zlacker

I would love to see a regulation put in place requiring companies to notify their users every time they transfer data about their users to another organization. If the data is "anonymized", the company should have to notify all their users.

If the company has contact info for the user, it should send the user a notification via that contact info. Even if that means having to send a physical letter.

The company should also keep a public record of transfers, something like a page on their website listing when they've transferred data, why it was transferred, and what kind of data was transferred. That would cover anonymous users.

There would need to be something in there covering data transfer as part of what the company's business is. Maybe a list of businesses that access your data as part of the provided services and are covered by the company's terms?

Even better would be to force companies that make money selling your data to share the profits with every person they just sold data on.

>>jerrac+(OP)
GDPR does this. Look at the sections around Subprocessors.

>>jerrac+(OP)
Why would anyone worry about anonymized data? That bit sounds strange. If it’s truly anonymous then how can there be harm in it? E.g would a site telling its owner they had 400 unique users (an anonymous piece of data since it’s an aggregate) have to notify its 400 users they were counted?

>>alkona+mH
> Why would anyone worry about anonymized data?

I guess company wouldn't care, but I'd like to know if statistics that I'm part of is now also owned by someone else. I don't know why but it'll be nice to know.