SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
California on Thursday passed the nation's toughest consumer data protection law. (Photo: Mike MacKenzie/Flickr/cc)
Promising 'Bellwether' or Utter Failure? California Passes Landmark Privacy Law for Online Data
While some believe it could set a new standard in the U.S., the victory comes partly from tech lobbyists' efforts to pass a "compromise" to block a stricter ballot measure
Jun 29, 2018
While some critics worry the legislation doesn't nearly go far enough, other observers are saying "California could be the bellwether for the privacy movement" after the state legislature on Thursday unanimously passed and Democratic Gov. Jerry Brown signed into law the nation's toughest digital privacy rules.
As TechCrunch outlined, once the new law takes effect in January 2020:
- Businesses must disclose what information it collects, what business purpose it does so for and any third parties it shares that data with.
- Businesses would be required to comply with official consumer requests to delete that data.
- Consumers can opt out of their data being sold, and businesses can't retaliate by changing the price or level of service.
- Businesses can, however, offer "financial incentives" for being allowed to collect data.
- California authorities are empowered to fine companies for violations.
Even though it could set a new national standard, as Lee Fang reported earlier this week, citing emails obtained by the The Intercept, "lobbyists for the largest tech companies" quiety fought for the "compromise privacy legislation" in order to keep an even stricter measure off the ballot in November. The ballot initiative, Fang wrote, aimed to enable consumers "to opt out of the sale and collection of their personal data," significantly expand "the definition of personal information to include geolocation, biometrics, and browsing history," and even allow "consumers to pursue legal action for violations of the law."
The California Consumer Privacy Act (AB375) retains several of the initial provisions from the ballot measure, which had the same name as the bill and was backed by real estate mogul Alastair Mactaggart. However, there are a few key differences. For example, the law requires "the disclosure of only the 'category' of a third-party that receives personal information, instead of the identity of the third-party itself," The Verge noted. "Perhaps most importantly, passing the privacy rules as legislation allows lawmakers to more easily change them, while a ballot measure would be more difficult to amend."
Despite the differences, AB375 is similar enough to the ballot initiative that Mactaggart's campaign agreed to withdraw its measure if the governor signed the law by the withdrawal deadline, which he did. "We are thrilled that AB375 has become law. This is a monumental achievement for consumers, with California leading the way in creating unprecedented consumer protections for the rest of the nation," Mactaggart said Thursday.
The ACLU of Northern California, meanwhile, was not satisfied with the legislation. "Concern for privacy is at an all-time high in the aftermath of the Cambridge Analytica scandal, and yet California has enacted a law that utterly fails to provide the privacy protections the public has demanded and deserves. Nobody should be fooled to think AB375 properly protects Californians' privacy," said Nicole Ozer, the group's technology and civil liberties director.
"This measure was hastily drafted and needs to be fixed," Ozer added. "When that happens next year, effective privacy protections must be included that actually protect against rampant misuse of personal information, make sure that companies cannot retaliate against Californians who exercise their privacy rights, and ensure that Californians can actually enforce their personal privacy rights."
The push for stricter privacy measures comes as part of an international wave of efforts to protect consumers' data following recent breaches and abuses by Big Tech. As Wired explained:
[AB375 is] similar to the General Data Protection Regulation that went into effect in the European Union last month, but adds to it in crucial ways. Under the GDPR, businesses are required to get users' permission before collecting and storing their data. But the way most companies have designed those opt-in pop-ups, "you really don't have a choice," says Ashkan Soltani, former chief technology officer of the Federal Trade Commission who helped author the ballot initiative.
Given that California's law--compared with the ballot measure--is easier to amend, Soltani turned to Twitter after its passage to emphasize the importance of consumer advocates staying engaged to ward off tech lobbyists' attacks:
Although California's law only applies to the state's consumers, people elsewhere will likely be impacted, because, as cybersecurity expert Cynthia Larose told The Associated Press, "It's going to be impractical for companies to maintain two separate sets of privacy protections--one for California and one for everyone else."
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
While some critics worry the legislation doesn't nearly go far enough, other observers are saying "California could be the bellwether for the privacy movement" after the state legislature on Thursday unanimously passed and Democratic Gov. Jerry Brown signed into law the nation's toughest digital privacy rules.
As TechCrunch outlined, once the new law takes effect in January 2020:
- Businesses must disclose what information it collects, what business purpose it does so for and any third parties it shares that data with.
- Businesses would be required to comply with official consumer requests to delete that data.
- Consumers can opt out of their data being sold, and businesses can't retaliate by changing the price or level of service.
- Businesses can, however, offer "financial incentives" for being allowed to collect data.
- California authorities are empowered to fine companies for violations.
Even though it could set a new national standard, as Lee Fang reported earlier this week, citing emails obtained by the The Intercept, "lobbyists for the largest tech companies" quiety fought for the "compromise privacy legislation" in order to keep an even stricter measure off the ballot in November. The ballot initiative, Fang wrote, aimed to enable consumers "to opt out of the sale and collection of their personal data," significantly expand "the definition of personal information to include geolocation, biometrics, and browsing history," and even allow "consumers to pursue legal action for violations of the law."
The California Consumer Privacy Act (AB375) retains several of the initial provisions from the ballot measure, which had the same name as the bill and was backed by real estate mogul Alastair Mactaggart. However, there are a few key differences. For example, the law requires "the disclosure of only the 'category' of a third-party that receives personal information, instead of the identity of the third-party itself," The Verge noted. "Perhaps most importantly, passing the privacy rules as legislation allows lawmakers to more easily change them, while a ballot measure would be more difficult to amend."
