Last week, the corporate-backed, legislative battle against
California privacy met a blockade, as one Senate committee voted down and
negotiated changes to several bills that, as originally written, could have weakened
the state’s data privacy law, the California Consumer Privacy Act.
Though the bills’ authors have raked in thousands of dollars
in campaign contributions from companies including Facebook, AT&T, and
Google, records portray broader donor networks, which include Political Action
Committees (PACs) for real estate, engineering, carpentry, construction,
electrical, and municipal workers.
End Date: Friday Sep-27-2019 15:18:16 PDT
Buy It Now for only: $28.27
Buy It Now | Add to watch list
End Date: Saturday Sep-21-2019 3:29:19 PDT
Buy It Now for only: $4.45
Buy It Now | Add to watch list
Instead, Big Tech relied on advocacy and lobbying groups to help push favorable legislative measures forward. For example, one bill that aimed to lower restrictions if companies provide consumer data to government agencies was supported by TechNet and Internet Association.
Those two groups alone represent the interests of Amazon—which was caught offering a corporate job to a Pentagon official involved in a $10 billion Department of Defense contract that the company is currently seeking—and Microsoft—another competitor in the same $10 billion contract—along with Google, Twitter, Lyft, Uber, PayPal, Accenture, and Airbnb.
Below is a snapshot of five CCPA-focused bills that were all scheduled for a vote during a July 9 hearing by the California Senate Judiciary Committee. The committee chair, Senator Hannah-Beth Jackson, pulled a 12-hour-plus shift that day, trying to clear through more than 40 bills.
Yet another day in politics.
We hope to provide readers with a look at both the support and opposition to these bills, along with a view of who wrote the bills and what groups have donated to their authors. It is important to remember that lawmaking is rarely a straight line, and a campaign contribution is far from an endorsement.
The assembly bills
What’s it all about? Exceptions to the CCPA when companies provide consumer data to government agenciesAuthor: Assemblymember Ken CooleyAuthor’s top 2018 donors: the California Democratic Party ($111,192), the State Building and Construction Trades Council of California PAC Small Contributor Committee ($17,600), the California State Council of Laborers PAC ($17,600). Author’s tech donors: AT&T ($8,800), Facebook ($6,900)Supported by: Internet Association, Technet, Tesla, Symantec, California Land Title Association, California Alliance of Caregivers, among othersOpposed by: ACLU of California, Electronic Frontier Foundation, Common Sense Kids Action, and Privacy Rights ClearinghouseAB 1416 would have created a new exception to the CCPA for any business that “provides a consumer’s personal information to a government agency solely for the purposes of carrying out a government program, if specified requirements are met.”
The bill would have granted companies the option to neglect
a consumer’s decision to opt-out of having their data sold to another party, so
long as the sale of that consumer’s data was “for the sole purpose of detecting
security incidents, protecting against malicious, deceptive, fraudulent, or
illegal activity, and prosecuting those responsible for that activity.”
According to multiple privacy groups, those exceptions were too broad. In a letter signed by ACLU of California, EFF, Common Sense Kids Action, and Privacy Rights Clearinghouse, the groups wrote:
“Given the breath of these categories, especially with the
increasing use of machine learning and other data-driven algorithms, there is
no practical limit on the kinds of data that might be sold for these purposes. It
would even allow sales based on the purchaser’s asserted purpose, increasing
the potential for abuse, much like the disclosure of millions of Facebook user
records by Cambridge Analytica.”
These challenges were never tested with a vote, though, as Asm. Cooley pulled the bill before the committee hearing ended.
What’s it all about? Changing CCPA’s definition of “deidentified” informationAuthor: Assemblymember Jacqui IrwinAuthor’s top 2018 donors: California Democratic Party ($105,143), the State Building and Construction Trades Council of California PAC ($17,600), the Professional Engineers in California Government PECG-PAC ($17,600)Author’s tech donors: Facebook ($8,800), AT&T ($8,200), Hewlett Packard ($3,700)Supported by: California Chamber of Commerce (sponsor), Internet Association, Technet, Advanced Medical Technology Association, California News Publishers Association, among othersOpposed by: ACLU of California, EFF, Campaign for a Commercial-Free Childhood, Access Humboldt, Oakland Privacy, Consumer Reports, among othersAB 873 would have narrowed the scope for what CCPA protects—“personal information”—by broadening the definition of something that CCPA currently does not protect—“deidentified” information.
According to the bill, the definition of “deidentified” information
would now include “information that does not identify, and is not reasonably linkable,
directly or indirectly, to a particular consumer.”
Privacy advocates claimed the bill had too broad a reach. In a letter, several opponents wrote that AB 873 “would allow businesses to track, profile, recognize, target, and manipulate consumers as they encountered them in both online and offline settings while entirely exempting those practices from the scope of the CCPA, as long as the information used to do so was not tied to a person’s ‘real name,’ ‘SSN’ or similar traditional identifiers.”
During the Senate committee hearing, Asm. Irwin defended her
bill by saying that CCPA’s current definition of deidentified information was “unworkable.”
