Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Californians Consider Expanding Landmark Data Privacy Law

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

Two years ago, California became the first state to pass a sweeping digital privacy law seen as the strongest of its kind in the United States. Voters are now deciding whether to refine and expand that law, or leave it as is.

If approved, Proposition 24 would update a 2018 law that gave Californians the right to know what information companies collect about them online, the right to get that data deleted and the right to opt out of the sale of their personal information.

The new measure would triple the fines for companies that violate kids’ privacy or break laws on the collection and sale of children’s private information. It would create a dedicated state agency to enforce the new law, with an annual budget of $10 million.

It also aims to close some loopholes that proponents say companies like Facebook, Google and Spotify have exploited.

“The important thing to realize is that business isn’t standing still,” says Alastair Mactaggart, a San Francisco real estate developer who led support for the 2018 law and is behind the effort to update it. Proposition 24, he says, will “put a floor under privacy.”

Between the time the law was passed and took effect in January, major companies have found ways to dodge requirements, Mactaggart said, while lobbyists for tech and business are pressuring lawmakers to water it down further.

The measure has divided consumer and privacy advocates.

Among its opponents are the American Civil Liberties Union of California, the Consumer Federation of California and Public Citizen. They say the 52-page initiative is too complicated for voters to read and that it’s too soon to rewrite a law that just took effect. Some argue the measure is not tough enough on big business and makes concessions that don’t fully benefit consumers.

“There are some things that are incremental steps forward,” said Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California. “Overall, it is a step backwards for privacy in California.”

Another area of disagreement: whether companies should have to ask permission to sell consumers’ data (the “opt in” model) or whether consumers should have to ask companies to stop selling it (“opt out”). The existing law requires Californians to opt out.

Proposition 24 would not make “opting out” of data collection the default, meaning that consumers need to sort through apps and websites to register their preferences, rather than requiring companies to ask consumers for their permission to sell data.

“That’s just impossible for people to realistically do,” Snow said.

Supporters of the measure include Consumer Reports, Common Sense Media and Consumer Watchdog, which say it makes the existing privacy law stronger and takes important steps toward holding big business accountable.

Former Democratic presidential candidate Andrew Yang is chairing the advisory board for Proposition 24 and says it would be a model for other states to follow.

The Electronic Frontier Foundation has decided to stay neutral, calling the measure “a mixed bag of partial steps backwards and forwards.”

Supporters have raised nearly $6 million, most of it from Mactaggart. The campaign to defeat the measure has raised just $50,000.

Related: Data Privacy, Other Measures Qualify for California Ballot

Related: Andrew Yang Takes Lead in California Data Privacy Measure

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.