With the new California Consumer Privacy Act (CCPA) ready to go into effect in January 2020, tech lobbyists are working closely with various tech industry trade associations and business groups to weaken the effectiveness of this sweeping new state privacy law by introducing new amendments and changes. According to the new CCPA, California citizens can request a list of all personal information that businesses collect them, demand that it be deleted, or opt out of having it sold to third parties. The proposed amendments would weaken each of these rights articulated in the California law.
The goal of the tech lobbyists is simple: ensure that big Silicon Valley tech giants like Facebook, Google and Apple are exempt from many of the most onerous data collection and data sharing portions of the CCPA. If these new amendments and changes are signed into law, it could significantly limit the ability of the new CCPA to bring about a fundamentally new approach to data privacy and the use of personal data. That’s one big reason why privacy advocates like the Electronic Frontier Foundation are ringing the alarm bell, requesting key players like California Attorney General Xavier Becerra to take a closer look at some of the political shenanigans currently taking place in state capital Sacramento.
The rush by tech lobbyists to amend the CCPA
To be sure, the California Consumer Privacy Act (CCPA) is not a perfect piece of legislation. In fact, it was rushed into existence at the very end of 2018 in order to supersede a November 2018 ballot initiative from wealthy Bay Area real estate investor Alastair Mactaggart. In a hastily agreed political truce, it was agreed that privacy advocates would pull the ballot initiative as long as a corresponding piece of legislation was signed before the upcoming election. This was pure politics: while ballot initiatives can not be revised or amended, legislation can.
And that’s where we are today: the tech industry was essentially granted a short-term reprieve at the end of 2018 by agreeing to the legislation, knowing full well that Silicon Valley tech giants (and their very expensively paid tech lobbyists, including the California Chamber of Commerce) would have nearly a year to chip away at the legislation before it went into effect in 2020. Using very clever legalese, the plan is to introduce tiny loopholes that can then be significantly widened and expanded over time.
Take, for example, one proposed amendment that would exempt any tech company that uses a contractual online bidding system for ads for having to follow all the burdensome rules about not sharing data with third parties. This is exactly the system that Facebook and Google use to sell ads, so it’s clear that the real purpose of the legislation has nothing at all to do with “business contracts” or “bidding systems” – and everything to do with making sure that the full brunt of the CCPA does not fall on two of the tech companies at the forefront of Internet advertising.
Or, for example, consider another amendment that would carve out a special exemption for loyalty card programs. According to the CCPA, companies can’t charge higher prices or offer different services to people who opt out of data sharing agreements. In one interpretation of the CCPA, this would mean that companies can’t offer discounts and preferential deals to shoppers who share all the data about their purchase decisions with them via store loyalty cards.
Granted, some of the amendments and changes being proposed by tech lobbyists to give consumers greater control of their data appear to be frivolous. One amendment, for example, would enable companies to offer an email address as the chief point of contact for data requests rather than a toll-free phone number. Some feel, however, that this might unnecessarily discriminate against people who do not have a computer and who do not use the Internet – instead of being able to call a 1-800 number to get changes made, they would need to find a way to send an email request instead.
The important thing to keep in mind, though, is that every single amendment that has been floated thus far – with just a single exception – have sought to weaken the CCPA, not strengthen it. The one amendment that was originally designed to beef up the CCPA was summarily pulled after tech lobbyists warned that it would never, ever get enough votes to pass the California legislature. And any new change enabling consumers to sue tech giants will surely face a lot of pressure.
Plausible deniability for tech firms
Another important point is that the big tech firms are letting the tech lobbyists and trade associations do all the heavy lifting here. They are staying out of the spotlight, thereby giving themselves plausible deniability. For example, you don’t see Mark Zuckerberg marching on the state capitol, demanding that California lawmakers change the rules to benefit his company Facebook. And you don’t see Google employees marching in the streets with giant banners or placards, demanding a change to the horrible injustices being done to them.
No, of course not. Instead, what you see are impressive sounding trade groups representing the Internet industry arguing that the new CCPA law is too confusing, too vague and too onerous. They warn that the new law is “unworkable” and will result in many tech firms going belly up if they are forced to spend millions of dollars implementing all the new changes. They hint that Internet companies – a key component of California’s economy – might decide to look elsewhere for a home if legislators make the cost of doing business in California too high.
Getting the CCPA ready for launch
Thus far, California Attorney General Xavier Becerra has held firm, saying that the big Internet giants “are no longer infants” that they do not need to be held and coddled. Twenty years ago, that might have been the case. But today, the biggest Silicon Valley giants are among the most valuable companies in the world, cranking out billions of dollars of revenue every quarter.
The goal of privacy advocates right now is to limit the damage. They are demanding that politicians hold tech companies accountable, and not succumb to the power of the tech lobbyists. They are warning that the new landmark privacy bill is in peril. Moreover, they point out that the same political shenanigans are going on in Washington, DC as well, where tech lobbyists are working overtime to crank out a new federal privacy law that would be much more lenient and watered down than any state privacy laws. Let’s hope that their message gets heard in time for January 2020 so that California gets robust CCPA regulation that is just as strong as the European General Data Protection Regulation.