California ballot measure could become ‘America’s GDPR’
The measure has more than twice the number of signatures required to make it onto the state ballot in November.
Call it privacy’s revenge. The California Consumer Privacy Act now appears likely to qualify for the ballot, with more than enough signatures to put the measure before voters in November.
After that, it would have a reasonable chance to pass absent a well-funded campaign that might scare voters into not approving the measure. Proponents present it as a vehicle for consumers to reclaim control over their personal data.
Here’s how the measure is officially summarized:
Gives consumers right to learn categories of personal information that businesses collect, sell, or disclose about them, and to whom information is sold or disclosed.
Gives consumers right to prevent businesses from selling or disclosing their personal information. Prohibits businesses from discriminating against consumers who exercise these rights. Allows consumers to sue businesses for security breaches of consumers’ data . . . Allows for enforcement by consumers, whistleblowers, or public agencies. Imposes civil penalties. Applies to online and brick-and-mortar businesses that meet specific criteria.
[F]iscal impact on state and local government: Increased costs, potentially reaching the low tens of millions of dollars annually, to state and local governments from implementing and enforcing the measure, some or all of which would be offset by increased penalty revenue or settlement proceeds authorized by the measure.
And businesses would be required to disclose the categories of information they have on users — including home addresses, employment information and characteristics such as race and gender.
The anti campaign will attack it, assuming it reaches the ballot, on two or three obvious grounds:
- It will kill jobs in California (this will be the primary message).
- It will actually harm consumers (in some way).
- It will result in wasteful litigation and state spending.
Probably because of the scrutiny it faced over privacy, Facebook recently made the decision to stop funding opposition to the ballot initiative. Awareness and signature gathering picked up significantly in the wake of Cambridge Analytica, according to one of the measure’s co-authors.
While California isn’t the only state working on new privacy laws, this one would likely set the standard for the rest of the country because of the size of California’s economy and the fact that many of the targeted companies reside in the state. Opponents will argue it could spark an exodus of technology companies from California.
Many marketing industry and business groups oppose the measure and consider it a threat to their ability to operate. The Association of National Advertisers, the California Chamber of Commerce and individual companies oppose the initiative. The umbrella group organized to fight the act is called the “Committee to Protect California Jobs.”
Here’s a preview of their marketing campaign:
This ballot measure . . . is unworkable . . . limiting our choices, hurting our businesses, and cutting our connection to the global economy . . . It makes no sense to attempt to wall off our state cutting off Californians from convenient services . . . The only real beneficiaries of this measure will be trial lawyers . . . This will open the floodgates for abusive, costly lawsuits.”
If the measure does pass in November, it will probably be challenged in court as violating or preempted by the Commerce Clause of the US constitution. However, the conservative-led Supreme Court decision (Murphy vs. NCAA), which legalized sports betting at the state level, will potentially make it harder for business groups to use the Commerce Clause as a way to invalidate state initiatives such as the California Consumer Privacy Act.
