Comment by mindslight
1 day ago
The straightforward broad brush fix is a US port of the GDPR. Make mass surveillance commercially unlucrative, and most of the data currently available to the government won't be collected in the first place. Furthermore, it's a basic line in the sand that gives individuals an idea that privacy is an actionable right, not just something to powerlessly complain about.
That this culture shift would need time to trickle down into positive bans on surveillance performed by the government (eg Flock), or requiring audit trails for government use of commercial data that still gets collected, shows how far we're behind.
(I use the word "port" to indicate that we need to avoid letting lobbyists stuff it full of loopholes and regulatory capture the way everything else is. Heck I think we could do worse than copying the text verbatim and letting the courts sort it out)
Yeah. I really like the main idea behind GDPR, which is that data containing PII is the property of the person it describes, not of the companies that process the data to provide services.
This means that I, as the owner of my data, can refuse to provide it for some use cases, request its deletion, etc. It’s my data after all.