Privacy advocates split on California’s Prop. 24

In 2021, technology companies whose businesses are based on the user data they collect might face financial penalties from a new California state agency. Regulatory oversight of consumer privacy is often pushed for and broadly lauded by consumer privacy advocates. Yet some of the most vocal privacy advocates oppose the Privacy Rights and Enforcement Act Initiative (PDF), also known as the California Privacy Rights Act, also known as Proposition 24.

The bill is a follow-up to the landmark California Consumer Privacy Act, which was passed unanimously by the state legislature in 2018 and took effect on January 1. The CCPA, the first law of its kind in the United States, creates comprehensive rules guiding how organizations must handle consumer data. Modeled on Europe’s General Data Protection Regulation, the CCPA allows users to opt out of companies selling their data to third parties, to see what data organizations have gathered about them, and to demand that they delete it.

“This is the toughest privacy law in America. It gives people control over their information and data that they don’t have now.”—Jamie Court, president, pro-Prop. 24 group Consumer Watchdog

However, the CCPA lacks a strong enforcement provision, and it could be chipped away at by tech companies pressuring lawmakers. So California real-estate mogul Alastair Mactaggart, who was behind the push for the CCPA, is now pushing for Prop. 24 to supplement that law with stronger remedial actions and $10 million to fund a stand-alone California Privacy Protection Agency enforcement agency that could issue citations and fines over corporate abuse of consumer data.

Prop. 24 would also allow Californians to stop not only the sale of their data, but also the sharing of it. That includes sensitive information about their health, genetics, finances, race and ethnicity, religion, sexual orientation, private communications, and precise geolocation. It would triple current fines for violating children’s privacy. It would make data breaches where an email address is accompanied by sensitive information subject to penalties. And it would close the loophole that allows businesses to evade paying penalties by remedying violations within 30 days.



READ MORE ON PRIVACY LAWS

Pandemic discourages regulators from enforcing GDPR
Remember Stasi spying to understand the GDPR
Pro-privacy biometric laws face long road to change in U.S.
How to read a privacy policy


There’s not a lot of polling asking voters what they think of the bill. The most recent one from the “Yes on 24” campaign shows a slight slippage of support but still makes it look like a shoo-in.

It sounds like a no-brainer for privacy advocates, yet the bill is controversial. The American Civil Liberties Union, League of Women Voters, Consumer Federation of California, and Public Citizen have come out against the bill, as has privacy advocate Mary Ross, a co-author of the CCPA with Mactaggart. For the most part, their concerns about the bill can be boiled down to fears that it actually weakens privacy for consumers in a state whose constitution enshrines a right to privacy.

The Electronic Frontier Foundation, also a supporter of the CCPA, is noncommittal in its endorsement but more clear in its words. “Some provisions of Prop. 24 are partial steps forward, so we don’t oppose the initiative outright. But we don’t support it, either, because the forward steps are only partial, and must be weighed against the backward steps and missed opportunities,” the organization wrote.

This story was originally commissioned by Dark Reading. Read the full story here.