Re: [projectvrm] on privacy policies and ecosystems

[Don Marti < >]

begin JB Clark quotation of Thu, Oct 08, 2015 at 02:11:20PM -0700:
> On Thu, Oct 8, 2015 at 10:24 AM, John Wunderlich 
> <
 >
>  wrote:
> 
> > As many others have said, privacy policies serve the same role as product
> > warranties. They shield the vendor from risk. That will continue to be the
> > case, and thinking otherwise is wishful thinking. Lawyers, litigation and
> > regulation mean that companies have a fiduciary responsibility to manage
> > their risks.
> >
> 
> *John, there's a significant difference.  In sales of goods, for over a
> century, commercial law in most Western legal systems sets some minimum
> liability for all sellers of products, that no clever lawyer disclaimer or
> 'limited warranty' can remove.  *
> 
> *This rule grew up from attempts to avoid liability that were so outrageous
> -- "hey, we posted a disclaimer, so it's not our problem our widget blew
> off your fingers" -- that lawmakers were moved to create a minimum floor of
> responsibility.  *
> 
> *In software and virtual goods, and in privacy, there is no floor of
> minimal protection in US law.  Ensuring this was a very deliberate move by
> software companies, as uniform commercial laws were being updated around
> 1999.  (Not true in some other countries. The Germans, for example, blinked
> at those arguments and replied, nope, doesn't matter, sale or "license",
> there are minimum liabilities.) *
> 
> *Politically, you could say that we have no minimum protection for privacy
> and software in US law, because we haven't hit the "outrageous" threshold
> yet.  As may be apparent, European sensibilities about this are different
> than the commerce-uber-alles US model.  *
> 
> When I buy an ice cream cone at the local store, I
> > don't have to read a fine print "hand washing before
> > touching food policy" and "standing in line policy"
> > and "counting your change to give you the correct
> > amount policy."  I expect a person working in that
> > business to comply with the norms of the location
> > where they operate.
> >  Offline I can tell what norms a business complies
> > with based on its location, language spoken, and
> > other cues.  Online I should be able to count on
> > whatever tool works "my end" of the network connection
> > to enforce my norms.
> >
> 
> *Don, not sure I see the analogy.  The FDA and state health dep't do not
> rely on consumer-supplied self-policing, for those wash-your-hands norms.
> The gov't actively regulates, tests and sometimes closes restaurants.   *

Some of the health department rules seem silly, but
most of what a state health department in the USA
has to enforce is either (1) scientifically based,
like rules on food storage temperatures to retard
bacteria growth or (2) based on the typical restaurant
customer's sense of being grossed out by culturally
inappropriate food handling practices.

We have a common set of rules about what constitutes
"gross" when handling food, and that's why the health
department works. Trying to legislate from the top
down without shared food handling norms to start with
would be a mistake.

In the CAN-SPAM situation, a top-down legislative
process took place _before_ Congresspeople had a
common-sense understanding of what kinds of commercial
email are over the line, and that law-before-norms
approach got the USA to the wrong answer -- a
spam regime that imposes compliance costs on legit
mailers without providing any disincentive for actual
spammers.

> *What "tool on my end" would supply the missing privacy norms measurement,
> in the case of a consumer evaluating online business transactions?   *
> 
> *cordially, Jamie*
> *@JamieXML*

-- 
Don Marti 
<
 >
                   
http://zgp.org/~dmarti/
Are you safe from 3rd-party web tracking?  http://www.aloodo.org/test/