Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/2/2020
07:00 PM
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail
50%
50%

California's Prop. 24 Splits Privacy Advocates

Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.

In 2021, tech companies whose businesses are based on the user data they collect might have a new fear: financial penalties from a new California state agency. And strangely, some of the most vocal privacy advocates oppose the bill that could give consumers this power.

Voters there will be given a chance to approve the California Privacy Rights Act, also known as Proposition 24. It's a follow-up bill to the landmark California Consumer Privacy Act, which was passed unanimously by the state legislature in 2018 and took effect on this January 1. The first of its kind in the US, the CCPA creates comprehensive rules guiding how organizations must handle consumer data. Modeled on Europe's General Data Protection Regulation, the CCPA allows users to opt out of companies selling their data to third parties, see what data organizations have gathered about them, and demand that data be deleted.

Related Content:

Simplify Your Privacy Approach to Overcome CCPA Challenges

The Changing Face of Threat Intelligence

New on The Edge: How Can I Help Remote Workers Secure Their Home Routers?

However, the CCPA lacks a strong enforcement provision, and could be chipped away at by tech companies pressuring lawmakers. So California real estate mogul Alastair Mactaggart, who was behind the push for the CCPA, is now pushing for Prop. 24 to supplement that law with stronger remedial actions and $10 million to fund a stand-alone California Privacy Protection Agency enforcement agency that could issue citations and fines over corporate abuse of consumer data.  

It would also allow Californians to stop not only the sale of their data, but the sharing of it, too. That includes sensitive information about their health, genetics, finances, race and ethnicity, religion, sexual orientation, private communications, and precise geolocation. It would triple current fines for violating children's privacy, and make data breaches where an email address is accompanied by sensitive information subject to penalties, and close the loophole that allows businesses to evade paying penalties by remedying violations within 30 days.

There's not a lot of polling asking voters what they think of the bill, but the most recent one from the Yes on 24 campaign shows a slight slippage of support, but still makes it look like a shoo-in.

It sounds like a no-brainer for privacy advocates, yet the bill is controversial. The American Civil Liberties Union, League of Women Voters, Consumer Federation of California, and Public Citizen have come out against the bill, as has privacy advocate Mary Ross, a co-author of the CCPA with Mactaggart. For the most part, their concerns about the bill can be boiled down to fears that it actually weakens privacy for consumers, even though the state constitution enshrines a right to privacy.

The Electronic Frontier Foundation, also a supporter of the CCPA, is noncommittal in its endorsement, but more clear in its words. "Some provisions of Prop. 24 are partial steps forward, so we don't oppose the initiative outright. But we don't support it either, because the forward steps are only partial, and must be weighed against the backward steps and missed opportunities," the organization wrote.

The problems with Prop. 24 include give-aways to Big Tech that would allow them to grab consumer data whenever a California resident left the state, encourage businesses to charge for pro-privacy features, and carve-outs to police departments, weakens biometric protections, and explicitly exposes social media to data mining. That’s according to Jacob Snow, technology and civil liberties attorney at the ACLU of Northern California.

"It weakens global opt-outs for police to keep people in the dark on what they're collecting," he says. "And it allows companies to charge people for their privacy rights. That will disproportionately affect poor people and marginalized communities, and requires education [to safeguard against]."

Advocates for Prop. 24 dismiss these concerns as unrealistic nonsense, the proverbial perfect being the enemy of the good. In addition to Mactaggart, who is bankrolling Prop. 24 as he did the pro-CCPA fight, Prop. 24 is supported by Consumer Watchdog, Consumer Reports, and Common Sense Media, notable privacy scholars, and Democratic politicians including former presidential candidate Andrew Yang and Rep. o Khanna of Silicon Valley.

"This is the toughest privacy law in America. It gives people control over their information and data that they don't have now," says Jamie Court, president of Consumer Watchdog. "This idea that your data isn't protected the minute you hit a non-CA cell tower is ridiculous."

Court also alleges that the $10 million to fund the new California privacy agency puts the state on par with similar funding at the Federal Trade Commission. "And how much funding is for privacy enforcement today? Zero."

 

Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29129
PUBLISHED: 2020-11-26
ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-29130
PUBLISHED: 2020-11-26
slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.
CVE-2020-26936
PUBLISHED: 2020-11-26
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2020-29042
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
CVE-2020-29043
PUBLISHED: 2020-11-26
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.