VISITOR_INFO1_LIVE, VISITOR_INFO1_LIVE__k, VISITOR_INFO1_LIVE__default, YSC, YEC, _Secure-YEC, PREF, GED_PLAYLIST_ACTIVITY, CGIC, DV, CONSENT, SOCS, AEC, exchange_uid, id, pm_sess, pm_sess_NNN, aboutads_sessNNN, remote_sid, test_cookie, use_hitbox, _gac_gb_, __gads, _gcl_, _gcl_au, _gcl_aw, _gcl_dc, _gcl_gb, _gcl_gf, _gcl_ha, __gpi, __gpi_optout, __gsas, Conversion, 1P_JAR, ACLK_DATA, GPS, NID, ENID, ANID, AID, TAID, IDE, APIS, SAPISID, DSID, HSD, SID, HSID, SSID, SNID, SIDCC, FCCDCF, FCNEC, FLC, FPGCLAW, FPGCLDC, FPAU, GAPS, GLC, N_T, OTZ, PAIDCONTENT, RUL, TAID, UULE, LOGIN_INFO, Permission, yt.innertube::nextId, yt.innertube::requests, yt-html5-player-modules::subtitlesModuleData::display-settings, yt-html5-player-modules::subtitlesModuleData::module-enabled, ytidb::LAST_RESULT_ENTRY_KEY, yt-player-autonavstate, yt-player-bandaid-host, yt-player-bandwidth, yt-player-headers-readable, yt-player-lv, yt-player-quality, yt-player-volume, yt-remote-cast-available, yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name, application_server_key, AuthKey, DeviceId, Endpoint, HighPriorityNotificationShowCount, HomePromptCount, HomePromptTime, IDToken, IndexedDBCheck, LogsDatabaseV2, P256dhKey, Permission, PromptTags, RegistrationTimestamp, shell_identifier_key, TimestampLowerBound, yt-serviceworker-metadata
23 CommentsAdd a Comment
They both sound good to me!
Between the two I’d prefer the rope-drive Tempest, but I’m pleasantly surprised that any new content is a possibility.
I may have spoken too soon. It looks like California law may have made it impossible, in ways even worse than I had previously feared.
How has California law made new content impossible?
Your last comment brings me to wonder: As much as I appreciate Ate Up With Motor, maybe the writing is on the wall. I don’t possess the technical knowledge to do more than guess whether the California regulations are as bad as you have stated, but even if they aren’t it really doesn’t matter. A part of you seems to be drawn elsewhere.
Nothing wrong with that. I find auto history writing to be great fun, but it’s hardly the most intellectually challenging and morally compelling activity of our time. There’s a big world out there, you’re a multi-talented individual, and life is all too short.
So if — for whatever reason(s) — you feel like you need to move on, don’t assume that you owe us readers anything more. You’ve already produced a terrific body of work that withstands the test of time. It’s been a wonderful gift. Thank you for all that you have done.
I would actually really like to do more Ate Up With Motor content, but I have serious doubts about whether I legally can — and whatever extent I might be able to now may completely disappear on January 1, when California really goes to war with the First Amendment.
I don’t have access to any legal counsel to assess whether it really is as drastic as it appears, but the actual text of the revised law that voters approved in November 2020, which becomes fully operative on Jan. 1, 2023, is REALLY drastic. It’s SO drastic, in fact, that it’s unclear how any publisher, film studio, TV network, or other media entity (other than news-reporting entities like newspapers) will be able to lawfully function, although vertically integrated big tech companies like Google, Microsoft, and Facebook will be largely untouched. Any time I bring this up, people think I’ve lost my mind, and I’m pretty sure that the people who voted for the referendum assumed it does something quite a bit different than it actually does.
