EDIT:
Also, "Why does this shopping website require me to re-input the shipping address every time I want to buy something? Why can't it remember it like every website used to?"
Actually its fine if you make the user explicitly give you permission to store it for them. If they 'opt in' then its all good, and if they don't well they will have to re-enter it every time they order but they will be ok with that.
It would be interesting to put some teeth in the "no sharing" rules about collected private information.
In general one is allowed to store data for a limited time for specific purposes. A delivery address, for instance, is vital to deliver a package to.
You could probably even keep a names and addresses database so long as it was something you needed to keep in order to conduct business with the customer.
Routine data mining, asking for irrelevant info, selling it on to third parties, not so much.
Maybe it's just me, but these rules are contradictory. The sentences seem explicitly designed to make that so.
For instance, your email address and birthday, for, say, amazon.com, could easily be argued to "need to be kept in order to conduct business". After all, your email ... amazon spams it ... that's certainly part of the business they conduct (and frankly, they'd be more expensive if they didn't do that, so there's easy arguments that it'd be harder to do business if they didn't). Your birthday ... same. They spam you harder on your birthday ... also part of their business.
Laws like this won't protect anything. The simple fact is you can't have easy to use sites like google, facebook, amazon and the many millions of easy webshops and have protection of private data, it just wouldn't work as well. Since people prove time and time again that they want the webshops and "private" chats far more than they want privacy, there is no way to win this fight. Everything is decided already (and already today kids don't have anywhere near the expectation of privacy that adults have, this will get worse), there's just a few decades of denial remaining.
Take the single account (real name policy) on facebook. We all know that's the reason facebook comments don't work like youtube comments do. That's why not every second post on facebook is about hitler. That's why it's easy to find people on facebook. And so on. You can't drop it and expect the same functionality, and people have proven with their feet (/mouse) that they want the functionality more than they want multi-name policy.
>> that's certainly part of the business they conduct (and frankly, they'd be more expensive if they didn't do that, so there's easy arguments that it'd be harder to do business if they didn't). Your birthday ... same. They spam you harder on your birthday ... also part of their business.
Perhaps then I should have said to conduct transactions.
There is a substantive difference between holding information enough to allow people to buy stuff from you, and holding it to advertise, which usually requires extra permissions.
>> Laws like this won't protect anything.
This is too early to say. They may well protect lots of things, and they certainly can (for instance) be used as a place to start attacking ubiquitous tracking and tracing from.
>> The simple fact is you can't have easy to use sites like google, facebook, amazon and the many millions of easy webshops and have protection of private data, it just wouldn't work as well.
Then perhaps that's OK, because some things are actually more important than commerce. This stuff might have to be hard to get right.
Except that the law doesn't say "Whatever the company claims is needed for their business". There are courts and judges who decide if a particular bit of information is actually necessary.
> EDIT: Also, "Why does this shopping website require me to re-input the shipping address every time I want to buy something? Why can't it remember it like every website used to?"
The option to not have my mailing address stored is a feature not a bug to me (and I guess other people that move regularly).
EDIT indeed many smaller shopping websites in the UK don't even attempt to store this sort of data -- presumably because they don't think that they can definitely comply with data protection laws.
"I haven't received my package!"
"Well, we sent it 2 weeks ago"
"What address did you send it to?"
"Don't know"
EDIT: Also, "Why does this shopping website require me to re-input the shipping address every time I want to buy something? Why can't it remember it like every website used to?"