's like if you go to an AirBNB and the owner sneaks in at night and takes photos of you sleeping naked and keeps those photos in a folder on his bookshelf. Would you be okay with that? If you're not directly harmed, what liability would they have?

Personal data should be radioactive. Any company retaining it better have a damn good reason, and if not then their company should be burned to the ground and the owners clapped in irons. And before anyone asks, "personalized advertisements" is not a good reason.

ryandrake 8 hours ago

That's the big problem with relying on tort law to curb this kind of bad corporate behavior: The plaintiff has to show actual injury or harm. This kind of bad behavior should be criminal, and the state should be going after companies.

Reply View 0 replies
lesuorac 8 hours ago

I don't think thats a proper parallel.

I think a better example would be You (AirBnB Host) rent a house to Person and Person loses the house key. Later on (perhaps many years later), You are robbed. Does Person have liability for the robbery?

Of course it also gets really muddy because you'll have renting the house out for those years and during that time many people will have lost keys. So does liability get divided? Is it the most recent lost key?

Personally, I think it should just be some statutory damages of probably a very small amount per piece of data.

Reply View 5 replies
  • pixl97 8 hours ago

    The particular problem comes in because the amount of data lost tends to be massive when these breaches occur.

    It's kind of like the idea of robbing a minute from someone's life. It's not every much to an individual, but across large populations it's a massive theft.

    Reply View 1 reply
    • lesuorac 7 hours ago

      Sure and if you pay a statutory fine times 10 million then it becomes a big deal and therefore companies would be incentivized to protect it better the larger they get.

      Right now they probably get some near free rate to offer you credit monitoring and dgaf.

      Reply View 0 replies
  • 8note 7 hours ago

    This version loses multiple parts of things that are important

    1. I have no control over what was stored 2. I have no control over where the storage is

    The liability in this case is the homeowner/host, as you should have and had full ability to change out the locks.

    To make it more similar, I think you'd need one of the guests to have taken some amount of art off the wall, and brought it to a storage unit, and then the art later was stolen from the storage unit, and you don't have access to the storage unit.

    It's not as good as the naked pictures example because what's been taken is copies of something sensitive, not the whole thing

    Reply View 0 replies
  • polygamous_bat 7 hours ago

    > I think a better example would be You (AirBnB Host) rent a house to Person and Person loses the house key.

    This is not a direct analogue, a closer analogy would be when the guest creates a copy of the key (why?) without my direct consent (signing a 2138 page "user agreement" doesn't count) and at some later point when I am no longer renting to them, loses the key.

    Reply View 1 reply
    • lesuorac 7 hours ago

      I'm still much more interested in the answer to who is liable for the robbery.

      Just the Robber? Or are any of the key-copiers (instead of losers w/e) also?

      Reply View 0 replies
JumpCrisscross 8 hours ago

> before anyone asks, "personalized advertisements" is not a good reason

The good reason is growth. Our AI sector is based on, in large part, the fruits of these data. Maybe it's all baloney, I don't know. But those are jobs, investment and taxes that e.g. Europe has skipped out on that America and China are capitalising on.

My point, by the way, isn't pro surveillance. I enjoy my privacy. But blanket labelling personal data as radioactive doesn't seem to have any benefit to it outside emotional comfort. Instead, we need to do a better job of specifying which data are harmful to accumulate and why. SSNs are obviously not an issue. Data that can be used to target e.g. election misinformation are.

Reply View 3 replies
  • thfuran 5 hours ago

    So you're saying it's all vastly valuable and that's why it is right that it is taken without consent or compensation?

    Reply View 1 reply
    • JumpCrisscross 3 hours ago

      > it's all vastly valuable and that's why it is right that it is taken without consent or compensation?

      No, I'm saying it's a common with a benefit to utilisation. A lot of discussions around data involve zealouts on both sides. (One claiming it's the god-given right to harvest everyone's personal information. The other acting like it's the crime of the century for their email address to be leaked.)

      Reply View 0 replies
pc86 8 hours ago

I mean it's pretty clear that you are directly harmed if someone takes naked photos of you without your knowledge or consent and then keeps them. It's not a good analogy so if we want to convince people like the GP of the points you're making, you need to make a good case because that is not how the law is currently structured. "I don't like ads" is not a good reason, and comments like this that are seething with rage and hyperbole don't convince anyone of anything.

Reply View 6 replies
  • drawkward 8 hours ago

    What is the harm? It is not obvious to me, if the victim is unaware...unless you are alleging simply that there is some ill-defined right to privacy. But if that is so, why does it apply to my crotch and not my personal data?

    Reply View 3 replies
    • simoncion 7 hours ago

      These are exactly my questions. If I never, ever know about those pictures and never, ever have my life affected by those pictures, what is the actual harm to me?

      If the answer to them ends up being "Well, it's illegal to take non-consensual nudie pictures.", then my follow-up question is "So, why isn't the failure to protect my personal information also illegal?".

      To be perfectly clear, I do believe that the scenario kibwen describes SHOULD be illegal. But I ALSO believe that it should be SUPER illegal for a company to fail to secure data that it has on me. Regardless of whether they are retaining that information because there is literally no way they could provide me with the service I'm paying them for without it, or if they're only retaining that information in the hopes of making a few pennies off of it by selling it to data brokers or whoever, they should have a VERY SERIOUS legal obligation to keep that information safe and secure.

      Reply View 2 replies
      • lcnPylGDnU4H9OF 7 hours ago

        > to fail to secure data that it has on me

        Just want to point out that the company is usually also doing what it can to get other information about you without your consent based on other information it has about you. It's a lot closer to the "taking non-consensual nudie pictures" than "fail to secure data" makes it sound.

        Reply View 0 replies
  • JumpCrisscross 8 hours ago

    > it's pretty clear that you are directly harmed if someone takes naked photos of you without your knowledge or consent and then keeps them

    Sure. In those cases, there are damages and that creates liability. I'm not sure what damages I've ever faced from any leak of e.g. my SSN.

    Reply View 1 reply
    • pixl97 7 hours ago

      I mean most people won't until that day they find out theirs a house in Idaho under their name (and yes I've seen just this happen).

      The problem here is because of all these little data leaks you as an individual now bear a cost ensuring that others out there are not using your identity and if it happens you have to clean up the mess by pleading it wasn't you in the first place.

      Reply View 0 replies
ranger_danger 7 hours ago

>I neither consented to allowing these companies to have my data, nor benefit from them having my data.

I think both of those are debatable.

Reply View 1 reply