California’s Privacy Power Move Against Silicon Valley Is Just The Beginning

Last week, drowned out by the country’s primal screams against baby jails, trade wars, and Russia, California made a power move against its own Silicon Valley bros in the name of consumer protection. And unlike most everything else in today’s America, the crack down on tech is something most folks can agree on, regardless of politics.

The California Privacy Act of 2018 doesn’t take effect until 2020, but it has the practical effect of putting every tech company with a customer in California on notice: abuse personal data and we’re gonna hit you where it hurts most, your bottom line. The law links the most fundamental right to privacy guaranteed by the California Constitution to the right to data privacy.

Under the law consumers have the right to ask a company exactly what kind of data they’re collecting on you, how it’s being collected, what the business plans to do with this data and which third parties could have access.

Besides simple disclosure, customers will now have the choice to opt out of having their information sold to a third party, and if they exercise that right, the company cannot penalize them with a lower tier of service or anything else that might appear to diminish the quality of the service.

If a customer’s personal data is lost due to a data breach, they have the right to sue the company for up to $750 per violation. Companies which intentionally misuse and abuse consumer data can be sued by the Attorney General’s office for up to $7,500 per violation. The money from those suits will be put into what the law calls the “Consumer Privacy Fund,” which will be controlled by the legislature and used to fund enforcement.


There was already a of voter-driven ballot initiative with enough support to make it to the November ballot, but the California Legislature and Governor Jerry Brown decided to act sooner to head off the ballot initiative.

The politics of pushing privacy are a no-brainer in progressive California. The country watched as Mark Zuckerberg robotically tried to render a reasonable reaction to the sweeping data breach in the lead up to the election during his testimony on Capitol Hill. How did all of this data wind up in the hands of Cambridge Analytica? What Americans got in response was little more than a *shrug emoji* and a new ad campaign.

In fact, the new law specifically references the issue.

“In March 2018, it came to light that tens of millions of people had their personal data misused by a data mining firm called Cambridge Analytica,” the bill text reads. “A series of congressional hearings highlighted that our personal information may be vulnerable to misuse when shared on the Internet. As a result, our desire for privacy controls and transparency in data practices is heightened.”

Add that on top of the wildly unpopular rollback of Net Neurality regulations by the FCC, led by former Verizon lawyer Ajit Pai and you’ve got a recipe for voters demanding lawmakers reign in a tech and telecom sector that appears to have oversized power over our daily lives with little to zero oversight.

And it’s not just liberals and progressives. Conservatives aren’t any more dazzled with the likes of Silicon Valley. A Pew poll from June showed seven out of 10 Americans think social media censors political views and more than half (64 percent) of Republicans think the tech sector as a whole support a liberal agenda. Worst of all, only 24 percent of the public thinks these companies “Do enough to protect the personal data of their users.”

Sounds like the perfect storm of bad mojo brewing across a country ready to exact a price on Silicon Valley.

The voter privacy initiative push in California was the pet project of Alastair Mactaggart, a San Francisco real estate developer who reportedly sunk about $3 million of his own cash into getting the issue on the California ballot. According to Santa Clara professor and tech law expert Eric Goldman, it was Mactaggart who forced the legislature’s hand in passing the measure at warp speed.

“The initiative process in California has several known defects, including (1) the text is locked down, so there’s no way to improve the proposed text based on comments from other stakeholders (which the legislative process allows), and (2) extreme difficulty amending or repealing the law once approved by voters–effectively, it becomes frozen law that’s permanently out of the legislature’s purview,” Goldman wrote on his blog. “So if the initiative passes, the initiative’s worse language will become immutable — we’ll be stuck with its many defects potentially forever.”

Goldman goes on to warn that other millionaires could fund the same types of campaigns in the future to force the legislature to act or be left out of the process altogether.

Naturally, Silicon Valley isn’t stoked on the new law and warns harsh regulations like these are destined to come with unintended consequences. But they also realize the more strict ballot initiative would have been worse.

Facebook’s Will Castleberry, told WIRED: “that while the bill is ‘not perfect,’ the company supports it and looks forward to ‘working with policymakers on an approach that protects consumers and promotes responsible innovation.'”

But following the Cambridge Analytica debacle, Facebook is in a more tricky position. Many of the other biggest companies in tech, the Internet Association and CTIA have all lined up against the measure.

“We think there’s a set of ramifications that’s really difficult to understand,” Google’s senior vice president Sridhar Ramaswamy said, according to Reuters. User privacy needs to be thoughtfully balanced against legitimate business needs.”

Groups like CTIA argue this ad hoc state-by-state approach will only complicate the landscape for business and customers.

“State-specific laws will stifle American innovation and confuse consumers,” CTIA said.

The hope for consumers is that the strictest regulations will eventually apply to all consumers. But until then, it’s time for tech to ramp up security. Because in California at least, those breaches are going to cost you.

The California Privacy act of 2018 is likely to be just the first salvo in this privacy war between consumers and tech. The landscape is undeniably shifting and the brands who embrace privacy over profits stand to win the hearts of the next generation of customers.

Your move, Zuck.


Featured image: California Consumer Privacy Act 





Leave a Reply