Despite the differences, AB375 is similar enough to the ballot initiative that Mactaggart's campaign agreed to withdraw its measure if the governor signed the law by the withdrawal deadline, which he did. "We are thrilled that AB375 has become law. This is a monumental achievement for consumers, with California leading the way in creating unprecedented consumer protections for the rest of the nation," Mactaggart said Thursday.
The ACLU of Northern California, meanwhile, was not satisfied with the legislation. "Concern for privacy is at an all-time high in the aftermath of the Cambridge Analytica scandal, and yet California has enacted a law that utterly fails to provide the privacy protections the public has demanded and deserves. Nobody should be fooled to think AB375 properly protects Californians' privacy," said Nicole Ozer, the group's technology and civil liberties director.
"This measure was hastily drafted and needs to be fixed," Ozer added. "When that happens next year, effective privacy protections must be included that actually protect against rampant misuse of personal information, make sure that companies cannot retaliate against Californians who exercise their privacy rights, and ensure that Californians can actually enforce their personal privacy rights."
The push for stricter privacy measures comes as part of an international wave of efforts to protect consumers' data following recent breaches and abuses by Big Tech. As Wired explained:
[AB375 is] similar to the General Data Protection Regulation that went into effect in the European Union last month, but adds to it in crucial ways. Under the GDPR, businesses are required to get users' permission before collecting and storing their data. But the way most companies have designed those opt-in pop-ups, "you really don't have a choice," says Ashkan Soltani, former chief technology officer of the Federal Trade Commission who helped author the ballot initiative.
Given that California's law--compared with the ballot measure--is easier to amend, Soltani turned to Twitter after its passage to emphasize the importance of consumer advocates staying engaged to ward off tech lobbyists' attacks:
Although California's law only applies to the state's consumers, people elsewhere will likely be impacted, because, as cybersecurity expert Cynthia Larose told The Associated Press, "It's going to be impractical for companies to maintain two separate sets of privacy protections--one for California and one for everyone else."
While some critics worry the legislation doesn't nearly go far enough, other observers are saying "California could be the bellwether for the privacy movement" after the state legislature on Thursday unanimously passed and Democratic Gov. Jerry Brown signed into law the nation's toughest digital privacy rules.
As TechCrunch outlined, once the new law takes effect in January 2020:
- Businesses must disclose what information it collects, what business purpose it does so for and any third parties it shares that data with.
- Businesses would be required to comply with official consumer requests to delete that data.
- Consumers can opt out of their data being sold, and businesses can't retaliate by changing the price or level of service.
- Businesses can, however, offer "financial incentives" for being allowed to collect data.
- California authorities are empowered to fine companies for violations.
Even though it could set a new national standard, as Lee Fang reported earlier this week, citing emails obtained by the The Intercept, "lobbyists for the largest tech companies" quiety fought for the "compromise privacy legislation" in order to keep an even stricter measure off the ballot in November. The ballot initiative, Fang wrote, aimed to enable consumers "to opt out of the sale and collection of their personal data," significantly expand "the definition of personal information to include geolocation, biometrics, and browsing history," and even allow "consumers to pursue legal action for violations of the law."
The California Consumer Privacy Act (AB375) retains several of the initial provisions from the ballot measure, which had the same name as the bill and was backed by real estate mogul Alastair Mactaggart. However, there are a few key differences. For example, the law requires "the disclosure of only the 'category' of a third-party that receives personal information, instead of the identity of the third-party itself," The Verge noted. "Perhaps most importantly, passing the privacy rules as legislation allows lawmakers to more easily change them, while a ballot measure would be more difficult to amend."
Despite the differences, AB375 is similar enough to the ballot initiative that Mactaggart's campaign agreed to withdraw its measure if the governor signed the law by the withdrawal deadline, which he did. "We are thrilled that AB375 has become law. This is a monumental achievement for consumers, with California leading the way in creating unprecedented consumer protections for the rest of the nation," Mactaggart said Thursday.
The ACLU of Northern California, meanwhile, was not satisfied with the legislation. "Concern for privacy is at an all-time high in the aftermath of the Cambridge Analytica scandal, and yet California has enacted a law that utterly fails to provide the privacy protections the public has demanded and deserves. Nobody should be fooled to think AB375 properly protects Californians' privacy," said Nicole Ozer, the group's technology and civil liberties director.
"This measure was hastily drafted and needs to be fixed," Ozer added. "When that happens next year, effective privacy protections must be included that actually protect against rampant misuse of personal information, make sure that companies cannot retaliate against Californians who exercise their privacy rights, and ensure that Californians can actually enforce their personal privacy rights."
The push for stricter privacy measures comes as part of an international wave of efforts to protect consumers' data following recent breaches and abuses by Big Tech. As Wired explained:
[AB375 is] similar to the General Data Protection Regulation that went into effect in the European Union last month, but adds to it in crucial ways. Under the GDPR, businesses are required to get users' permission before collecting and storing their data. But the way most companies have designed those opt-in pop-ups, "you really don't have a choice," says Ashkan Soltani, former chief technology officer of the Federal Trade Commission who helped author the ballot initiative.
Given that California's law--compared with the ballot measure--is easier to amend, Soltani turned to Twitter after its passage to emphasize the importance of consumer advocates staying engaged to ward off tech lobbyists' attacks:
Although California's law only applies to the state's consumers, people elsewhere will likely be impacted, because, as cybersecurity expert Cynthia Larose told The Associated Press, "It's going to be impractical for companies to maintain two separate sets of privacy protections--one for California and one for everyone else."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.