Google weeps as its home state of California passes its own GDPR

[steven36]

Right to view, delete personal info is here – and you'll be amazed to hear why the privacy law passed so fast

 

 

Analysis California has become the first state in the US to pass a data privacy law – with governor Jerry Brown signing the California Consumer Privacy Act of 2018 into law on Thursday.

 

The legislation will give new rights to the state's 40 million inhabitants, including the ability to view the data that companies hold on them and, critically, request that it be deleted and not sold to third parties. It's not too far off Europe's GDPR.

 

Any company that holds data on more than 50,000 people is subject to the law, and each violation carries a hefty $7,500 fine. Needless to say, the corporations that make a big chunk of their profits from selling their users' information are not overly excited about the new law.

 

"We think there's a set of ramifications that's really difficult to understand," said a Google spokesperson, adding: "User privacy needs to be thoughtfully balanced against legitimate business needs."

 

Likewise tech industry association the Internet Association complained that "policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create."

 

So far no word from Facebook, which put 1.5 billion users on a boat to California back in April in order to avoid Europe's similar data privacy regulations.

 

Don't worry if you are surprised by the sudden news that California, the home of Silicon Valley, has passed a new information privacy law – because everyone else is too. And this being the US political system there is, of course, an entirely depressing reason for that.

 

Another part of the statement by the Internet Association put some light on the issue: "Data regulation policy is complex and impacts every sector of the economy, including the internet industry," it argues. "That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning. The circumstances of this bill are specific to California."

 

I see...

So this bill was rushed through?

 

Yes, it was. And what's more it was signed in law on Thursday by Governor Brown just hours after it was passed, unanimously, by both houses in Sacramento. What led lawmakers to push through privacy legislation at almost unheard-of speed? A ballot measure.

 

That’s right, since early 2016, a number of dedicated individuals with the funds and legislative know-how to make data privacy a reality worked together on a ballot initiative in order to give Californians the opportunity to give themselves their own privacy rights after every other effort in Sacramento and Washington DC has been shot down by the extremely well-funded lobbyists of Big Tech and Big Cable.

 

Real estate developer Alastair Mactaggart put about $2m of his own money into the initiative following a chance conversation with a Google engineer in his home town of Oakland in which the engineer told him: "If people just understood how much we knew about them, they’d be really worried."

 

Mactaggart then spoke with a fellow dad at his kid's school, a finance guy called Rick Arney who had previously worked in the California State Senate, about it. And Arney walked him through California's unusual ballot measure system where anyone in the state can put forward an initiative and if it gets sufficient support will be put on the ballot paper at the next election.

 

If a ballot initiative gets enough votes, it becomes law. There have been some good and some bad outcomes from this exercise in direct democracy over the years but given the fact that both Mactaggart and Arney felt that there was no way a data privacy law would make its way through the corridors of power in Sacramento in the normal way, given the enormous influence of Silicon Valley, they decided a ballot measure was the way to go.

Beware the policy wonk

One other individual is worth mentioning: Mary Stone Ross was a former CIA employee and had been legal counsel for the House of Representatives Intelligence Committee and she also lives in Oakland. Mactaggart persuaded her to join the team to craft the actual policy and make sure it could make it through the system.

 

Together the three of them then spend the next year talking to relevant people, from lawyers to tech experts to academics to ordinary citizens to arrive at their overall approach and draft the initiative.

 

And it is at that point that, to be put in bluntly, the shit hit the fan. Because the truth is that consumers – and especially Californians who tend to be more tech-savvy than the rest of the country given the concentration of tech companies in the state – understand the issues around data privacy rules and they want more rights over it.

 

With the initiative well structured and the policy process run professionally, the ballot measure gained the required number of supporters to get it on the ballot. And thanks to the focus groups and polls the group carried out, they were confident that come November it would pass and data privacy become law through direct democracy.

 

At which point, it is fair to say, Big Internet freaked out and made lots of visits to lawmakers in Sacramento who also freaked out.

 

The following months have seen a scurry of activity but if you want to know why the bill became law in almost record time and was signed by Governor Brown on Thursday all you need to know is this single fact: the deadline for pulling the initiative from November's ballot as last night – Thursday evening – and Mactaggart said publicly that if the bill was signed, he would do exactly that and pull his ballot measure.

Privy see

You may be wondering why Sacramento was able to get it through unanimously without dozens of Google and Facebook-funded lawmakers continually derailing the effort, especially since it was still a ballot measure. After all, the tech giants could have spent millions campaigning against the measure in a bid to make sure people didn’t vote for it.

 

And the truth is that they had already lined up millions of dollars to do exactly that. Except they were going to lose because, thanks to massively increased public awareness of data privacy given the recent Facebook Russian election fake news scandal and the European GDPR legislation, it was going to be very hard to push back against the issue. And it has been structured extremely well – it was, frankly, good law.

 

There is another critical component: laws passed through the ballot initiative are much, much harder for lawmakers to change, especially if they are well structured.

 

So suddenly Big Tech and Sacramento were faced with a choice: pass data privacy legislation at record speed and persuade Mactaggart to pull his ballot initiative with the chance to change it later through normal legislative procedures; or play politics as usual and be faced with the same law but one that would be much harder to change in future.

