What price privacy?

I’m all for privacy rights. I’m all for sites having a privacy policy. But the new California Online Privacy Protection Act of 2003 is a really, really bad idea.

Why? Because no one seems to have even considered any of the negative consequences, or what a slippery slope we start down when we start letting states regulate internet commerce.

In short, this California law, which goes into effect July 1, requires any web site owners, regardless of their location, to have a conspicuously posted privacy policy that meets certain requirements, if they collect any personal data from residents of California.

This is just dumbfounding to me. The policy requirements are reasonable enough, I suppose, but it will take me, a pretty technically and legally savvy person, a good four hours to have read and reviewed the requirements and implement them. Figure the typical web site owner will have to spend at least that. Multiply that by a few hundred thousand websites, and California has just cost small entrepreneurs across the country tens of millions of dollars in either lost productivity or real expense to outsource the compliance.

Now, here’s where we start to slide down that slippery slope: New York, New Jersey, and several other states have similar (but not identical) laws under consideration. Now imagine multiplying that few hours by 10 or 20 or 50 states that pass such legislation. The cost to web site operators could be in the billions. To the big sites, it’s a drop in the bucket, and most of them already have compliant policies in place. It’s the individual owner/operators who are just trying to build a simple mailing list who will be the hardest hit. The cost of doing business on the web has just jumped an order of magnitude for small sites.

Most astonishing to me is that there has been almost no coverage of this topic, and no critical dialog. A search on Google turns up about 170 entries. For a legal precedent of this magnitude, affecting hundreds of thousands of site owners and millions of users, that’s frightening. And the only objection to the law so far seems to have been from the financial sites who have been selling this information and the direct marketing companies who’ve been buying it.

I love my friends and customers in Caliornia, but tell your legislature to go mind their own business and quit playing internet cop. This needs to be a federal or, better yet, international matter. It’s like one beach trying to tell the ocean what to do. I’ll put this site in compliance, but it’s under protest, not because I oppose privacy, but because I oppose state-level regulation of the internet. This is a dangerous precedent.

For more details on the law, its history, and a look at the pros and cons, see my California Online Privacy Protection Act of 2003 Issue Page at About.com.