Draft Of Privacy Bill Introduced... And Pretty Much Everyone Hates It
from the is-that-a-good-sign? dept
Covered information (information that sites can collect, but users will have the right to "opt-out" if they don't like it) includes:
- The first name or initial and last name.
- A postal address.
- A telephone or fax number.
- An email address.
- Unique biometric data, including a fingerprint or retina scan.
- A Social Security number, tax identification number, passport number, driver's license number, or any other government-issued identification number.
- A Financial account number, or credit or debit card number, and any required security code, access code, or password that is necessary to permit access to an individual's financial account.
- Any unique persistent identifier, such as a customer number, unique pseudonym or user alias, Internet Protocol address, or other unique identifier, where such identifier is used to collect, store, or identify information about a specific individual or a computer, device, or software application owned or used by a particular user or that is otherwise associated with a particular user.
- A preference profile.
- Any other information that is collected, stored, used, or disclosed in connection with any covered information described in subparagraphs (A) through (I).
- medical records, including medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
- race or ethnicity;
- religious beliefs;
- sexual orientation;
- financial records and other financial information associated with a financial account, including balances and other financial information; or
- precise geolocation information.
Perhaps I'm missing something, but this seems like the kind of bill that's designed to say "hey, look, privacy law!" but that doesn't really do anything to protect people's privacy. I could see it causing a lot of trouble for sites, though, for no good reason. For example, saying that IP address information can be "opt-out" could create a massive hassle for pretty much any site that keeps log files. Imagine the fun someone could cause by visiting sites and then demanding the site remove his or her IP address from their logs. I understand the general thinking behind this, but I just don't see it doing anything good, while I could see all sorts of unintended consequences from it.