IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

New Proposal Could Strengthen California Data Privacy Rules

The prior privacy law, known as the California Consumer Privacy Act, took effect this January. Even though some said it was a step in the right direction, digital rights groups have criticized those guidelines for being too weak.

1305_ Sacramento 32-L
California's state capitol building in Sacramento.
David Kidd
(TNS) — California legislators approved a landmark Internet privacy law two years ago. Now, privacy advocates hope they can convince voters to pass an even stronger measure.

Known as the California Privacy Rights Act, the initiative would add more teeth to existing legislation by creating a new, $10 million state agency dedicated to protecting online consumer privacy. It would also restrict the use of sensitive data — like someone’s sexual orientation, Social Security number or union membership — and would make location tracking less precise, among other changes.

Proponents say these additions would make California the forerunner for strict privacy laws around the globe. In a state that’s home to some of the biggest names in tech, the initiative would make it harder to collect and sell consumer information.

“Especially post-COVID, people are going to be more sensitive to privacy concerns,” San Francisco developer and privacy activist Alastair Mactaggart, who spearheads the initiative, said. “I feel strongly — and polling shows — that Californians want more control over their information.”

Mactaggart’s initiative qualified for the ballot Wednesday evening, after the California Secretary of State determined enough signatures had been collected. Barring legislative intervention, Californians will vote on the measure this November.

If passed, the initiative would stock the new agency with 40 privacy professionals. The initiative also seeks to limit legislators’ ability to soften privacy protection guidelines in the future.

An attorney general-commissioned analysis from an independent research firm predicts that adhering to the standards from the original law would cost California businesses a total of $55 billion, assuming that three-quarters of all businesses will have to comply. Mactaggart called the findings an “overstatement,” and said the calculation overestimates how many businesses would be required to follow the rules.

But amid a coronavirus pandemic and a budget shortfall, those opposed to the initiative argue it’s unfair for the state to consider adding to the bureaucracy while essential services like health care and education face cuts.

Opponents have also raised concerns over the speed at which privacy advocates are pushing stricter laws through the state. California legislators passed the original law unanimously in 2018 — at “light speed,” said John Kabateck, California state director of the National Federation of Independent Businesses. State government officials will start enforcing its rules next month.

That means Californians would have around four months to gauge how well the previous bill works before voting on another, stronger measure. To Kabateck, this timeline is too cramped. More discussion should happen before another decision is made, he said.

“Small businesses, consumers and communities had very little time to talk about this issue,” he added. “It’s irresponsible.”

Mactaggart responded that “now is the time to do it.”

“We’ve come a long way in the two years since passing the landmark California Consumer Privacy Act, but during these times of unprecedented uncertainty, we need to ensure that the laws keep pace with the ever-changing ways corporations and other entities are using our data,” he said in a press release Wednesday. “That’s why our campaign is going to make sure all Californians know about the new and stronger rights provided under this ballot measure, the California Privacy Rights Act, and why we need their support in November.”

The prior privacy law, known as the California Consumer Privacy Act, took effect this January. Even though some said it was a step in the right direction, digital rights groups have criticized those guidelines for being too weak, saying it doesn’t apply to small businesses and allows consumers to sue offending companies for only up to $750.

And while that measure lets consumers request to learn what companies like Facebook and Google collect from them, the obtained information consists of broad demographics instead of specific data points.

Mactaggart’s new initiative aims to strengthen wording in the original law and add additional protections. Under the proposal, Californians would be able to correct their information, and companies would receive triple the existing fine for violating the privacy rights for minors.

Still, Kabateck fears that the initiative would open small businesses up to legal challenges — and end up costing jobs. For companies without in-house legal teams or technology professionals, consumers who ask for their data could likely eat up profits as they spend time trying to comply with the law, he said. A coalition of business groups, including the California Restaurant Association and the California Hispanic Chamber of Commerce, have asked Mactaggart to withdraw his initiative.

Even so, others believe the new plan doesn’t go far enough. At $10 million per year, data policy expert and co-author of the original law Mary Stone Ross told legislators that the proposed agency would be a “woefully underfunded paper tiger.”

“I’m all for a data protection agency, but if you’re going to do it, do it properly,” she said. Low funding would make enforcement more difficult, she explained, and the initiative itself introduces loopholes that could end up weakening the law it’s trying to strengthen.

©2020 The Sacramento Bee (Sacramento, Calif.) Distributed by Tribune Content Agency, LLC.