A bill that aims to strengthen online privacy laws for consumers in California could replace a potential November ballot initiative backed by privacy advocates and opposed by the tech industry.
Today, state lawmakers introduced the California Data Privacy Protection Act, which would allow consumers to know what information companies collect from them while also giving people a way to opt out of being tracked across the internet. The bill would also allow the state attorney general to prosecute companies for data breaches and give users the option to demand their data be deleted by companies.
The act is sponsored by several Democratic state lawmakers—Senators Bob Hertzberg and Bill Dodd and assemblymember Ed Chau—and comes less than a year after another privacy bill failed to receive approval by lawmakers.
In a statement announcing the legislation, Hertzberg and Chau cited recent data breaches such as those by Facebook, Target and Equifax along with growing concern over the collection and use of personal information. Chau called the legislation a “significant step.”
“The idea that a person should have some say about how their personal information can be used, shared or sold is not a controversial question for everyday consumers—it is common sense,” Chau continued. “In fact, it is consistent with the right of privacy enshrined in our constitution, and we as legislators have an obligation to ensure privacy rights for online consumers.”
The legislation is, in some ways, a compromise between Silicon Valley companies fighting new limits on data collection and privacy advocates that have been promoting a proposed ballot initiative called the California Consumer Privacy Act of 2018. The act, if approved by the Secretary of State’s office, would be decided on by California voters in November. Organizers say they’ve already received more than 600,000 signatures—considerably more than the 360,000 required by state law to appear on the ballot.
Alastair Mactaggart, a real estate mogul leading the charge for the ballot initiative, said he supports the legislative route in its current form. But while legislation was just introduced today, there isn’t much time for both houses to approve a version of the bill and get it signed by Gov. Jerry Brown. Mactaggart said he would only withdraw his proposal from the ballot if it’s signed into law by June 28—the deadline for initiatives to be added to the ballot.
“We await the next few days with interest,” Mactaggart said in a statement. “Though we feel sanguine about the possible outcomes: either we get a law we like, or we proceed to the ballot in November, and we like our chances there as well.”
But there is still uncertainty whether the bill can be passed due to timing, as well as the question of whether Big Tech puts its thumbs on the scales of the legislation via lobbying efforts.
The bill also has the backing of Common Sense Media, a nonprofit watchdog group for children’s use of technology, which has been working with corporations and consumer groups to craft a final version of the legislation. According to Common Sense founder Jim Steyer, the proposal won’t be a mirror of GDPR. However, he likened it along those lines, adding that U.S. consumers should have the same privacy protections as Europeans.
Steyer said he’s optimistic that the legislation could be passed, adding that his organization has been working directly with companies including Apple, Microsoft and Salesforce on a compromise.
“Given the complete disfunction of Washington, D.C. these days at both the executive branch and Congressional level, California would become the de facto standard for the nation,” he said. “And people, not companies, should decide what happens to their data—especially when kids are involved.”