IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

California’s Prop. 24 Looks to Protect Data Privacy Law

After California’s landmark data privacy law passed two years ago, measures to water down the legislation have not stopped coming. Now, Proposition 24 aims to help shield the law from new attacks.

Sacramento Capitol building
Shutterstock
(TNS) — Two years ago, California legislators passed the first major statewide digital-privacy law in the country, giving consumers broad new rights to control how their personal information is used and sold.

Efforts to water down the law followed almost immediately. More than a half-dozen bills were proposed to undo parts of the law, and tech and business lobbyists flooded the state Capitol to push them. The law survived, but some data-privacy advocates say they learned a lesson: California’s protections could easily be weakened unless voters approve an initiative to enshrine them in state law.

Advocates led by Alastair Mactaggart, a wealthy San Francisco developer, say that’s why California needs to approve Proposition 24. The Nov. 3 ballot initiative would prohibit legislators from weakening the California Consumer Privacy Act, create a state agency to enforce privacy protections, and give people more control over how tech companies use their personal information, such as race or health data.

Andrew Yang, the entrepreneur and former Democratic presidential candidate, is helping to lead the campaign for the measure. He said it could help expose how tech companies use sensitive information to manipulate consumers.

“We’ve been living under the shadows of these companies for years,” Yang said. “We have essentially been trained to think of ourselves as rats in a maze to be pelted with digital breadcrumbs all the time.”

Some data-privacy advocates oppose the measure, saying it doesn’t fix flaws in the current law that make it harder for low-income people to exercise their privacy rights.

“Overall, it’s a step backward,” said Jake Snow, an attorney for the American Civil Liberties Union of Northern California. “It doesn’t take into the account the burdens on poor communities and communities of color to pay for their privacy and to do the work to protect themselves.”

Still, supporters say that if voters don’t approve Prop. 24, California’s privacy protections might not survive long enough for another measure to be put on the ballot.

Business-backed efforts to overhaul the law could have passed in 2019 if not for the actions of one legislator, state Sen. Hannah-Beth Jackson. The Santa Barbara Democrat blocked the bills during a pivotal hearing in the Senate Judiciary Committee, which she chairs.

Jackson will be gone next year because of term limits. She said she fears the privacy law eventually will wither under the tech industry’s “virtually limitless” ability to spend money on lobbyists and campaigns.

“To be honest with you, the pressure was intense,” Jackson said of the fight. “It’s a David and Goliath situation. David’s slingshot, if you will, is very tenuous. There’s billions to be made taking people’s information and monetizing it.”

The Legislature passed the California Consumer Privacy Act in 2018, though enforcement of the law didn’t start until July 2020. It allows consumers to tell businesses not to sell their data and to demand that they delete the information altogether.

Mactaggart pushed legislators to approve the law after he spent more than $3 million collecting signatures to get a privacy initiative on the 2018 ballot. He agreed to withdraw it after the law passed.

Mactaggart and his wife, campaign director Celine Mactaggart, are bankrolling Prop. 24. They have spent more than $4.7 million, far more than tech companies, which have done little to fight the effort.

Groups opposed to the initiative have raised just $45,000, all of it from the California Consumer Federation and the California Nurses Association.

Some privacy advocates are also lined up against Prop. 24, including the ACLU. One of their criticisms is that the initiative would do nothing to change the law’s “pay for privacy” provision, under which consumers who opt out of having their data sold can be charged more to make up for the value of the data a company must forfeit.

Prop. 24 also clarifies that companies can continue to operate loyalty and rewards programs under the same rules.

Opponents say Prop. 24 could expand “pay for privacy” by including loyalty programs in the law, making it harder for low-income people and people of color to exercise their rights.

Privacy “shouldn’t be a luxury for people who can afford it,” said Snow, the ACLU attorney.

At its core, the dispute is a philosophical schism about whether control over personal data should be treated as a civil right or a property right. Opponents of Prop. 24 say treating data as a commodity creates a system where the poorest people cannot afford to opt out.

However, Alastair Mactaggart and Yang argue that removing any monetary value associated with data could close the door to people eventually being compensated for use of their information.

“This is why these companies are so valuable, because they know so much more about you than any entity, any government,” Mactaggart said. “There’s tremendous power in this data.”

Yang has long pushed the concept of a “data dividend,” which would require tech companies to pay people for using their personal information. Prop. 24 leaves the pathway open for such a concept.

But that’s just one piece of the initiative, which would expand privacy protections on several fronts. It would:

• Create a California Privacy Protection Agency to enforce the law and fine companies for violations. The agency would receive $10 million a year from the state to hire dozens of investigators.

• Expand the types of information that consumers can block businesses from sharing, including data about their health, genetics, race, ethnicity, sexual orientation, sex life, union membership, religion, philosophical beliefs and precise geolocation.

• Triple penalties for companies that break laws regarding the collection and sale of children’s private information.

• Allow consumers to sue companies if negligence causes their email or passwords to be breached.

The initiative is also opposed by the California Small Business Association, which argues it would create a costly burden for shopkeepers still learning how to comply with the state law.

“The last thing small businesses need right now is to have to spend more money that they don’t have to comply with a law that actually weakens consumer privacy,” Betty Jo Toccoli, the association’s president, said in a statement.

©2020 the San Francisco Chronicle, Distributed by Tribune Content Agency, LLC.