ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

Weak California privacy bill is too strong - big tech claims

In June, California passed a data privacy law that mimics some of the regulations imposed in Europe by GDPR. The legislation, which is due to come into effect in 2020, is designed to give citizens more control over how firms process their personal data. What you may not know, is that Assembly Bill 375 (now known as the CCPA - California Consumer Privacy Act) was rushed into existence in order to bypass a ballot initiative (originally due to be voted on in November) that was much stricter and would have been much harder to overturn.

AB 375 is designed to permit California’s 39.5 million residents to request that firms inform them about what data is being held on file about them, for what purposes, and with whom that data is been shared. Citizens can opt out of permitting firms to sell their data to third parties. They will also be permitted to ask that (at least some of) their data be removed from companies databases. 

Despite being an already softened version of the original ballot initiative, a number of tech firms - including Facebook, Google, IBM, and Microsoft - have begun lobbying the Trump administration for a law that would overrule California. 

Already weak, but not weak enough

In its present state, the Californian legislation actually has a number of holes in it. In fact, all things considered, it is pretty hard to call it a win for digital privacy. In an exposé written by Electronic Frontier Foundation, the digital privacy authority highlighted a number of improvements required for AB 375 to accomplish a significant level of data privacy for consumers. 

Jeremy Arnold, a tech consultant, has even gone as far as to insinuate that the original ballot initiative was purposely made overly tough “by design,” in order to “leverage the passage” of AB 375 rapidly and unanimously. 

Even though it is far from perfect - and already noticeably weaker than the original CCPA ballot initiative - tech firms are fiercely protesting the new law. For tech firms, the legislation means greater liability and raised costs for insuring against hackers. And, depending on what happens when it goes into effect and is litigated on, it could also mean a loss of earnings due to people opting to be forgotten. 

If a snowball effect ensued, and other states decided to follow suit, tech firms could lose some of the power they currently leverage to use personal data to make a fortune from advertising.

Smoke and mirrors

Of course, tech firms would prefer you to believe they only have citizens’ best interests at heart. According to Dean Garfield, president of the Information Technology Industry Council (a leading tech industry lobbying group), big tech only wants to help:

“We are committed to being part of the process and a constructive part of the process. The best way is to work toward developing our own blueprint.”

While it doesn’t seem completely unfair for the tech industry to have some say over the development of new data privacy laws, it is also important to remember that firms like Facebook are always going to be at odds with the wishes of sane privacy-conscious individuals. After all, its sole revenue stream is centered around the vampiric act of taking as much personal data as it can.

Cross-state problems?

Since May, when GDPR came into effect in the EU, many US firms - including a broad selection of news websites - have decided to stop providing their services in Europe. This is because the cost of complying with GDPR - by setting up servers within Europe to handle data generated by European website visitors - isn’t cost effective.

This is a bad omen for AB 375. Having to deal with California’s new rules would mean an overhaul of how data is handled by tech firms - but only in California. In the rest of the country, it would remain financially beneficial not to roll-out the changes. Thus, even without the possibility of a snowball effect, California’s legislation stands to create costly cross-state-border issues. 

Joel Kaplan, Facebook’s top lobbyist, has already warned the Information Technology Industry Council that a patchwork of legislation across the country would be a "regulatory headache." What he actually means is that it would be expensive, difficult to enact, and stifling to current business practices. Admittedly, the outcome could also be a nuisance for consumers who might find certain services pulled from under their feet.

Softer Federal law

Sadly, the economics, politics, and logistics involved in providing different privacy rights across America is unlikely to be something the US government is enamored with. And with a Republican president and Republican-controlled Congress, big tech has a much better chance to write its own rules now then it will likely get for quite some time in the future. Thus, it seems likely the US will see an even weaker Federal privacy law coming in very soon, perhaps even before AB 375 is due to come into effect. 

Even if AB 375 does come into effect in 2020, it is generally accepted that stakeholders will have substantially watered it down. This is concerning because even as it stands now, Californian consumers will not get the opportunity to substantially limit data collection or use  (other than the right to opt out of the sale of data to third parties or to have it deleted after it has already been acquired). And remember, restricting the sale of data does not limit how it can be disseminated for no profit at all.

What’s more, because firms already currently disclose what data they plan to collect within their privacy policies (in order to stop the Federal Trade Commission coming after them under the Agency’s deceptiveness authority), it seems unlikely that AB 375 will substantially change how firms currently behave. 

Tech firms have no reason to suddenly become moral, which means that it is going to fall on government regulations to stop the likes of Google and Facebook commodifying consumers’ every thought and action. Sadly, AB 375’s rushed passage through California’s legislature demonstrates that government and consumer wishes are still completely at odds. 

Opinions are the writer's own.

Title image credit: quka/

Image credits: TierneyMJ/, igorstevanovic/, Marco Rosales/, Orhan Cam/

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. 

1 Comment

John Wayne
on October 12, 2018
Very insightful article, will show this to my sons.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service