 

And, of course, they went with the law. And Mactaggart, to his eternal credit, agreed to pull his ballot measure in order to allow the "normal" legislative approach to achieve the same goal.

 

And so the California Consumer Privacy Act of 2018 is now law and today is the first day that most Californians will have heard of it. Sausage making at its finest.

 

Of course, Google, Facebook et al are going to spend the next decade doing everything they can trying to unravel it. And as we saw just last week, lawmakers are only too willing to do the bidding of large corporate donors. But it is much harder to put a genie back in the bottle than it is to stop it getting out.

 

Source

[Archanus]

That's the reason Privacy Law is a very bad joke !!  

[dhjohns]

Since California is the 3rd largest economy in the world this will apply to the rest of the U.S. also, most likely.  Similar to car emissions control, and other things.

[BEngEE]

 Again, as repeated in history, it takes a proactive European policy for somewhere in USA to make a change.

[straycat19]

2 hours ago, dhjohns said:

Since California is the 3rd largest economy in the world this will apply to the rest of the U.S. also, most likely.  Similar to car emissions control, and other things.

 

If you are going to compare emissions control to privacy control then California's law is a joke.  As far as other states adopting California emission laws, most have none, some have specific counties with laws, some only require it with original registration, some only after 7 years, some only require vehicles to have smog control devices (catalytic converters), etc.   The laws are so wacky you have to look them up when moving from state to state.  So if the privacy law follows the same route, then lots of luck enforcing it anywhere.

4 minutes ago, BEngEE said:

 Again, as repeated in history, it takes a proactive European policy for somewhere in USA to make a change.

 

That is obviously not true since the California ballot initiative was started over two years ago, before the GDPR was even a gleam in Europe's eye.

[dhjohns]

2 minutes ago, straycat19 said:

 

If you are going to compare emissions control to privacy control then California's law is a joke.  As far as other states adopting California emission laws, most have none, some have specific counties with laws, some only require it with original registration, some only after 7 years, some only require vehicles to have smog control devices (catalytic converters), etc.   The laws are so wacky you have to look them up when moving from state to state.  So if the privacy law follows the same route, then lots of luck enforcing it anywhere.

All I know is that it is very strict here in Delaware.  When you get your car inspected they hook you up to the computer.  You had better pass.

[BEngEE]

 

38 minutes ago, straycat19 said:

That is obviously not true since the California ballot initiative was started over two years ago, before the GDPR was even a gleam in Europe's eye. 

 

No, your assertion is pure fiction.

 

"This draft of the EU General Data Protection Regulation was adopted by the European Parliament on March 12, 2014."

 

That is 4 years, and therefore at least another two years in the making before that (6 total).

 

Also, the EU is law now, whereas the Cali bill - although passed, takes effect Jan 1, 2020. Funny that Cali want it to be known as “The California Consumer Privacy Act of 2018”, so that people can pretend they were all so thoughtful at the same time or before the EU - 100% bullshite.

 

Proof: The EU press release of Jan 2012 - note how the document shows the strategy was set out in Nov 2010 - now that is way way way before Cali even had the people in office to even consider users privacy (like they would of ever): http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en

 

[steven36]

17 hours ago, BEngEE said:

 whereas the Cali bill - although passed, takes effect Jan 1, 2020.

And already  Big tech is working hard to change it before 2020 gets here,  by the time that rolls around it will be like  net neutrally  the bill will be so watered down or repealed and it wan't mater . What is shocking is too see a Democratic Governor pass a bill  that hurts big tech.

 

Tech mobilizes against California privacy law

http://thehill.com/policy/technology/394928-tech-mobilizes-against-california-privacy-law

 

It really dont matter who invented the law 1s, t i think GDPR is a really stupid law, it would take a state like California to adopt it and give the Government control of the internet .. Do you consider being blocked by websites that can't afford the fines and having to use a vpn just to access them a great idea ? It's just like that P2P strikes law that the USA ISPs adopted from France. It is a big failure in France and was a big failure in the USA tell they stop doing it. Now they hold the ISP in the USA accountable for there actions witch will just be another  big failure because they just repealed laws that give iSPs lots of power.

 

Also the EU is about add new copyright laws that will give companies in the USA more power because anything on EU servers will be have to be scanned for copyright .People are so blind for the forest they can't see the trees . The Governments of the world wan't be happy tell they make the internet unusable and they want be no reason to log on. You cant trust the Government regardless of witch one it is if you value you're freedoms. They may of come up with the Idea in 2012 but it didn't get tested in the wild tell 2018 and it will be years down the road before people figure out what a disaster it is for the internet in general .

 

Always stuff looks better on paper than it is in reality when applied in the wild, they dont count certain factors into there projection like websites and companies fighting  back.

 

Its like net neutrally in the USA witch went in effect in June 12, 2015 it was thought up in 2010 and as soon as the Government changed hands it got repealed and that went in effect 2018 and the internet went back to the way it was on June 11, 2015.   Laws dont mean they will even be forever. Most likely they want. Some people seem to think the EU itself want last much longer it's in poor shape. The UK pulling out is a testament to that .

 

The future of the European Union - Creaking at 60

https://www.economist.com/special-report/2017/03/25/the-future-of-the-european-union