The Fitbits on our wrists collect our health and fitness data; Apple promises privacy but lots of iPhone apps can still share our personal information; and who really knows what they’re agreeing to when a website asks, “Do You Accept All Cookies?” Most people just click “OK” and hope for the best, says former Democratic presidential candidate Andrew Yang.
“The amount of data we’re giving up is unprecedented in human history,” says Yang, who lives in New York but is helping lead the campaign for a data privacy initiative on California’s Nov. 3 ballot. “Don’t you think it’s time we did something about it?”
Yang is chairing the advisory board for Proposition 24, which he and other supporters see as a model for other states as the U.S. tries to catch up with protections that already exist in Europe.
The California Privacy Rights Act of 2020 would expand the rights Californians were given to their personal data in a groundbreaking law approved two years ago, which took effect in January. The California Consumer Privacy Act of 2018 was intended to give residents more control over their personal information collected online. It limited how companies gather personal data and make money from it and gave consumers the right to know what a company has collected and have it deleted, as well as the right to opt out of the sale of their personal information.
But between the time the law was passed and took effect, major companies have found ways to dodge requirements. Tech and business lobbyists are pressuring the Legislature to water it down further, with proposals to undo parts of the law, says Alastair Mactaggart, a San Francisco real estate developer who spearheaded support for the 2018 law and is behind the effort to amend it.
“Business is actively seeking to undermine the protections that were just put in place,” says Mactaggart. He began advocating for consumer privacy after a dinner party conversation with a Google employee who told him people would be shocked by how much the company knows about them. As more time passes without restrictions, he said “these businesses, because of the nature of their power, will be too powerful to regulate.”
To help research and draft the measure, Mactaggart said he hired Ashkan Soltani, former Federal Trade Commission chief technologist, and consulted with numerous other privacy experts.
The measure is supported by Common Sense Media and Consumer Watchdog, along with several privacy experts and labor organizations that say the measure will strengthen the law and protect it from industry attempts to dilute it.
The pro-24 campaign has raised over $5.5 million, most of it from Mactaggart.
The campaign to defeat the measure has raised just $50,000. Opponents say the 52-page initiative is so complicated that most voters won’t read it, or understand their rights if they do. Early voting begins Monday.
Opponents include groups like the California Small Business Association, a handful of local chambers of commerce and the National Federation of Independent Business, which say it’s too soon to rewrite the law. They say the measure would further burden small businesses still trying to comply with the new law. “And now Prop. 24 would upend all of that for an even more stringent, onerous law,” the NFIB said in a statement.
The ACLU of Northern California is also opposed, saying some updates would actually hurt consumers.
“Overall, it is a step backward for privacy in California,” said Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California. He argues Proposition 24 would make it easier for businesses to charge customers higher prices — or “pay for privacy” — if they refuse the collection of their data, or downgrade service for those who don’t pay the fee, which could hurt low-income communities and those who can’t pay to protect themselves.
“That’s not how privacy should work. It should not be a luxury that only rich people can afford,” he said.
Mactaggart says these objections are a misrepresentation of the measure and that the “pay for privacy” provision is already part of the existing law.
Proposition 24 would also create the California Privacy Protection Agency, with an annual budget of $10 million, to enforce the law and fine companies for violations.
Now, only the state attorney general can bring enforcement actions, but Attorney General Xavier Becerra has said his office has limited resources and could only bring a handful of cases each year.
It would also triple the fines on companies that violate kids’ privacy or illegally collect and sell their private information, while closing some of the loopholes that proponents say companies such as Facebook, Google and Spotify have exploited by saying they’re not selling personal information but “sharing” it with partners. Consumers could also opt out of data sharing and sales of private information about everything from their race and ethnicity to union membership or religion.
“I think this is going to be an opportunity for us to set a national standard,” said Yang. “As soon as other states see that Californians have these data and privacy rights, they’re going to want the same thing.”
Related: State vs. Federal Privacy Laws: The Battle for Consumer Data Protection
