Connect with us

Hi, what are you looking for?



California Voters Expand Data Privacy Law

California voters have backed an initiative expanding a data privacy law criticized by rights watchdogs as having worrying “loopholes” for firms such as Google and Facebook.

California voters have backed an initiative expanding a data privacy law criticized by rights watchdogs as having worrying “loopholes” for firms such as Google and Facebook.

The initiative, which got 56 percent of the vote in Tuesday’s election, builds on a state law by letting people limit how businesses use data such as their location, race and religion.

It also lets regulators levy fines of up to $7,500 per violation of children’s privacy rights and creates a state agency to enforce the law.

The California Consumer Privacy Act become law at the start of this year, the toughest of its kind in the US.

Like the European Data Protection Regulation (GDPR), applied in the European Union since May 2018, the California law guarantees rights regarding control of online data.

Alastair Mactaggart, the wealthy San Francisco real estate developer behind the original law and the act refining it, called its passage historic.

“We are at the beginning of a journey that will profoundly shape the fabric of our society by redefining who is in control of our most personal information and putting consumers back in charge of their own data,” Mactaggart said.

Advertisement. Scroll to continue reading.

California ACLU officials, however, opposed the initiative, contending it would undermine privacy and increase the burden on people to protect themselves from abuses of their data by big tech companies.

The ACLU of Northern California argued that the initiative was “full of loopholes”.

Flaws in the initiative include “carve-outs written by the credit-reporting industry and new ways to keep consumers in the dark about what companies are doing with their personal information,” according to the ACLU.

The initiative limits businesses that have to comply with the law to only companies that buy or sell data of at least 100,000 households a year, the ACLU noted.

Critics point out that Facebook or Google could claim to be exempt regarding online data they don’t pay for but is used to target advertising.

The change to the law also makes it easier for businesses to charge people more if they refuse to let their data be used, according to critics.

Backers of the initiative contended that the laws will set the bar for privacy rights in the US.

“I look forward to ushering in a new era of consumer privacy rights with passage of the California Privacy Rights Act,” said Californians for Consumer Privacy board chairman Andrew Yang.

RelatedState vs. Federal Privacy Laws: The Battle for Consumer Data Protection

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.