To give a sense of how drastic an experiment in social engineering Prop. 24 is, if you are deemed a “business” subject to the law’s requirements, starting in January, it will become unlawful for you to so much as buy office supplies or postage from a retail store without first providing the checkout clerk with a detailed notice at collection describing all the categories of personal information you may gather from talking to them or reading their name badge, what purposes you’ll use the information for, how long you’ll retain each category of information, and whether it will be shared or sold (with a notice of the right to opt-out). The same will apply if you contact a government agency or any other entity whose employees and officers are California residents, so watch out if you try to contact your legislators to complain.
Under Prop. 24, it will become unlawful as of January 1 for any “business” to disclose ANY personal information of any California resident that isn’t already publicly available or “lawfully obtained, truthful information that is a matter of public concern” for any business or commercial purpose whatsoever except under a written contract that limits the recipient’s use of the information to certain specified purposes; requires the recipient to provide the consumer to whom the information pertains with all the rights provided by Prop. 24; and gives the business the contractual authority to actively monitor the recipient’s compliance and “stop and remediate unauthorized use of personal information.” Contracts involving the sale or disclosure of a California resident’s personal information, including in published works, will become largely unenforceable because any resident will have the unwaivable right to kibosh the release of their information at almost any time. This doesn’t include information that was already publicly available, but if it’s not publicly available (e.g., a new book of interviews and photos that haven’t previously been published) and not “a matter of public concern,” the resident can generally stop publication or distribution at will (with a limited, temporary exception for a “physical item” the business has “incurred significant expense” to produce in reliance on prior consent), and any contractual agreement to the contrary will be deemed unenforceable. On top of that, the law will make it unlawful to retain any personal information for any purpose NOT disclosed in the “notice at collection,” or “for longer than is reasonably necessary” to achieve the disclosed purpose, so retaining research notes and email may be subject to enforcement action and substantial fines.
Oh, and if you are a California resident as well as a “business” or the owner of a “business,” you’re also considered a “consumer,” which means it’ll be unlawful for you to disclose your OWN information for a business or commercial purpose without a restrictive contract of the kind described above. This includes “sharing” your information (which means making it available for behavioral advertising purposes, even it’s NOT for money or valuable consideration) with any website or service you use in the course of your business activity. So, using the Internet will become more or less categorically unlawful for “businesses,” and lots of luck with stuff like trying to get your phone or computer fixed. (It’ll no longer be lawful for a “business” to take their device to a commercial repair service, unless those services RADICALLY step up their game in terms of the contractual agreements they’re willing to offer.)
That is what the law says (Cal. Civ. Code Section 1798.100 et seq., as amended by Prop. 24) — and it’s already passed and already on the books, although its full requirements aren’t yet operative.
All of that is an absolutely devastating blow to the First Amendment and the First Sale Doctrine, not to mention common sense, but the law’s intent and intended scope are quite explicit. And, since California is claiming broad extraterritoriality for these privacy rights, it will apply to any “business” anywhere that handles the personal information of any California resident.
You see why I don’t think I can do this (or anything else) anymore?
Good sir, I believe you are over-reacting. The clue to the Prop. 24 situation is that you must manage, notify and allow user management of any user information *you collect*.
Overly simplified reply: stop collecting data. If you don’t have cookies, if you don’t have logging, and you don’t have analytics, you don’t HAVE any user data. This website appears not to have any ads, and is not ad supported, so therefore cookies et al are here for *your* convenience, not out of necessity.
Turn off all your data collection and you automatically will be following the regulations. I’ll be doing this for my job’s website post-haste, turning off all cookies and IP recording (except when they intentionally use the web form to contact us, and I will put the proper disclaimers in); I kicked Google Analytics to the curb quite a number of years ago (a SEO “expert” added it) because I felt it was intrusive even back then.
You’re GREATLY underestimating the scope of California privacy law, which seems to be a widespread misconception among the people who supported the CCPA and who voted for Prop. 24.
