Weak and Lazy

First they came for the socialists, and I did not speak out—
Because I was not a socialist.

Then they came for the trade unionists, and I did not speak out—
Because I was not a trade unionist.

Then they came for the Jews, and I did not speak out—
Because I was not a Jew.

Then they came for me—and there was no one left to speak for me.

First, they came for TikTok…

Like the quote, I don’t care much about TikTok. I don’t use it. Don’t know why anyone would. Most of the video I see from it is inane. That said, teh gubmint types are fretting about the yellow/red menace stealing the data of the hapless.

Really?

Who cares?

And how, exactly would the ChiComs use that info gleaned from “influencers” and their dupes?

You see, they aren’t up in arms about the data being harvested. They are fretting about the ChiComs harvesting it. They can’t be bothered with everyone else and their mother in the US glomming that data.

And what would be the difference to a US Shell corporation for TikTok and a Chinese company. Like that data wouldn’t find it’s way back where it was going to originally.

If these cowards in Congress wanted to do something, why not pass an American version of the Europeans GPDR? Here’s it’s highlights:

What are the requirements of GDPR in a nutshell?
The main requirements of GDPR include:

• Lawful, Fair, and Transparent Processing: Data must be processed lawfully, fairly, and in a transparent manner in relation to the data subject. This means organizations must have a valid legal basis (e.g., consent, contractual necessity, compliance with a legal obligation, vital interests, public task, or legitimate interests) for processing personal data and must clearly inform data subjects about how their data is being used.
• Purpose Limitation: Personal data collected must be for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• Data Minimization: Organizations should only process personal data that is necessary for the purposes for which it is processed. This means limiting the collection of personal data to what is directly relevant and necessary to accomplish a specified purpose.
• Accuracy: Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, considering the purposes for which it is processed, is erased or rectified without delay.
• Storage Limitation: Personal data should be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1), subject to implementation of the appropriate technical and organizational measures required by the GDPR.
• Integrity and Confidentiality (Security): Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
• Accountability: The data controller is responsible for, and must be able to demonstrate, compliance with the other GDPR principles. This includes implementing effective data protection policies, taking a proactive approach to data protection, and maintaining relevant documentation on processing activities.
• Data Subject Rights: GDPR provides data subjects with various rights, including the right to access their personal data, the right to have inaccurate data corrected, the right to have their data erased (the “right to be forgotten”), the right to restrict processing, the right to data portability, and the right to object to processing.
• Consent: When processing is based on consent, the organization must be able to demonstrate that the data subject has consented to processing of their personal data. Consent must be freely given, specific, informed, and unambiguous, with a clear affirmative action by the data subject.
• Data Protection Impact Assessments (DPIAs): Organizations must conduct DPIAs where data processing is likely to result in high risk to the rights and freedoms of individuals, particularly for new projects or technologies.
• Data Protection Officers (DPOs): Organizations that engage in large-scale processing of personal data, or that process certain types of sensitive data, are required to appoint a Data Protection Officer (DPO) to oversee compliance with GDPR.
• Cross-Border Data Transfers: Transfers of personal data outside the EU and EEA are subject to strict conditions. Organizations must ensure that the same level of data protection is afforded to the data when it is transferred internationally.
• Breach Notification: GDPR requires organizations to notify the relevant supervisory authority of a personal data breach without undue delay (and where feasible, within 72 hours) after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

What Is a Summary of GDPR Provisions?
The main provisions of the GDPR focus on protecting individuals’ rights and instituting better data handling practices. Here are the major takeaways from the regulation:

• Definition of personal data: It is defined as pieces of information that, when collected together, can lead to the identification of a person. Typically: names; health, genetic and biometric data; web data such as IP addresses; personal email addresses; political opinions.
• Disclosure requirements: This is typically done via a privacy policy. This legal document should state the ways in which your website or app collects, processes, stores, shares and protects user data, the purposes for doing so and the rights of the users in that regard.
• Consent: If as an organization you process personal data, the GDPR requires you to have a valid reason to do so (called legal basis). If consent is your legal basis, before collecting any personal data, you will have to obtain explicit (clear and affirmative) user consent and keep records of this consent.
• Organizational measures: You must honor user rights and requests, as well as implement organizational measures (assessments, appointing a person responsible for privacy) and keep the data safe when stored.

Wouldn’t be hard to do something like that, in general, and introduce some auditing, reporting, and disclosure for social media.

My point is TikTok is no different than Meta, Google, Microsoft, or any others.

This kind of attention should be paid to all of them.