Voters in California decisively strengthened an already strong privacy law, and took away the power of elected officials to amend and enforce it. When the dust cleared yesterday, yes votes on proposition 24 had a 12% lead over the noes. Ballot counting in California might drag on until the middle of December, but it is all but mathematically certain that yes will prevail by a wide margin.
Three unrelated stories that broke within 24 hours demonstrate why digital security is a personal responsibility, and how blindly trusting third parties – individuals or private companies or governments – to look after your best interests is no solution:
- The European Court of Justice nixed a data sharing safe harbor deal between the European Union and the U.S., pointing out in its decision that “the requirements of US national security, public interest and law enforcement have primacy”, which makes any promises of privacy meaningless.
Nearly four years after the fact, Frontier Communications is being held to answer for the fumbled cutover of Verizon wireline customers it acquired in 2015. Last month, the California Public Utilities Commission formally opened an investigation into the widespread reports of dead lines and customer service meltdowns that went on for weeks after Frontier closed on its purchase of Verizon’s decaying copper telephone systems and somewhat more modern fiber to the home FiOS territories in California.… More
Federal Trade Commission chair Joseph Simons was on the undercard for Consumer Technology Association CEO Gary Shapiro’s “fireside chats” with federal policymakers at CES in Las Vegas on Tuesday. Warming up the audience ahead of Federal Communications Commission chair Ajit Pai’s long awaited CES debut, he urged congress to give his agency the U.S. privacy cop job that California now holds by default. The FTC is already pursuing privacy enforcement actions under existing law “because the big tech platforms are becoming so consequential to our lives and so large”, Simon said.… More
California’s data privacy law took effect yesterday, although formal regulations and active enforcement by the attorney general’s office don’t kick in until July. Even so, the AG plans to respond to complaints and monitor compliance with the bits of the law that do have teeth now. Until – unless – congress does something, the California Consumer Privacy Act (CCPA) is the national standard.
If you want confirmation, just look in your email inbox. If it’s anything like mine, it’s full of CCPA notifications.… More
The “Contract for the Web” campaign published its manifesto last week, titled, naturally enough, Contract for the Web. It’s a declaration of nine principles, including “make the internet affordable and accessible to everyone”, “respect and protect people’s privacy and personal data to build online trust” and “develop technologies that support the best in humanity and challenge the worst”, which are among the tasks the contract assigns to private companies. Individuals are urged to “be creators and collaborators on the web”, “build strong communities that respect civil discourse and human dignity”, and “fight for the web”.… More
Google’s $2.1 billion purchase of Fitbit will, if nothing else, be an excellent test case for California’s new consumer data privacy law, which takes effect in January. The California Consumer Privacy Act (CCPA) requires companies above a certain size let their customers know what kind of personal data is being collected and what it’s being used for, and gives individuals a level of control over the collection and use of their data.
The activity, location and health data collected by Fitbit devices is highly personal.… More
California’s consumer data privacy law will be the default privacy standard across the U.S., at least for the coming year, and that’s upsetting the Washington, D.C. crowd. A panel discussion on privacy legislation at the Mobile World Congress trade show in Los Angeles last week featured three industry lobbyists, the head of an industry front organisation and a Federal Trade Commission lawyer. All of them are based in D.C., and shared Beltway-centric advice on who should be calling the shots.… More
California’s tough consumer privacy law technically takes effect in January, but enforcement won’t begin until next July. The California attorney general has the job of writing the detailed rules that businesses will have to follow, and then enforcing those rules.
The first draft of those new rules was posted for public review and comment. They apply to businesses with more than $25 million in “annual gross revenues”, or collects or deals in “the personal information of 50,000 or more consumers, households, or devices”, or that deal in people’s personal information for a living.… More
The man behind California’s new privacy law doesn’t like what lobbyists are trying to do to it in Sacramento, and plans on taking his case directly voters. In 2018, Alastair Mactaggart and his organisation – Californians for Consumer Privacy – collected enough signatures to get a tough privacy law on the ballot, but withdrew the initiative after a deal with was cut with lawmakers to enact most of its provisions. But anything the legislature can do, it can also undo, so Mactaggart is going back to the voters.… More