Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/2/2020
07:00 PM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
50%
50%

California's Prop. 24 Splits Privacy Advocates

Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.

In 2021, tech companies whose businesses are based on the user data they collect might have a new fear: financial penalties from a new California state agency. And strangely, some of the most vocal privacy advocates oppose the bill that could give consumers this power.

Voters there will be given a chance to approve the California Privacy Rights Act, also known as Proposition 24. It's a follow-up bill to the landmark California Consumer Privacy Act, which was passed unanimously by the state legislature in 2018 and took effect on this January 1. The first of its kind in the US, the CCPA creates comprehensive rules guiding how organizations must handle consumer data. Modeled on Europe's General Data Protection Regulation, the CCPA allows users to opt out of companies selling their data to third parties, see what data organizations have gathered about them, and demand that data be deleted.

Related Content:

Simplify Your Privacy Approach to Overcome CCPA Challenges

The Changing Face of Threat Intelligence

New on The Edge: How Can I Help Remote Workers Secure Their Home Routers?

However, the CCPA lacks a strong enforcement provision, and could be chipped away at by tech companies pressuring lawmakers. So California real estate mogul Alastair Mactaggart, who was behind the push for the CCPA, is now pushing for Prop. 24 to supplement that law with stronger remedial actions and $10 million to fund a stand-alone California Privacy Protection Agency enforcement agency that could issue citations and fines over corporate abuse of consumer data.  

It would also allow Californians to stop not only the sale of their data, but the sharing of it, too. That includes sensitive information about their health, genetics, finances, race and ethnicity, religion, sexual orientation, private communications, and precise geolocation. It would triple current fines for violating children's privacy, and make data breaches where an email address is accompanied by sensitive information subject to penalties, and close the loophole that allows businesses to evade paying penalties by remedying violations within 30 days.

There's not a lot of polling asking voters what they think of the bill, but the most recent one from the Yes on 24 campaign shows a slight slippage of support, but still makes it look like a shoo-in.

It sounds like a no-brainer for privacy advocates, yet the bill is controversial. The American Civil Liberties Union, League of Women Voters, Consumer Federation of California, and Public Citizen have come out against the bill, as has privacy advocate Mary Ross, a co-author of the CCPA with Mactaggart. For the most part, their concerns about the bill can be boiled down to fears that it actually weakens privacy for consumers, even though the state constitution enshrines a right to privacy.

The Electronic Frontier Foundation, also a supporter of the CCPA, is noncommittal in its endorsement, but more clear in its words. "Some provisions of Prop. 24 are partial steps forward, so we don't oppose the initiative outright. But we don't support it either, because the forward steps are only partial, and must be weighed against the backward steps and missed opportunities," the organization wrote.

The problems with Prop. 24 include give-aways to Big Tech that would allow them to grab consumer data whenever a California resident left the state, encourage businesses to charge for pro-privacy features, and carve-outs to police departments, weakens biometric protections, and explicitly exposes social media to data mining. That’s according to Jacob Snow, technology and civil liberties attorney at the ACLU of Northern California.

"It weakens global opt-outs for police to keep people in the dark on what they're collecting," he says. "And it allows companies to charge people for their privacy rights. That will disproportionately affect poor people and marginalized communities, and requires education [to safeguard against]."

Advocates for Prop. 24 dismiss these concerns as unrealistic nonsense, the proverbial perfect being the enemy of the good. In addition to Mactaggart, who is bankrolling Prop. 24 as he did the pro-CCPA fight, Prop. 24 is supported by Consumer Watchdog, Consumer Reports, and Common Sense Media, notable privacy scholars, and Democratic politicians including former presidential candidate Andrew Yang and Rep. o Khanna of Silicon Valley.

"This is the toughest privacy law in America. It gives people control over their information and data that they don't have now," says Jamie Court, president of Consumer Watchdog. "This idea that your data isn't protected the minute you hit a non-CA cell tower is ridiculous."

Court also alleges that the $10 million to fund the new California privacy agency puts the state on par with similar funding at the Federal Trade Commission. "And how much funding is for privacy enforcement today? Zero."

 

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-23727
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
CVE-2020-28175
PUBLISHED: 2020-12-03
There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges
CVE-2020-13524
PUBLISHED: 2020-12-03
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim n...
CVE-2020-13525
PUBLISHED: 2020-12-03
The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-23726
PUBLISHED: 2020-12-03
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).