On June 28, California Governor Jerry Brown signed a new data privacy law that received bipartisan support. Californians unnerved by recent data scandals, breaches, and increasingly personalized marketing campaigns can now rest a little bit easier. However, technologists involved in the acquisition and exploitation of user data may have a migraine in their near future.
Under the protections of the new California law, companies must disclose the types of data that they collect. Additionally, consumers can disallow the sale of their information to third parties, request the deletion of that information, and demand to know the business or commercial purpose motivating the data collection.
It may seem ironic that this new law emerged from California, home to Silicon Valley, but the industry has been reeling under global pressures related to the Facebook–Cambridge Analytica data scandal and GDPR. Corporate ethical responsibilities are now a more detail-oriented and less abstract affair. This changing situation is also a boon for new types of business, with GDPR consultants popping up to meet a rising demand for expertise in privacy protocols.
Companies have been racing to clarify the methods by which they collect, store, and protect personal data, while also highlighting the benefits and conveniences that this data yields. Strict compliance with GDPR is mandatory for all companies seeking to sell goods or services to European citizens. The GDPR framework also protects the rights of anyone in the EU whose personal data is transferred to the U.S. for commercial purposes and it places safeguards on U.S. government access to data. However, new domestic regulations are now emerging as well and California served as an important battleground.
The new law is actually the product of compromise. The California Consumer Privacy Act ballot initiative was potentially a localized version of GDPR with sweeping consumer protections. It was largely the brainchild of Alastair Mactaggart, a San Francisco real estate developer who reportedly spent more than $3 million on the initiative due to his convictions regarding digital privacy.
The initiative was intended for a November 2018 ballot, but behind-the-scenes negotiations led to Assembly Bill 375. Although some observers have characterized AB 375 as a “watered-down” version of the initiative, Mactaggart seemed satisfied, describing it as a “monumental achievement for consumers” and a first step toward the creation of consumer protections in the rest of the nation.
November 2018 Ballot Initiative Withdrawn
Due to the passage of AB 375, Mactaggart’s group, Californians for Consumer Privacy, withdrew their November 2018 ballot initiative. Under the protections of that initiative, consumers could sue companies for non-compliance with various rights. AB 375 provides consumers with “private right of action regarding data breaches only.”
On its website, Californians for Consumer Privacy described the compromise as follows:
“In summary, the broad private right of action in the initiative was limited to covering instances of data breach, and all other violations are subject to enforcement by the Attorney General. In return, the bill achieved greater consumer protection.”
Those expanded protections include the right to see all of the data that a business has collected, twice annually and free of charge. There is also a mandated opt-in for consumers under 16 years old.
Although AB 375 won’t be met with open arms by some tech companies, it will likely disturb them less than the original initiative. State disclosure records revealed that many large tech companies financially contributed to the Committee to Protect California Jobs, which opposed the ballot initiative. The tech companies said that the initiative’s requirements would hinder their ability to innovate and might produce unintended consequences. The donor list was essentially a who’s who of the tech kingdom, with sizable contributions made by Cox, Verizon, Comcast, Amazon, Microsoft, Uber, Google, several advertising associations, and others. Facebook also funded the committee but withdrew its support following CEO Mark Zuckerberg’s Congressional testimony.
In a public statement, the Committee to Protect California Jobs stated that the ballot measure would disconnect California. They argued, “The only real beneficiaries of this measure will be trial lawyers, who will be allowed to sue businesses for violation of the measure even if they cannot prove anyone has been harmed.”
Prior to the passage of AB 375, DMN solicited expert opinions from the marketing and tech world regarding the proposed initiative. Read those reactions in part two of this feature tomorrow.