What is California’s role in protecting privacy in a data-driven world? Here are some ideas

Note to readers: Each week through November 2019, a selection of our 101 California Influencers answers a question that is critical to California’s future. Topics include education, healthcare, environment, housing and economic growth.

Get weekly updates on the issues that matter to you: Sign up for the California Influencers newsletter here.

California Influencers this week answered the following question: How can California most effectively protect the privacy rights and personal data of our people? Below are the Influencers’ answers in their entirety.

This is California’s role in a data driven world

Monique Limon - California State Assemblywoman (D-Goleta)

As consumers play an active role in managing their personal information, the best way to protect privacy is by asking consumers how they would like their information used.

The California Consumer Privacy Act will provide consumers the right to know what personal information is collected by businesses, for what purpose, and how to request the information be deleted. The state must work with the business sector to integrate data protections into their business practices. Protecting personal data is advantageous to both consumers and businesses.

Consumers must maintain the right to choose how and under what circumstances they want their information shared. This is an issue I grappled with as Chair of the Assembly Banking and Finance Committee. For example, many consumers opt into sharing their location with their bank. This is a feature banks use to verify purchases and flag inconsistencies – all for our protection. A privacy system must give consumers the option to opt in or out of services.

In order for the State to guarantee a robust privacy law, policymakers must continue to re-evaluate policies and practices to keep up with the ever-changing world we live in, while protecting consumer data.

Read Next

Consumer control and strong incentives are key to protecting privacy

Jesse Gabriel - California State Assemblyman (D-Los Angeles)

Rapid technological innovation presents both opportunities and challenges with respect to privacy and data security. In this environment, we should provide consumers with both a clear understanding of when their personal data is being accessed and clear control over how such information can be used. Regulators also must provide strong mandates, incentives, and remedies that will encourage companies to protect privacy and data security as they develop new products. With smart, technology-savvy public policy we can both facilitate innovation and meaningfully protect consumer privacy.

Here’s a no-nonsense data privacy law

Tom Campbell - Professor of Law and Economics at Chapman University

California should adopt this law: “No person, company, union, or other entity may disclose to another outside that entity information specific to an individual located or resident in California obtained from monitoring that individual’s purchases or electronic communications without the individual’s explicit, prior approval which shall be deemed to expire one year after such approval has been given. All entities requesting such prior approval must provide an alternative to any individual choosing not to grant permission, allowing as much of the service as is reasonable, commercially and technologically. Violation of this section shall be punished by a fine of $1000 per individual whose information was disclosed, per party to whom disclosure was made.”

The gathering of information collectivized for marketing or demographic statistical purposes, including “big data” collection at grocery and department stores, would be allowed to continue, since it is not identified to an individual. If a data collector gives a user a box to check, and an individual chooses not to check it, the user has to be given some reasonable alternative to simply being denied. That would prevent coercing permission by threat of no access to the service.

“It’s time we lead the way in privacy and data protection”

Steve Westly - Founder and Managing Partner of The Westly Group

California is the global leader in innovation. It’s time we lead the way in privacy and data protection by taking steps to protect consumers in four key areas:

  1. First, the California legislature should expand the California Consumer Privacy Act (CCPA) so that individual people (not just the Attorney General) can bring suit when their privacy rights are violated. An amendment to the CCPA was proposed this year that would do this. The legislature should reintroduce this and pass it next year.

  2. Second, the California Attorney General should start a unit specifically focused on enforcing data privacy laws, including the CCPA. The AG’s office should be fully funded to take on this task.

  3. Third, the legislature should pass new legislation to require companies to publicize their websites’ or apps’ privacy policies in clear and accessible terms—as required by Europe’s General Data Protection Regulations (GDPR).

  4. Finally, we should begin thinking ahead: data privacy is not just about Americans who have smart phones and laptops—we need to set policies for the Internet of Things, including home devices, too.

California companies lead the world in technology. We should expect no less from our elected officials.

Eliminate the technology education divide

John Chiang - Former California State Treasurer

A vibrant, healthy democracy requires an educated and invigorated citizenry. By eliminating the technology education divide that has left countless Californians behind and exacerbated our economic, social and political inequality, we can build a more inclusive future of shared prosperity. Once empowered with knowledge and understanding, Californians from all communities can more effectively and timely advocate to protect their rights.

The California Consumer Privacy Act of 2018 is a watershed in domestic privacy legislation. A first of its kind in this nation, the law, however, was enacted long after multiple high profile data breaches and cyber security crimes. With the implementation of CCPA and rapid technological innovation transforming our lives and world, an enlightened populace is needed to better anticipate and address the questions to come.

“A recently-passed law will make doing business in the Golden State more difficult and expensive”

Carl Guardino - President and CEO of the Silicon Valley Leadership Group

California’s economy is fueled by companies that build cutting-edge technology and offer innovative customer services. Unfortunately, a recently-passed law will make doing business in the Golden State more difficult and expensive.

The California Consumer Privacy Act (CCPA) was passed last year and was intended to create new rules for businesses that would increase protection of consumers’ personal data. Unfortunately, the law is overly-burdensome without significantly improving privacy. Important aspects of the CCPA, including definitions for “personal data” and “deidentified information,” are vague and unclear. Companies trying to comply with the law aren’t given proper guidance from state lawmakers. Under these circumstances, dollars that would have gone to research and innovative consumer products will soon be spent on lawyers who try to interpret the CCPA, or challenge its vagueness in court.

The CCPA also reduces companies’ ability to use information that is publicly-available. Data contained in state public records should be considered in the public domain, and can be vital to continued research in many different industries, whether they be health, education, or manufacturing.