First, the law’s definition of personal information is extremely broad: It includes any “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” (A “consumer” just means any natural person who resides in California.) With regard to online information, both current law and Prop. 24 consider IP addresses to be “persistent identifiers,” so the IP address of an individual website visitor is personal information, as is any information about their “interaction with an internet website, application, or advertisement.” Therefore, even if your website does not use analytics or advertising, it is definitely collecting visitors’ personal information simply through the web server processing the operations involved in making the site work. (This is true under the GDPR as well.) Depending on how the server manages its log data, that personal information may not be maintained for very long, but it is unequivocally “collected.”
Second, these laws DO NOT only apply to data collected online. (Cal. Civ. Code § 1798.175 states this very explicitly.) Talk to someone in person or over the phone? You’ve “collected” personal information about them. Read about someone in a newspaper or magazine, or listen to a song on the radio? Again, you have collected personal information about anyone involved in the material you read or listened to to whom the information can reasonably be linked. Prop. 24 does have a broader exemption for “publicly available information” than does the current CCPA (which only considers information to be publicly available if it is “made lawfully available to the general public from federal, state, or local government records”), but on January 1, it will remove the current exemptions for interacting with a business or government agency to obtain or provide products or services (e.g., where you talk to an employee of a business from whom you’re buying something) and for information collected from your own owners, officers, and employees (which includes you if you’re a sole proprietor residing in California!).
There is literally no way under the definitions of Prop. 24 that any business could “turn off all data collection” unless everyone associated with the business and its operations is a nonresident located outside of California AND no one acting for or on behalf of the business ever directly or indirectly interacts with California residents unless every aspect of the collection or use of personal information from California residents “takes place wholly outside of California.”
Furthermore, the requirements of Prop. 24 are not waivable by the “consumer.” For example, the restrictions on disclosing information for a business purpose without a restrictive contract will still apply even if the “consumer” says it’s okay or clicks a disclaimer checkbox. Any agreement to the contrary will not be enforceable. (Whether the courts will buy that is another matter, but that is an explicit provision of the law.)
“Therefore, even if your website does not use analytics or advertising, it is definitely collecting visitors’ personal information simply through the web server processing the operations involved in making the site work.”
But if YOU never receive the user’s unique IP address, that is if the server never logs the IP to a location that the site’s owner can access, then YOU aren’t responsible for the data collection. The *hosting service* is, because they are the ones who actually have received the data.
I still believe you are taking the worst-case scenario here. If you never receive user data from your hosting service then this can be honestly stated in a court of law; from your perspective, every user will be “anonymous” as you have no specific user ID to associate with any unique user. It will be impossible for you, as a simple web site author, to identify any user user due to the fact that the hosting service itself is masking that information from you.
See if your web site settings allow anonymous usage (ours does, only granting an anonymous, random session ID that auto expires at leaving the site or 24 minutes).
This is simply untrue. If you operate a website, you are legally responsible for the information it collects and processes. Using a third-party service provider, like a web host, that collects and processes the information on your behalf does NOT relieve you of legal responsibility. That’s true under California law, it’s true under federal laws like COPPA and CAN-SPAM, and it’s true under the EU and UK GDPR. If you only have a page on a social media platform or marketplace like Facebook or eBay, you probably aren’t responsible for the data collection practices of the platform itself (although you are responsible for data you collect directly), but a web host does NOT assume sole legal responsibility for the data collection involved with hosting your website. That’s just not how it works, and even if it were, the terms of service for most commercial web hosts will almost certainly contain provisions limiting their liability and requiring you to indemnify them. In general, if you pay someone to do something on your behalf and for your benefit, you’ll likely have at least some responsibility for it unless you can demonstrate that they did it in a way you expressly told them not to do!
Furthermore, I must emphasize again: Prop. 24, the CCPA, and the GDPR DO NOT ONLY APPLY TO ONLINE DATA OR USER DATA. (Again, the California law says this very explicitly.) These laws apply to ANY personal information in any form, collected by ANY means, including talking to people in person, communicating over the phone, communicating via email, using security cameras or motion sensors on your property, or watching people walk by on the street without ever interacting with them. If you talk to a California resident face-to-face in the course of your business, you are collecting at least four categories of personal information from them (and probably at least five under Prop. 24). Moreover, the CCPA and GDPR also consider reading about someone in a published book or watching them on television to be collecting personal data about them; Prop. 24 at least expands the exemption for information that’s publicly available “from widely distributed media.”
