California’s privacy warriors are back – and this time they want to take their fight all the way to the ballot box

The small group of policy wonks that forced California’s legislature to rush through privacy legislation two years ago are back – and this time they want a ballot.

Advocacy group Californians for Consumer Privacy, which started the push for a state-wide data privacy law, announced this week that it has the signatures it needs to get version 2.0 of its privacy rules on the US state’s ballot in November, and submitted its proposal to Sacramento.

This time the goal is to tighten up the rules that its previously ballot measure managed to get into law, despite the determined efforts of internet giants like Google and Facebook to kill it. In return for the legislation being passed, that ballot measure was dropped. Now, it looks like the campaigners are taking their fight to a people's vote after all.

Most significantly, the latest proposals demand an agency to be created to protect and enforce the new rights and provide clear guidance to both consumers and businesses. Currently, enforcement falls to California’s attorney general and he has said that his office will start enforcing the current law in July.

Tech titans are already pushing heavily on that date however, claiming that the coronavirus health crisis means they should be given until January 2021 – two-and-a-half years after the California Consumer Privacy Act was signed into law – before they should be forced to comply with the statute.

That push is just the latest effort by Silicon Valley's mega-corps – which profit from vast databases on billions of people – to undermine legislation that gives Californians a right to view the data that companies hold on them and, critically, request that it be deleted and not sold to third parties. Californians are overwhelmingly in favor of greater privacy protections.

Zuck ain't gonna like this

The new proposal would add more rights, including the use and sale of sensitive personal information, such as health and financial information, racial or ethnic origin, and precise geolocation. It would also triples existing fines for companies caught breaking the rules surrounding data on children (under 16s) and would require an opt-in to even collect such data.

The proposal would also give Californians the right to know when their information is used to make fundamental decisions about them, such as getting credit or employment offers. And it would require political organizations to divulge when they use similar data for campaigns.

And just to push the tech giants from fury into full-blown meltdown the new ballot measure would require any amendments to the law to require a majority vote in the legislature, effectively stripping their vast lobbying powers and cutting off the multitude of different ways the measures and its enforcement can be watered down within the political process.

To get onto the California ballot – where voters are allowed to vote on whether to approve measures put forward by groups outside politicians and lawmakers in Sacramento – you need to get more than 620,000 signatures from residents. Californians for Consumer Privacy says it has over 900,000.

It also said in an announcement this week that in some recent polling it carried out, 88 per cent of California’s 40 million voters would vote yes to a measure that expands existing privacy protections.

The big question now is whether history repeats itself and the threat of a ballot initiative passing is sufficient for lawmakers to promise additions to the existing law in return to take the ballot off the table.

Flexible law-fudging

Last time, the issue went right to the line, with the ballot measure pulled just hours before the deadline after Sacramento passed a new privacy law in record time. The argument made was that passing the law through the traditional process gave greater flexibility because it could be adjusted and amended later to fit in with real-world requirements.

The indications are that the people behind Californians for Consumer Privacy – particularly its head Alastair Mactaggart, a real estate developer – are not going to be willing to accept that compromise this time.

In a letter he posted in September, Mactaggart noted that “some of the world’s largest companies have actively and explicitly prioritized weakening the CCPA” – something they did through the review process in Sacramento.

The proposal to set up a new agency – and so take enforcement away from the politically flexible attorney general – as well as include a lockdown on amendments, all point to the fact that Mactaggart intends to see this one through to completion on the ballot.

As such, we confidently predict a massive campaign funded by tech companies against the ballot measure and possibly a second ballot measure aimed at muddying the waters that is promoted as a better alternative but which provides no additional protections.

California is about to have what may be an era-defining battle over data privacy and tech giants’ control of our personal information. Grab your popcorn. ®