Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:00 PM
Connect Directly

California's Prop. 24 Splits Privacy Advocates

Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.

In 2021, tech companies whose businesses are based on the user data they collect might have a new fear: financial penalties from a new California state agency. And strangely, some of the most vocal privacy advocates oppose the bill that could give consumers this power.

Voters there will be given a chance to approve the California Privacy Rights Act, also known as Proposition 24. It's a follow-up bill to the landmark California Consumer Privacy Act, which was passed unanimously by the state legislature in 2018 and took effect on this January 1. The first of its kind in the US, the CCPA creates comprehensive rules guiding how organizations must handle consumer data. Modeled on Europe's General Data Protection Regulation, the CCPA allows users to opt out of companies selling their data to third parties, see what data organizations have gathered about them, and demand that data be deleted.

Related Content:

Simplify Your Privacy Approach to Overcome CCPA Challenges

The Changing Face of Threat Intelligence

New on The Edge: How Can I Help Remote Workers Secure Their Home Routers?

However, the CCPA lacks a strong enforcement provision, and could be chipped away at by tech companies pressuring lawmakers. So California real estate mogul Alastair Mactaggart, who was behind the push for the CCPA, is now pushing for Prop. 24 to supplement that law with stronger remedial actions and $10 million to fund a stand-alone California Privacy Protection Agency enforcement agency that could issue citations and fines over corporate abuse of consumer data.  

It would also allow Californians to stop not only the sale of their data, but the sharing of it, too. That includes sensitive information about their health, genetics, finances, race and ethnicity, religion, sexual orientation, private communications, and precise geolocation. It would triple current fines for violating children's privacy, and make data breaches where an email address is accompanied by sensitive information subject to penalties, and close the loophole that allows businesses to evade paying penalties by remedying violations within 30 days.

There's not a lot of polling asking voters what they think of the bill, but the most recent one from the Yes on 24 campaign shows a slight slippage of support, but still makes it look like a shoo-in.

It sounds like a no-brainer for privacy advocates, yet the bill is controversial. The American Civil Liberties Union, League of Women Voters, Consumer Federation of California, and Public Citizen have come out against the bill, as has privacy advocate Mary Ross, a co-author of the CCPA with Mactaggart. For the most part, their concerns about the bill can be boiled down to fears that it actually weakens privacy for consumers, even though the state constitution enshrines a right to privacy.

The Electronic Frontier Foundation, also a supporter of the CCPA, is noncommittal in its endorsement, but more clear in its words. "Some provisions of Prop. 24 are partial steps forward, so we don't oppose the initiative outright. But we don't support it either, because the forward steps are only partial, and must be weighed against the backward steps and missed opportunities," the organization wrote.

The problems with Prop. 24 include give-aways to Big Tech that would allow them to grab consumer data whenever a California resident left the state, encourage businesses to charge for pro-privacy features, and carve-outs to police departments, weakens biometric protections, and explicitly exposes social media to data mining. That’s according to Jacob Snow, technology and civil liberties attorney at the ACLU of Northern California.

"It weakens global opt-outs for police to keep people in the dark on what they're collecting," he says. "And it allows companies to charge people for their privacy rights. That will disproportionately affect poor people and marginalized communities, and requires education [to safeguard against]."

Photo Credit: Seth Rosenblatt
Photo Credit: Seth Rosenblatt

Advocates for Prop. 24 dismiss these concerns as unrealistic nonsense, the proverbial perfect being the enemy of the good. In addition to Mactaggart, who is bankrolling Prop. 24 as he did the pro-CCPA fight, Prop. 24 is supported by Consumer Watchdog, Consumer Reports, and Common Sense Media, notable privacy scholars, and Democratic politicians including former presidential candidate Andrew Yang and Rep. o Khanna of Silicon Valley.

"This is the toughest privacy law in America. It gives people control over their information and data that they don't have now," says Jamie Court, president of Consumer Watchdog. "This idea that your data isn't protected the minute you hit a non-CA cell tower is ridiculous."

Court also alleges that the $10 million to fund the new California privacy agency puts the state on par with similar funding at the Federal Trade Commission. "And how much funding is for privacy enforcement today? Zero."


Seth is editor-in-chief and founder of The Parallax, an online cybersecurity and privacy news magazine. He has worked in online journalism since 1999, including eight years at CNET News, where he led coverage of security, privacy, and Google. Based in San Francisco, he also ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-26
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES...
PUBLISHED: 2021-02-26
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
PUBLISHED: 2021-02-26
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
PUBLISHED: 2021-02-26
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
PUBLISHED: 2021-02-26
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.