Businesses have a responsibility to respect consumers’ privacy and be good stewards of their personal data. Let’s work towards a law that better protects that privacy, without denying organizations the opportunity to use data for legitimate businesses purposes.

The Republic of California strikes again

Catherine Lew - Co-Founder and Principal Consultant of The Lew Edwards Group

What a week! I’m so proud to be a Californian. The frenzied end of this legislative session saw Election Day Voter Registration, Gig Worker Protection, and State Rent Control passed by the Legislature and forwarded to Governor Newsom for signature. But one of the most significant events was what DIDN’T happen. Signed last year by former Governor Brown, the California Consumer Privacy Act (CPPA)–the country’s first-ever consumer data privacy law—survived an expensive 11th hour attempt to significantly water down its protections from corporate lobbyists who want to continue to use your private data without fully protecting you. They even hid their intentions under misleading ads like its “Keep the Internet Free” campaign. Don’t be fooled! If you’re one of the millions whose records were breached on Facebook, Equifax or other sites, there’s a lot to love about the new California law taking effect January 1st. Its protections give YOU – the consumer – the right to be informed on how your personal information will be used – and to stop businesses from selling your information. But having been beaten back in California, corporate tech is now planning to take the fight to erode these protections directly to Congress. #StayTheCourse #CaliforniaLeadsTheWay #ProtectConsumers

“It is critical that policy makers strike the right balance”

Jennifer Barrera - Executive Vice President of the California Chamber of Commerce

It is critical that policy makers strike the right balance between privacy protections and preserving the benefits that useful data services provide to consumers. Some of those benefits include loyalty programs like frequent flyer miles and retailer purchase discounts, identity theft protection tools, and the ability to qualify for major purchases like a home or car based on available data. As the technology leader of the world, California is uniquely positioned to lead on this issue. We need policies that work for consumers and businesses and continue to offer the benefits we have come to expect.

Sharing personal data should be an informed choice

Debbie Mesloh - President of the San Francisco Commission on the Status of Women

Personal privacy is at the heart of who we are as citizens. It defines our relationship with our government and our fellow citizens.

However, sharing our individual data should be a choice – one that should be informed by what happens when we voluntarily it with others.

It is entirely reasonable to share our personal information in exchange for value such as distributing photos on Instagram or the convenience of online shopping. Likewise, it is reasonable for those providing such services to earn a profit.

However, those with whom the data is shared should have a duty first to explain what they will do with our personal data as well as a heightened duty to protect and safeguard that data.

Full implementation of the California Consumer Privacy Act, which is due to go into effect in 2020, is an important step for the state to take. This legislation will force companies to reveal what data they collect and giving users the right to delete that data and prevent its sale.

In addition, companies should face meaningful liability to their customers when there is a data breach. That threat of liability will incentivize companies to invest in and prioritize protecting our data from intrusion and misuse.

“Data privacy and ethics go hand in hand”

Luisa Blanco Raynal - Associate Professor of Pepperdine University’s School of Public Policy

Who owns your data? Is a question it has been around for a long time, and its importance has risen in the last two decades due to new technological developments. Some define ownership of data based on how it was created and who created it. Data is usually created in a platform (either developed by the government or the private sector) and by an individual. Thus, determining property rights between these two entities is not straight forward, and has become a debated issue. Data privacy and ethics go hand in hand, where it is necessary to ensure that data is collected and stored securely (privacy), and at the same time, data is used in a way that protects the rights of individuals (ethics). Consumers should take responsibility for the privacy of their data, where they should be critical about the platforms they use. Individuals should get better information about how they can protect their data, where in some instances the individual can take an active role (like sharing data in Facebook), while in others there is not much the individual can do to avoid privacy issues (like providing personal information to the DMV). Therefore, private and public institutions should not only abide by the law, but also by ethical standards when it comes to data management.

“We should simply start with a constitutional framework”

Chad Peace - Founder and President of IVC Media LLC

New technology has made privacy and its protection a more complex issue than ever. Instead of trying to legislate every way our personal data is implicated, we should simply start with a constitutional framework that gives individuals a meaningful opportunity to protect their privacy. This should include a legal presumption that personally identifying information is confidential as well as a presumption that the unauthorized or unreasonable disclosure of personally identifying information causes harm that can be measured in economic damages. This would give individuals a meaningful opportunity to protect their personal information by providing a reasonable expectation of privacy as well as a remedy when the standard is not met. Dealing with the complex nuances of privacy protection could then be accomplished over time through the legislature and courtrooms on a more particularized basis.

It’s our data. Thus, our revenue

Manuel Pastor - Director of USC’s Program for Environmental and Regional Equity and Center for the Study of Immigrant Integration

California does need to protect privacy but we also need to recognize – and monetize – the collective value of the personal data we provide. Our use of Google, Facebook, Instagram, and so many other social media platforms gives those companies a wealth of information that they sell to other companies seeking to understand their markets. And while your individual (hopefully, anonymized) profile may be not be that valuable – selling just to you is not every company’s goal – your data combined with everyone else’s data is a gold mine.

Or maybe an oil field. Chris Benner of UC Santa Cruz recently proposed a tech dividend to spread the financial wealth generated by the technology boom in California. The idea is to create something similar to the Alaska Permanent Fund Dividend Fund where Alaska gives its residents a portion of the revenue generated from its mines, oil, and gas reserves. Part of the tech dividend would come from companies finally paying for free-riding on public investments in the fundamental research that undergirds their products – and part of it would come from capturing some of the value generated by platforms. So the real question is: if our data is our property and worth something when coupled with everyone else’s data, why aren’t we in on the profits?

Dan Schnur, a veteran analyst and longtime participant in California politics, is director of the California Influencers series for McClatchy.
Related stories from San Luis Obispo Tribune