Column: Protecting your privacy shouldn’t be this hard. Here’s a better idea

Yahoo, for one, seems to be trying hard to circumvent California's tough privacy law.
Yahoo, for one, seems to be trying hard to circumvent California’s tough privacy law, which requires allowing people to opt out from data sharing.
(AFP/Getty Images)

There’s so much to worry about right now, protecting your privacy shouldn’t be another source of anguish.

Yet privacy — or lack thereof — remains one of the most important issues of our time as multibillion-dollar companies do all they can to gather and exploit user information worldwide.

Heck, it’s such a crucial matter, President Trump has threatened to shut down TikTok in the United States, where it has more than 100 million users, because he says its data collection practices are a threat to national security.


I’ve been stewing on this since being contacted the other day by a West Hills mediator and lawyer named Marty Olinick, who was having difficulty understanding the privacy policies of various companies and how to exercise rights granted under California’s privacy law.

“One site that’s especially ridiculous is Yahoo, where you simply can’t find a way to opt out,” he told me.

Olinick, 76, added: “This should be something that’s very easy to do. But I’m not going to waste a half-hour or more trying to figure it out.”

Again, this guy’s a lawyer, accustomed to documents containing dense prose and jargon. His past gigs have included overseeing deals to license music on behalf of major media companies.

If he’s having difficulties, how hard are things for ordinary civilians who may not have an advanced degree or experience with the minutiae of content management?

“I think companies are deliberately making it as hard as possible,” Olinick said.

I don’t disagree. But I figured I’d better take a closer look at Yahoo’s privacy practices to see what set him off.

Yahoo, in case you don’t know, is now a subsidiary of Verizon Communications. Verizon purchased the long-ago search leader in 2017 and made it part of a division called Oath, which was renamed Verizon Media last year.

Verizon Media is also home to AOL, HuffPost, TechCrunch, Engadget and other digital brands Verizon has scooped up over the years.


The Yahoo privacy policy includes the usual corporate pledges to respect and safeguard users’ privacy. “Yahoo is committed to gaining your trust,” it says.

The company has a funny way of showing that.

For example, Yahoo users have access to a “privacy dashboard” that ostensibly allows you to manage your preferences. If there’s a direct link to the privacy dashboard from the company’s privacy policy, it wasn’t readily apparent to me.

Worse, the policy doesn’t necessarily apply to all businesses controlled by Yahoo or Verizon. To see if they have different privacy policies, you’re invited to click a link to affiliated companies.

When I did so, several times, I arrived at a page that said “UCMPRDAPP01333016712.” And that’s all it said.

There’s a link to “marketing preferences,” but this takes you to a page asking if you’re “sure you want to unsubscribe from all marketing communications and special offers from Yahoo.”

Does that constitute an opt-out from data sharing? Does it unsubscribe you as well from pitches by Yahoo’s marketing partners? Unclear.

Things get even more frustrating if you go the trouble of rooting around for the privacy dashboard and find a link to “Do Not Sell My Info,” which one could reasonably expect will prevent Yahoo from selling your info.



It takes you to a page asserting that “Verizon Media does not sell information that identifies you on its own, like your name or email address.” In the next breath, though, it says that “we do share other identifiers with partners for product, service and advertising reasons.”

The disclosure goes on to admit that “under the California Consumer Privacy Act, some of this sharing activity may be considered a ‘sale’ that you have a right to opt out of.”

So Yahoo/Verizon says it will never, ever sell your information to others, except it may “share” it for “advertising reasons,” and this sharing in fact may constitute a sale under the law.

You could get whiplash trying to parse a sentiment like that.

The California Consumer Privacy Act was intended to mitigate companies’ attempts to strip people of privacy. Among other things, it ensures the right to find out what a company knows about you and how it uses this information.

The law, which took effect at the beginning of the year, also gives people the right to request that a business delete whatever personal information it holds and to opt out of having data sold to third parties.

Yahoo clouds this process by not offering a distinct means to opt out. Instead, users are given the choice to pick whether they “agree” or “disagree” with the statement “continue sharing under California law.”


Presumably clicking “disagree” is opting out, but Yahoo/Verizon makes that ambiguous. Nor does it notify you after clicking “disagree” (which I had to do twice) that you have opted out of data sharing.

I relayed Olinick’s experience and my own findings to Verizon.

A spokeswoman for the company, asking to be identified only as “a Verizon Media spokesperson,” responded to most of the points, but only on background, which means I can’t share what she said with you.

She didn’t seem to appreciate the irony of insisting on her own privacy while addressing my privacy questions.

On the record, the Verizon Media spokesperson said that “privacy and trust are core values” for the company.

“We continue to build a privacy-oriented ecosystem and are reimagining the consumer experience, empowering users with transparency and control over how and when their data is used,” she said.

California has the nation’s toughest privacy law and things are still troublesome. This is unacceptable in a world that increasingly turns on digital transactions.


What’s needed is a national privacy law similar to sweeping protections enacted a couple of years ago in Europe.

Among other provisions, Europe’s General Data Protection Regulation requires that companies receive permission upfront before using or sharing people’s personal info. And that consent must be easy to withdraw if a consumer so desires.

In the United States, the default setting is that companies can collect, use and share people’s information without prior approval.

Here’s what makes that ludicrous: It’s your information. In most cases, a company is simply taking it without your explicit permission and doing as it pleases until you jump through hoops to get it to stop.

Tech companies, telecom companies, retailers, financial firms — they all do it. For big dogs like Google and Facebook, this is practically their whole business.

They make it seem like they’re giving away cool stuff for free. In reality, they’re vacuuming up as much user data as possible and exploiting it for moneymaking schemes such as targeted advertising.

Tell me again, Mr. President, why I should be freaked about TikTok.

If we’re not willing to enact strict European-style privacy laws, at the very least we can make the opt-out process much, much easier.

I propose a one-stop shop for opt-outs similar to the do-not-call list maintained by the Federal Trade Commission.

A national opt-out list would allow people to easily state their privacy preferences on a one-time basis, rather than being forced to potentially contact thousands of companies individually.


It would then be up to U.S. businesses to make sure their sites reflect users’ data collection wishes, just as telemarketers are required by law to make sure their records jibe with the federal do-not-call list.

And before companies whine that this would be too costly and time-consuming, I’ll reiterate: It’s not your information. If you can’t respect the true owners’ wishes, stay away from it.

California has taken bold steps to protect people, but Olinick’s difficulties with Yahoo underline how imperfect even these measures are.

Our national politicians have proved themselves distinctly useless when it comes to keeping the American people safe from a deadly pandemic.

It doesn’t seem like too much to ask that they at least spell out, and implement, privacy practices that put people, not corporations, first.