She then rebuffed suggestions by the committee chair to add amendments to her
The bill failed to pass on the committee’s 3–3 vote.
What’s it all about? Exceptions to CCPA for employers that collect data from their employees and job applicantsAuthor: Assemblymember Ed ChauAuthor’s top 2018 donors: California State Council of Service Employees ($17,600), the California State Council of Laborers ($13,200) the California State Pipe Trades Council ($10,000). Author’s tech donors: Facebook ($4,400), AT&T ($3,900), Hewlett Packard ($3,200), Google ($2,500), Intuit ($2,000) Supported by: Internet Association, Technet, California Chamber of Commerce, National Payroll Reporting Consortium, among othersOpposed, unless amended, by: ACLU of California, EFF, Center for Digital Democracy, Oakland privacy, among othersAB 25, as originally written, would have removed CCPA protections for some types of data that employers collect both on their employees and their job applicants.
Hayley Tsukayama, legislative analyst for EFF, said that a
concern she and other privacy advocates had with the bill was that employers
are beginning to collect more information on their employees that more often
resemble consumer-type data.
“We are seeing a lot more of these workplace surveillance
programs pop up,” Tsukayama said over the phone, giving a hypothetical example
of a fitness tracker for employees where the data could be shared with health
insurance companies. “The ways that this collection is being introduced into
the workplace, it’s not necessary for the employer-employee relationship, and
it is more in the vain of consumer data.”
After Chau agreed to add amendments to his bill, the Senate committee
passed it. The bill, if it becomes law, will sunset in one year, giving
legislators and labor groups another opportunity to review its impact in a
it all about? Customer loyalty programs Author: Assemblymember Autumn BurkeAuthor’s top 2018 donors: State Building
and Construction Trades Council of California PAC ($17,600), SEIU California
State Council Small Contributor Committee ($17,600), IBEW Local 18 Water &
Power Defense League ($17,600), California State Council of Laborers PAC
($17,600) Author’s tech donors: Facebook ($8,800),
Technet California Political Action Committee ($8,449), Charter Communications
($7,900), AT&T and its affiliates ($7,300)Supported by: California Chamber of
Commerce, California Grocers Association, California Hotel & Lodging
Association, California Restaurant Association, Ralphs Grocery Company, Wine Institute,
among othersOpposed, unless amended, by: ACLU of California,
EFF, Common Sense Kids Action, Privacy Rights Clearinghouse, Access Humboldt AB 846 targets CCPA’s current non-discrimination clause that prohibits companies from offering incentives—like lowered prices—to customers based on their data practices.
The bill would clarify that
CCPA’s regulations are not violated when businesses offer “a different price, rate, level, or quality of goods or services to a
consumer if the offering is in connection with a consumer’s voluntary
participation in a loyalty, rewards, premium features, discount, or club card
The bill received so many changes though, that some groups were puzzled over what it allows.
“There was a point at which [AB 846] said any service that has a functionality directly related to the collection of, and use, of personal information was exempt,” Tsukayama said. “We spent a lot of time going ‘Well, what does that mean?’ We never got a satisfactory answer.”
She continued: “We were concerned that this would cover a
lot of ad tech, or invasive company programs, to collect more data.”
With additional amendments to be added, the Senate committee
passed the bill.
What’s it all about? Whether businesses
have to provide a phone number for consumer data requestsAuthor: Assemblymember Marc BermanAuthor’s top 2018 donors: California
State Council of Service Employees ($26,100), Northern California Carpenters
Regional Council SCC ($17,600), American Federation of State, County &
Municipal Employees – CA People SCC ($17,600)Author’s tech donors: Facebook ($8,800),
TechNet PAC ($6,526)Supported by: Internet Association (sponsor),
Engine, Coalition of Small & Disabled Veteran Businesses, Small Business California,
National Federation of Independent Businesses (CA), among othersOpposed by: ACLU of California, EFF,
Center for Digital Democracy, Oakland Privacy, Access Humboldt, Privacy Rights
Clearinghouse, among others CCPA allows Californians to contact the companies that
collect their data and make requests about that data, including accessing it,
changing it, and deleting it. The law states that companies must provide at
least two methods of contact, including one toll-free telephone number, for
AB 1564 would allow online-only businesses to provide their direct consumers with just one method of contact—an email address—for data requests.
Privacy advocates previously warned that the bill could make
it harder for those with limited Internet access to assert their privacy
The bill, which will be amended, passed the Senate
What comes next?
The California Senate is currently in a summer recess, scheduled to return August 12. The bills that passed the Senate Judiciary Committee—ABs 25, 846, and 1564, regarding employee data, loyalty programs, and email address contacts—will next be heard by the Senate Appropriations Committee, a separate committee of lawmakers who oversee and move forward bills that have a fiscal component.
That committee has until August 30 to move bills to the
Afterwards, either chamber of the state has until September
13 to send a bill to Governor Gavin Newsom’s desk for signature.
The post Changing California’s privacy law: A snapshot at the support and opposition appeared first on Malwarebytes Labs.
Powered by WPeMatico