CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Californians Consider Expanding Landmark Data Privacy Law

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

If approved, Proposition 24 would update a 2018 law that gave Californians the right to know what information companies collect about them online, the right to get that data deleted and the right to opt out of the sale of their personal information.

The new measure would triple the fines for companies that violate kids’ privacy or break laws on the collection and sale of children’s private information. It would create a dedicated state agency to enforce the new law, with an annual budget of $10 million.

It also aims to close some loopholes that proponents say companies like Facebook, Google and Spotify have exploited.

“The important thing to realize is that business isn’t standing still,” says Alastair Mactaggart, a San Francisco real estate developer who led support for the 2018 law and is behind the effort to update it. Proposition 24, he says, will “put a floor under privacy.”

Between the time the law was passed and took effect in January, major companies have found ways to dodge requirements, Mactaggart said, while lobbyists for tech and business are pressuring lawmakers to water it down further.

The measure has divided consumer and privacy advocates.

Among its opponents are the American Civil Liberties Union of California, the Consumer Federation of California and Public Citizen. They say the 52-page initiative is too complicated for voters to read and that it’s too soon to rewrite a law that just took effect. Some argue the measure is not tough enough on big business and makes concessions that don’t fully benefit consumers.

Advertisement. Scroll to continue reading.

“There are some things that are incremental steps forward,” said Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California. “Overall, it is a step backwards for privacy in California.”

Another area of disagreement: whether companies should have to ask permission to sell consumers’ data (the “opt in” model) or whether consumers should have to ask companies to stop selling it (“opt out”). The existing law requires Californians to opt out.

Proposition 24 would not make “opting out” of data collection the default, meaning that consumers need to sort through apps and websites to register their preferences, rather than requiring companies to ask consumers for their permission to sell data.

“That’s just impossible for people to realistically do,” Snow said.

Supporters of the measure include Consumer Reports, Common Sense Media and Consumer Watchdog, which say it makes the existing privacy law stronger and takes important steps toward holding big business accountable.

Former Democratic presidential candidate Andrew Yang is chairing the advisory board for Proposition 24 and says it would be a model for other states to follow.

The Electronic Frontier Foundation has decided to stay neutral, calling the measure “a mixed bag of partial steps backwards and forwards.”

Supporters have raised nearly $6 million, most of it from Mactaggart. The campaign to defeat the measure has raised just $50,000.

Related: Data Privacy, Other Measures Qualify for California Ballot

Related: Andrew Yang Takes Lead in California Data Privacy Measure

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.