Californians Consider Expanding Landmark Data Privacy Law

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

If approved, Proposition 24 would update a 2018 law that gave Californians the right to know what information companies collect about them online, the right to get that data deleted and the right to opt out of the sale of their personal information.

The new measure would triple the fines for companies that violate kids’ privacy or break laws on the collection and sale of children’s private information. It would create a dedicated state agency to enforce the new law, with an annual budget of $10 million.

It also aims to close some loopholes that proponents say companies like Facebook, Google and Spotify have exploited.

“The important thing to realize is that business isn’t standing still,” says Alastair Mactaggart, a San Francisco real estate developer who led support for the 2018 law and is behind the effort to update it. Proposition 24, he says, will “put a floor under privacy.”

Between the time the law was passed and took effect in January, major companies have found ways to dodge requirements, Mactaggart said, while lobbyists for tech and business are pressuring lawmakers to water it down further.

The measure has divided consumer and privacy advocates.

Among its opponents are the American Civil Liberties Union of California, the Consumer Federation of California and Public Citizen. They say the 52-page initiative is too complicated for voters to read and that it’s too soon to rewrite a law that just took effect. Some argue the measure is not tough enough on big business and makes concessions that don’t fully benefit consumers.

“There are some things that are incremental steps forward,” said Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California. “Overall, it is a step backwards for privacy in California.”

Another area of disagreement: whether companies should have to ask permission to sell consumers’ data (the “opt in” model) or whether consumers should have to ask companies to stop selling it (“opt out”). The existing law requires Californians to opt out.

Proposition 24 would not make “opting out” of data collection the default, meaning that consumers need to sort through apps and websites to register their preferences, rather than requiring companies to ask consumers for their permission to sell data.

“That’s just impossible for people to realistically do,” Snow said.

Supporters of the measure include Consumer Reports, Common Sense Media and Consumer Watchdog, which say it makes the existing privacy law stronger and takes important steps toward holding big business accountable.

Former Democratic presidential candidate Andrew Yang is chairing the advisory board for Proposition 24 and says it would be a model for other states to follow.

The Electronic Frontier Foundation has decided to stay neutral, calling the measure “a mixed bag of partial steps backwards and forwards.”

Supporters have raised nearly $6 million, most of it from Mactaggart. The campaign to defeat the measure has raised just $50,000.

Related: Data Privacy, Other Measures Qualify for California Ballot

Related: Andrew Yang Takes Lead in California Data Privacy Measure