Privacy hacks

Democratic lawmakers in California are quietly attacking their own landmark law

The California Consumer Privacy Act, passed last year, protects consumers against companies collecting their personal information online. But it’s losing its footing before it even goes into effect, in July 2020.

The California Consumer Privacy Act, passed last year, protects consumers against companies collecting their personal information online. But it’s losing its footing before it even goes into effect, in July 2020.

Photo by Daviles/iStock

The California Consumer Privacy Act was hailed as a milestone for reining in secret data-mining. But the law doesn’t go into effect until 2020, and that’s given lobbyists for Big Tech a chance to pull its teeth.

Privacy advocates say that, so far, more Democratic lawmakers are lining up to actually help that effort rather than stop it.

Signed into law in 2018, the CCPA empowers consumers to block companies from collecting and selling their personal information without their permission. The CCPA also gives consumers the right to insist that a business delete their personal information if they have it already. The California Attorney General’s Office will start enforcing compliance in July 2020.

Given that tech giants such as Facebook, Google and Twitter—and many startups—profit almost exclusively from harvesting users’ personal information, Attorney General Xavier Becerra has said that his team may struggle to keep up with a deluge of violations. That’s partly why Assemblywoman Buffy Wicks (D-Oakland) authored Assembly Bill 1760.

Not only would the bill narrow certain corporate exemptions to the CCPA, it also would authorize district attorneys, county counsels and city attorneys to bring civil actions against violators.

Then, in late April, the American Civil Liberties Union of Northern California, which worked with Wicks to craft AB 1760, announced the bill was dead on arrival at the Assembly Privacy and Consumer Protection Committee.

“As I understand it, there was not one member of the committee who would support it,” ACLU Legislative Director Kevin Baker told the News & Review. “But the attorney general understands you can’t expect his office alone to enforce the rights of 40 million Californians.”

Also galling to privacy advocates was the fact that, on the same day Wicks’ bill was stalled, the privacy committee moved several competing bills through its chambers, all of which opponents say limit the effectiveness of the CCPA.

All three bills were introduced by Democrats.

Assembly Bill 873, from Assemblywoman Jacqui Irwin of Thousand Oaks, would, according to the Legislative Counsel, soften the restriction on personal information by allowing certain general information to be collected. The ACLU and Electronic Freedom Foundation interpret the bill’s language to remove “household” from the definition of personal information under the CCPA, thus “threatening to undermine protections for information associated with a household.”

Assembly Bill 981, by Assemblyman Tom Daly of Anaheim, would exempt the insurance industry from complying with the CCPA.

There also was Assembly Bill 25, from the privacy committee’s chairman, Democratic Assemblyman Ed Chau of Arcadia. That bill exempts companies in California from CCPA rules in a way that allows the collection of personal data from job applicants, employees and contractors.

“All of those bills had a long list of corporate supporters,” Baker noted.

One bill that privacy advocates do support is state Sen. Hannah-Beth Jackson’s Senate Bill 561. Unlike Wicks’ bill, it wasn’t sidelined in its first committee. Jackson’s bill would alter the CCPA in a way that allows any company doing business in California to be sued by individuals whose personal information is misused under the law.

Under the current CCPA, companies that break the rules have a 30-day window to “cure” the problem before the state attorney general can take action. Jackson, a Santa Barbara Democrat, called that “a get out of jail free card;” SB 561 removes the grace period.

The Attorney General’s Office supports the bill.

“Privacy in California is an explicit constitutional right,” Jackson said while testifying before the state Senate Judiciary Committee.

Jackson then invoked the memory of slain civil rights advocate and former San Francisco Mayor George Moscone, who, six years before his murder in 1978, co-sponsored a legal effort to guarantee privacy for every Californian. A state senator at the time, Moscone wrote: “Computerization of records makes it possible to create ‘cradle-to-grave’ profiles on every American.”

He added that the citizenry needed to guard against governments and corporations “collecting and stockpiling unnecessary information about us, and from misusing information gathered for one purpose in order to serve other purposes, or to embarrass us.”

Jackson reflected on Moscone’s efforts in light of recent data-mining scandals.

“[He] saw the handwriting on the wall as technology was emerging and the threats to potential privacy became clear,” she noted. “Those fears seem rather prescient today.”

The bill Jackson was testifying for faces stern opposition from the California Chamber of Commerce. Sarah Boot, the chamber’s policy advocate, described it as a giveaway to personal injury lawyers.

“Businesses will spend a fortune trying to comply with these new rights,” Boot told the judiciary committee. “SB 561 would allow thousands of trial attorneys to test businesses’ ability to perfectly comply with the complexities of this new law. This will be strict liability with no proof of injury.”

Major lobbying associations for tech and digital entertainment—including Tech Net, the Consumer Technology Association, the Internet Association, the Consumer Data Industry Association and California Cable Association—all oppose Jackson’s bill.

The senator succeeded in pushing SB 561 to the Senate Appropriations Committee, but there it was stalled. The committee, whose chair and majority of members are Democrats, voted to hold it from advancing.

Baker supports consumers having the right to directly sue over violations of the CCPA and disputes Boot’s claim that it will have a crippling effect on small business.

“They say that about anything that’s enforceable,” Baker stressed. “The bottom line is, we live with a legal system that depends on being able to hold bad guys accountable.”