The latter is a really big sticking point. Look, Ate Up With Motor even in its best years was never exactly a juggernaut in terms of traffic, and I try to minimize my data collection from visitors (for example, a little while after publishing your comment, I deleted the IP address and user agent information from the website database, and I’ve deleted the notification emails, which, as is standard for WordPress comment notifications, included your IP address and hostname), I haven’t used any behavioral advertising services in years now, I removed Google Analytics, I don’t sell commenters’ email addresses, and I don’t ask visitors to sign up for a mailing list or email newsletter (I personally HATE when websites instantly bombard you with popups about joining their mailing list). However, that’s not all that’s potentially involved or all that’s at stake.
The problem, and the thing that keeps me up nights, is that California has written its privacy laws in ways that create a serious risk of triggering the nightmare situation I’m describing through a combination of legislative overreach, overly broad framing, and the fact that few people seem to grasp how far-reaching the laws actually are.
“For example, consumer data privacy requirements currently apply to businesses that buy, sell, or share for business purposes the personal data of 50,000 or more consumers, households, or devices annually. The proposition (1) no longer counts devices and (2) increases the annual threshold to 100,000 or more consumers or households.”
By this reading, if you buy, sell OR SHARE personal data, OR only have an annual threshold of 100,000 or less consumers or households, the new rules won’t apply.
Don’t share data by not collecting it in the first place. Simple.
The description you quote is incomplete, and therefore kind of misleading. Under the CCPA (present law), the threshold described reads in full, “Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.” Prop. 24 changes that to read “Alone or in combination, annually buys, sells, or shares the personal information of 100,000 or more consumers or households.”
However, the CCPA ALSO applies if one “[d]erives 50 percent or more of its annual revenues from selling consumers’ personal information,” which Prop. 24 amends to “[d]erives 50 percent or more of its annual revenues from selling or sharing consumers’ personal information.” To be clear: The law applies if EITHER of those thresholds is met (or if one has annual gross revenues of $25 million or more, which you may be assured I do not and likely never will). So, if the operator of a website or any other type of for-profit enterprise gets half or more of its revenue from, for example, using online advertising that collects visitors’ IP addresses and other personal information, the operator of that enterprise is considered a “business” subject to all the requirements of the law — no matter how much revenue they actually have or how many visitors they get — unless they can credibly demonstrate that few if any of those visitors are from California. (Under these laws, “consumer” really just means “any California resident.”)
Both the CCPA and Prop. 24 define the “sale” of personal information EXTREMELY broadly as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” any personal information of any California resident “for monetary or other valuable consideration.” The inclusion of “valuable consideration” means, among other things, that if you use third parties to process the information for you (for example, your web host, your phone company or mobile carrier, shipping agencies and postal services), providing a California resident’s personal information to those third parties can be considered “selling” them that information in exchange for the “valuable consideration” of whatever service they provide for you — even if you’re actually paying THEM — unless you have a written contract with them that prohibits them from using the information outside of providing the services to you. Under Prop. 24, “sharing” means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” any personal information of any California resident “for cross-context behavioral advertising, whether or not for monetary or other valuable consideration” [emphasis added].
Ironically, the only way your latter statement is true is in the context of online advertising and behavioral advertising. Companies like Google and Facebook maintain that they don’t “sell” personal information because they don’t make it directly available to their advertising clients; instead, a client says something like, “I want to show my ad to at least 10,000 left-handed plumbers 24–34 who like basketball,” and Google or Facebook uses its stockpile of information to show the ad to such users, without actually sharing any of those users’ personal information with the client. Web hosting, email hosting, and other services don’t work like that, practically or legally.
