California's Reader Privacy Act - losing the balance between protection and costs


Image001

original from RWW http://www.readwriteweb.com/enterprise/2011/10/california-gets-reader-privacy.php

California's Reader Privacy Act has been signed into law by Governor Jerry Brown. The bill was authored by California State Senator Leland Yee, and sponsored by the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU). The act will become law in 2012, and provides similar privacy protections to those that are enjoyed by library patrons.

That's good news for California residents and businesses, but it's still not enough. The law, which will take effect on January 1, 2012 only applies to books and eBooks. It means that government or third parties won't be able to demand access to reading records, without proper justification and transparency about how the records are disclosed.

The fact sheet from the EFF and ACLU (PDF) notes that government entities must obtain a court order and give the book seller or provider the opportunity to contest the request. Civil actions have to show "compelling interest" and prove that they're using the "least intrusive means" for accessing records. Readers, of course, have the right to consent to disclosure even if those conditions don't apply.

Business Impact

The act is dependent on the location of the reader, not the book service. According to the ACLU, if a user is outside California then they provisions shouldn't apply. But a business not based in California may be bound by the provisions when doing business with California residents.

Businesses are required to prepare a report if they surpass 30 requests for information. Valerie Small Navarro, an ACLU senior legislative advocate, says that it shouldn't be triggered under normal business operations for mom and pop bookstores. However, it could be that businesses like Amazon or Barnes & Noble will need to compile reports.

But the cost of compiling reports is less than being harassed by state, local and federal government. Small Navarro pointed to efforts in North Carolina to demand customer data from Amazon. The North Carolina Department of Revenue (NCDOR) sought to compel Amazon to reveal the identities of "hundreds of thousands" of users in North Carolina who'd purchased "30 million lawful expressive works" from Amazon over a six and a half year period.

But the first trigger for this kind of legislation does come from small business. A case in Colorado which pitted the city of Thornton, CO against Tattered Cover where the police were seeking customer records.

Not Far Enough

As Small Navarro says, this is "exciting" legislation that takes a step towards improving privacy for users. This is good, but doesn't really go far enough. First off, it only applies for the state of California. Being Missouri-based, I'd like a little of those protections myself.

It's also superseded by the Patriot Act, which means that California police may not be able to easily grab your Kindle history – but there's not a corresponding protection against the feds, even for users in California.

Finally, it only applies to books and ebooks. It does nothing for materials outside that realm, which still leaves users subject to all manner of requests about online history or cell phone tracking (for example). The EFF is petitioning Internet companies to "stand with their users and be transparent in their practices."

It's a positive step, but only a short one. I hope we'll see a day when users have guaranteed privacy protections and businesses have protections against costly discovery efforts that pit them against their users.

Comment - are we in danger in the dash to protect what has already bolted that we will end up with the animals running the zoo.