Proposition 24 is a measure on the ballot to add provisions to current privacy legislation and to create a State agency to help implement the law. According to the Legislative Analyst,
This proposition provides consumers with new data privacy rights. These include the right to:
Limit sharing (in addition to “sale” in the current law) of personal data – onsumers consumers may direct businesses to not share their personal data;
Correct personal data – consumers may direct businesses to take reasonable efforts to correct personal data that they possess; and
Limit use of “sensitive” personal data – The proposition defines certain pieces of personal data as sensitive. Examples include social security numbers, account logins with passwords, and health data. (Also includes precise location, race and sexuality) Consumers could direct businesses to limit use of their sensitive personal data only to 1) provide requested services or goods, and 2) fulfill key business purposes such as providing customer service.
If it sounds like a good thing, that is because it is. According to Tom Kemp, in “Golden Data,” a security blog, Prop 24 brings California more in line with the stronger privacy measures that have been implemented in Europe. But somehow, opposition has been organized to spread distortions of and misconceptions about what the bill actually does.
The following are some of the accusations I have seen and my reading of what Prop 24 actually says:
It takes privacy rule-making out of the hands of the state Department of Justice, instead creating a new state agency. Not only will this agency likely be underfunded by the initiative, it will be much more vulnerable to influence by the deep-pocket tech giants.
This sounds like industry propaganda to me. The new agency can function like the EPA or OSHA. It (ideally) will do analysis and handle claims that the California DOJ does not have the staff to handle. The Attorney General, who is vulnerable to the same corporate influences – or even more so because it takes money to be elected – will still be the prosecutor. Of course the wrong people can be appointed to agencies: It is our political job to call that out when it happens.
It continues the “pay-for-privacy” provisions of the existing law, under which tech companies can demand payment or reduced services for increased privacy rights.
This is really misleading. The law and the new proposed legislation specifically ban companies from charging for implementation of privacy measures or discriminating against those who use them. What might be considered an exception to this is loyalty clubs, where you can sign up to receive emails and get discounts. Those are definitely designed to track purchases. They are not good, nor are they new to this legislation.
It delays for several years the rights of workers and job applicants to know what personal data of theirs has been sold.
Where are the years? What I found in the text of the measure is that companies can ask for a 90-day extension if the case is so complicated it requires more time. They have to inform you stating their reasons for the delay and they must do so within 45 days of the original request.
It allows tech companies to access one's personal data once they travel outside of California with a cell phone or laptop.
This one is questionable, I agree. It is part of a section that tells that this law applies to California only. That will always be problematic unless we get a federal law protecting privacy.
It allows tech companies to ignore a universal do-not-sell signal that can be set once in a browser. Instead, one will need to opt out from each site separately.
This is a total distortion of what the legislation actually says. It specifically states that the opt-out button cannot conflict with other, more universal, privacy settings that people may have on their devices (I can’t find one on mine—where is it?).
The legislation also says this: Companies can opt out of a “do not sell my data” button on a website only if they agree to respond to automated signals (like a browser setting) that would automatically trigger a ban on sale of consumer data to third parties.
It is entirely true that Prop 24 was put on the ballot by millionaire Alastair Mactaggart, the same millionaire who wrote a privacy measure for a previous election which resulted in the law we currently have. It seems that the capitalist class sometimes has to do something to protect themselves from the abuses that their fellows have created.
I am sure that if workers had control of commerce and communications, we could make better laws – or maybe they would not even be necessary. Right now, we can only vote for reforms. So let’s organize to ditch this system while we try to survive in it.
–written by Marsha Feinland
Peace & Freedom Party State Executive Committee member