Round 2 in California’s fight against data privacy confusion has not gone well
California’s successful Proposition 24, bolstering that state’s first-in-the-nation data privacy law, could be another trailblazing policy from the Golden State. But that might not be a good thing.
The state’s second swing at meaningful privacy legislation — Prop. 24 — is another muddied and flawed effort has somehow made the task of managing one’s personal information more confusing.
Both the original law, the California Consumer Privacy Act, and Prop. 24 were rushed reactions to the same, politically charged impetus: the 2018 Cambridge Analytica scandal. Everyone wanted a turn in that flogging.
Prop. 24 will do several things, including preventing future legislators from weakening the California Consumer Privacy Act. It also expanded the ways and types of data, including biometric data, that people can control, created a privacy-enforcement agency and tripled fines for violating children’s privacy rights.
Arguably all reasonable aims, but with embarrassing misses.
Here is one: Some charge that the law missed an opportunity to fix a problem with the original privacy law known as “pay for privacy.” That means people must compensate companies for past and future financial losses when people claw back control of their personal data.
That price might dissuade low-income consumers, critics have said.
Wired magazine went through Prop. 24 and found other items that, perhaps with more time and attention, might have been addressed.
For example, the plain language of the law appears to give data-trading businesses a choice in how they offer opt-outs. They can accept global opt-out requests sent automatically by a browser or device to every site a person visits. Consumers would only have to opt in or out once.
Or, businesses could put an opt-out link on their sites. That would require consumers to act every time they land on a new site or download a new app.
Except none of that is true. As Wired points out, a deeper reading, following cross references, leads to a new understanding, something about how people hitting an opt-out link on a site should not be treated different than people who opt in.
Trailblazing might be beyond what California can do, at least on this topic.
Article Topics
biometric data | biometrics | California | CCPA | data protection | digital identity | legislation | privacy | United States
Comments