Security Experts:

Connect with us

Hi, what are you looking for?



Californians Consider Expanding Landmark Data Privacy Law

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

If approved, Proposition 24 would update a 2018 law that gave Californians the right to know what information companies collect about them online, the right to get that data deleted and the right to opt out of the sale of their personal information.

The new measure would triple the fines for companies that violate kids’ privacy or break laws on the collection and sale of children’s private information. It would create a dedicated state agency to enforce the new law, with an annual budget of $10 million.

It also aims to close some loopholes that proponents say companies like Facebook, Google and Spotify have exploited.

“The important thing to realize is that business isn’t standing still,” says Alastair Mactaggart, a San Francisco real estate developer who led support for the 2018 law and is behind the effort to update it. Proposition 24, he says, will “put a floor under privacy.”

Between the time the law was passed and took effect in January, major companies have found ways to dodge requirements, Mactaggart said, while lobbyists for tech and business are pressuring lawmakers to water it down further.

The measure has divided consumer and privacy advocates.

Among its opponents are the American Civil Liberties Union of California, the Consumer Federation of California and Public Citizen. They say the 52-page initiative is too complicated for voters to read and that it’s too soon to rewrite a law that just took effect. Some argue the measure is not tough enough on big business and makes concessions that don’t fully benefit consumers.

“There are some things that are incremental steps forward,” said Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California. “Overall, it is a step backwards for privacy in California.”

Another area of disagreement: whether companies should have to ask permission to sell consumers’ data (the “opt in” model) or whether consumers should have to ask companies to stop selling it (“opt out”). The existing law requires Californians to opt out.

Proposition 24 would not make “opting out” of data collection the default, meaning that consumers need to sort through apps and websites to register their preferences, rather than requiring companies to ask consumers for their permission to sell data.

“That’s just impossible for people to realistically do,” Snow said.

Supporters of the measure include Consumer Reports, Common Sense Media and Consumer Watchdog, which say it makes the existing privacy law stronger and takes important steps toward holding big business accountable.

Former Democratic presidential candidate Andrew Yang is chairing the advisory board for Proposition 24 and says it would be a model for other states to follow.

The Electronic Frontier Foundation has decided to stay neutral, calling the measure “a mixed bag of partial steps backwards and forwards.”

Supporters have raised nearly $6 million, most of it from Mactaggart. The campaign to defeat the measure has raised just $50,000.

Related: Data Privacy, Other Measures Qualify for California Ballot

Related: Andrew Yang Takes Lead in California Data Privacy Measure

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...