I’m thinking something along the lines of the GDPR where companies must get consent to track you, and must delete your data upon request.
I see a few arguments here:
- yes, websites are like stores and have the obligations of a store to protect user data (IP address, HTTP headers, etc)
- no because the internet is “the commons,” so no expectation of privacy (no expectation that the website follows your local laws)
- no because you’re voluntarily providing the data, but you’re well within your rights to block tracking attempts
So, some questions to spark discussion:
- does data collection violate the NAP?
- does sale of personal data (without a TOS in place) violate the NAP?
- if no to each of the above, is it worth violating the NAP to enforce a right to digital privacy?
So perhaps any for-profit entity? Businesses generally have to provide some level of confidentiality when accepting user data (varies by industry), so it sounds like maybe you’d just extend that to online entities?
How far would go you? Can you waive your copyright to posts with one of those “you agree to these terms by continuing to use the site” notices? Or would there need to be a more explicit contract?
I want to include more than just for-profit entities for example any of the government agencies.
Also I think it makes sense to limit the amount of power an entity can acquire through “online contracts” (EULA, cookie preferences, click to agree to terms of service, etc) especially since those are often ignored or blindly accepted by many people.