[gpl_list] HB 2866

TANNER Joshua * DAS Joshua.TANNER at oregon.gov
Tue Mar 26 08:01:44 PDT 2019 

I agree with Rachel and believe the Bill would have plenty of support.

Looking at the Bill objectively, I wonder if there may be potential issues and if there is anything that could be done to mitigate them.

Much like the EU's GDPR<https://gdpr-info.eu/>, California's CCPA<https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375> is a privacy law applied to the State of California.  It provides protections much like Oregon's HB 2866 for data tracking and sharing transparency and allows for the ability to 'opt-out' for the sale of personal information.  The CCPA sets thresholds for compliance such as earning $25,000,000 or more a year in revenue, or deriving 50% or more of its' annual revenue from selling consumer personal information.

My read of HB 2866 is that it does not set compliance thresholds.  Is there an unfair onus put on smaller companies to comply to reporting demands (limit of once per 12 months)?  Needing to comply to reporting means having a secure process in place to consolidate and deliver sensitive data to the requesting user.  Is this process itself a potential attack vector for malicious intent to steal sensitive information?

I agree with Cy that these laws are intended to set precedent at state legislatures to ultimately move towards federal legislation.  However, the balkanization of legal requirements where privacy certain laws are applied to different states presents a problem.  With HB 2866 having no compliance threshold, this could again put unfair overhead on smaller companies who would need to track the resident state of each user and understand the laws that apply to that state.

-josh

=============================
Joshua Tanner, GISP, MGIST
GIS Analyst / Web Administrator
Geospatial Enterprise Office
635 Capitol St NE # 150
Salem, OR 97301
503-378-2781
gis.oregon.gov
=============================
Data Classification: Level 1 - Published

From: gpl_list [mailto:gpl_list-bounces at listsmart.osl.state.or.us] On Behalf Of Smith, Rachel via gpl_list
Sent: Friday, March 22, 2019 5:44 PM
To: SMITH Cy * DAS <Cy.SMITH at oregon.gov>; 'pac at listsmart.osl.state.or.us' <pac at listsmart.osl.state.or.us>; (gpl_list at listsmart.osl.state.or.us) <gpl_list at listsmart.osl.state.or.us>
Subject: Re: [gpl_list] HB 2866

I do think that it could potentially affect companies like Waze or Google when collecting information from personal electronic devices.  I think the intention of the bill is to address privacy issues related to companies like Facebook and Google who are collecting personal information and selling it to others.

>From a practical perspective, I think that if the Bill passes, Google and Facebook (and others) will likely have another lengthy notice that many people click "ok," so that they can use the app, without ever reading the fine print. It doesn't prevent them from collecting the data.  It says that they must be transparent about what they are collecting and what they are doing with it, while also requiring individual consent. From the companies' perspective, being able to report out everything they've collected about a single individual and who they've shared it with, etc...is perhaps a big hurdle. ? But that is a guess. ?  I don't know the ins and outs of their data processing.

Note:  Public bodies and law enforcement are exempt. Section 1. (1)(d)(B)

I think there is good intent behind this Bill and it will likely have a lot of support.

Rachel


[cid:image001.jpg at 01D4E3A4.6215E210]

Rachel L. Smith
Information Resources Coordinator
Direct: 503-934-0295 | Cell: 503-881-0433
rachel.smith at state.or.us<mailto:rachel.smith at state.or.us> | www.oregon.gov/LCD<http://www.oregon.gov/LCD>





From: gpl_list [mailto:gpl_list-bounces at listsmart.osl.state.or.us] On Behalf Of SMITH Cy * DAS via gpl_list
Sent: Friday, March 22, 2019 10:09 AM
To: 'pac at listsmart.osl.state.or.us' <pac at listsmart.osl.state.or.us<mailto:pac at listsmart.osl.state.or.us>>; gpl_list at listsmart.osl.state.or.us<mailto:gpl_list at listsmart.osl.state.or.us>
Subject: [gpl_list] HB 2866

Hi folks, I was made aware recently of HB 2866<https://olis.leg.state.or.us/liz/2019R1/Measures/Overview/HB2866>.  My take on this bill is that it would disrupt useful services, like Waze, that rely on geolocation data collected continuously from thousands of devices across the state to provide aggregated information...traffic congestion in the case of Waze.  I believe the intention of this bill is to reduce or eliminate direct advertising in real time to devices, but I think the authors have overreached.  The ACLU has tried in the last two Congresses to pass similar legislation without success.  It appears they are now trying to set a precedent in state legislatures, probably to take another run at national legislation.  Thoughts?

cy

Cy Smith, GISP, State GIO
OSCIO Geospatial Enterprise Office
Member, FGDC National Geospatial Advisory Committee
Former Chair, Coalition of Geospatial Organizations (COGO)
Former President, Urban Regional Info. Systems Association (URISA)
Former President, National States Geographic Info. Council (NSGIC)
(503) 378-6066, http://gis.oregon.gov<http://gis.oregon.gov/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/gpl_list/attachments/20190326/796114c7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2001 bytes
Desc: image001.jpg
URL: <https://omls.oregon.gov/pipermail/gpl_list/attachments/20190326/796114c7/attachment.jpg>

More information about the gpl_list mailing list