You don't keep server logs? Cool and all, but it sounds like you'll have a hard time debugging if something ever goes wonky.
Don't log sensitive data. You don't need that for debugging.
The GDPR and such define PII so broadly that more or less everything in web server logs is included in the definition.
Not sensitive PII, but still PII that the individual has rights and interests over.
That is more or less on purpose, and they do have a point.
Rogue debugging on the other hand is not what they are worried about vs using the data in web logs for targeting, profiling, etc.
If you could sell your web logs, would you? Vs how much would someone pay reddit or github for theirs? And would you be ok with that if your browse history was in there?
However, Prop 65 is much broader than that. To qualify, a chemical just needs to show up on one of maybe half a dozen lists that show the chemical has some association w/ cancer, but all these show is that in some study, at some quantity, the association existed. The amount that was linked to cancer could be far beyond what is ever present in a consumer good, and the links could have only been shown in non-humans.
The lists aren't the ones gov't agencies like the FDA use to regulate product safety, they're lists far upstream of that that research institutions use to inform further study. The typical starting point is a mouse study with a huge dosage. It's not a useless study, but it's not meant to inform what a human should/should not consume, it's just the start of an investigation.
I don't think this actually has any bearing on the substance of the broader argument, but Prop 65 is not the best example.
industry coluded to make it seems useless and industry spoon fed you the narrative you repeated. the list is very informative and meant to force the "invisible hand of the market" (its a pun, relax) to pay for better studies if they truly believe it is not harmful but studies are inconclusive. industry just decided to band and spend on making the signs useless.
To make sure I understand right: you're saying a good way to run things is: publish a list of a bunch of things that could be true or false, and then if industry cares enough, they should spend time/money debunking it?
I think that would be an extremely slow/conservative way to run just about anything, and is not the way we handle basically any claim. I can see an argument for "don't do something until you prove it's safe", useful in some very high-risk situations, but "warn that all kinds of commonplace things could cause cancer until somebody proves it doesn't" is misleading, not just conservative.
And it doesn't even work -- lots of places have spent time/money debunking e.g. negative claims about aspartame, but claims about how unsafe it is persist. And it all comes back to dosage. There is no good evidence that aspartame, at the levels found in a normal soda, cause any issues for humans, but this gets drowned out by studies either showing effects from massive doses on rodents, or indirect effects (e.g. it makes you hungrier, so if you eat more refined sugar as a result of that hunger, then yes it's bad for you, just like more refined sugar is almost always bad for you).
go for first hand experiences. you are still repeating others you don't know (and have been told told are authorities)
9283409232•9mo ago
> You know what would be better than a privacy policy? A privacy law.
I agree but I wouldn't call privacy policies transparent. They are made of vague legal speak like "we may or may not share your information with advertisers and partners." There are good arguments in here but they are framed against the wrong target.
idle_zealot•9mo ago
9283409232•9mo ago
yxhuvud•9mo ago