(Prop. 24 purports to want to basically stamp out behavioral advertising, but it will actually just cement the stranglehold big vertically integrated tech companies have on online advertising. Big tech companies can largely avoid letting the mountains of information they collect ever leave the confines of the corporation, which means that by definition, they are neither “selling” nor “sharing” that information, at least as Prop. 24 defines those terms. That is arguable, of course, but Amazon, Facebook, Google, and Microsoft all assert basically that, which I assume means they’re prepared to fight it out in court if they have to — and, given how much money they could throw at it, they might very well win.)
I was in Southbend at the Studebaker Museum in 2017. They had a special exhibit called Keep on Truckin’. One of the trucks on display was a ’58 Cameo.
I met the assistant museum director, Jo McCoy, though a friend. She might be able to hook you up with the Cameo owner for pics and other info. Jo’s email addr is on this page: https://www.studebakermuseum.org/about/museum-staff/
Here is a pic of the truck: https://www.smugmug.com/gallery/n-LsswVN/i-JZSrp75/A
As a benefit to the friend knowing her, we got a personally guided tour plus a lot of background history on Studebaker, Oliver, and the Polish immigrants that worked there.
Hope the article materializes. One of the coolest looking trucks ever made.
Aaron, I’m sorry to see your blog going from being ate up with motor, to being ate up with administrative updates over the last 5 years. You have a good writing style, and clearly can take on complex research. It certainly looks like you are over thinking regarding many of the issues holding you back. I hope you find the spark you need to get back to being your best with in depth articles like you showed you can do.
Hey!!!!!!!!!! Welcome back Aaron!
Aaron, first let me say I love your website, and I have read almost every article on it. You’re provided some invaluable automotive history that I and others truly appreciate. That said, you publish a little automotive website. Maybe I’m wrong, and your site is far more notorious than I would have guessed. Maybe Gavin Newsom knows you and has a vendetta against you, so you have to be very careful. But I’m hard pressed to imagine that the State of California will be coming after Ate Up With Motor. I don’t doubt the onerous nature of this new law, or the overall oppressive legal environment in California. That’s partly why people are leaving in droves. Your reaction to this seems…extreme. But if you feel things are that bad, have you considered moving? I know moving is actually a far more difficult endeavor than most people think, but it seems like something you should really consider based on what you’ve described.
I have nowhere to go, I have no resources to relocate if I did, the extraterritoriality of these laws means that not being physically present in California (or for that matter the EU) does NOT necessarily alleviate any of the threat they present, and other states are rushing to follow in California’s footsteps. (Also, if I were elsewhere, my work for California clients would still be subject to California law and California state taxes, so there’s really no escape.)
I’d absolutely love a bit on the Rope-Drive Tempest, that would be fantastic !
Here’s where things stand:
My vote would be for the Tempest article – you already have fantastic pieces on the Corvair, Special/Skylark, and F-85/Cutlass, so that would fill in the gap, completing the total history of GM’s early compacts.
I would certainly like to. The Tempest is SUCH a peculiar beast — the others had their share of oddities, but generally in more explicable ways — and fortunately its conception and development are very well-documented.
It’s like GM just couldn’t bring themselves to do ONE perfectly conventional small car, every offering had some weird engineering innovation – I mean, yes, there was the Chevy II, but that was sort of a rushed afterthought. Guess it was a bit like the crazy techno-laden cars from the Japanese automakers during their bubble economy. Flush with cash, only so many things to spend it on, so splurge a bit
It was honestly sort of the opposite. Each division had lots of bright engineering talent eager to do new and exciting things, but it was really hard to make a case for doing anything too radical (read: expensive or risky) with the mainstream products, so any completely new product became an opportunity for doing something different, even if it ultimately made no sense. The Tempest came about because Pontiac management didn’t want to badge-engineer the Corvair, but the corporation’s willingness to fund additional tooling expense to do something different was very limited. That part makes sense; using that as a pretense for trying to create a budget version of the Lancia Aurelia with a 3.2-liter four, on the other hand …