SACRAMENTO — Retail, tech and other business trade groups unleashed sharp criticism at a privacy ballot initiative today for the first time, warning of new costs for businesses trying to weather the pandemic-induced recession.
“The small business community cannot afford additional costs or confusion as the state begins to reopen our fragile economy," John Kabateck, of the National Federation of Independent Business, told the Assembly Privacy and Consumer Protection Committee.
The initiative targeted for the November ballot would rewrite California's landmark Consumer Privacy Act, adding protections for sensitive personal data such as precise geolocation. It would also give Californians the right to correct inaccurate information about them, create a regulatory body to enforce the law and require any legislative changes to further the law's privacy-protective intent.
Without the legislative safeguard, said its main proponent, Alastair Mactaggart, a future Legislature "could change all of it, they could just strip it out and put it out of existence.”
But groups that have yet to take an official position on the initiative — including the Internet Association, TechNet, the California Chamber of Commerce, the California Retailers Association and the Computing Technology Industry Association — raised serious concerns Friday.
Some argued that the restriction on future laws would sideline the Legislature's ability to shape policy on the rapidly evolving issue. Others questioned the timing of the initiative, noting that final regulations for the California Consumer Privacy Act have yet to take effect.
A sweeping rewrite, they said, would require companies that just overhauled their systems and procedures to do so once again, adding costs and uncertainty.
Mactaggart, a Bay Area developer behind the original Privacy Act, has spent millions of his personal funds to qualify the new initiative. This week, he took Secretary of State Alex Padilla to court in an attempt to move up counties' signature verification deadline by one day to align with the June 25 ballot qualification deadline. The filing argues that Padilla failed to "immediately" start the clock for the counties, as required by law, putting the initiative's qualification at risk.
Consumer privacy advocates also weighed in at the hearing, giving the initiative mixed reviews.
Maureen Mahoney from Consumer Reports said some aspects of the proposal would strengthen privacy protections for consumers, such as removing a 30-day period for companies to address alleged violations and creating a new regulatory body. She also applauded the initiative's prohibition on future legislative changes that could weaken the law.
But the advocates also highlighted provisions they said could render the law less effective. Ariel Fox Johnson from Common Sense Media pointed to its broader definition of "publicly available" information, which is exempt from the law. Johnson also said she did not see additional protections for children in the initiative beyond an increase in penalties for violations.
“We worry that a lot of information inadvertently shared online by consumers could receive no protection, for example, enabling Clearview-style scraping and profile-building if a consumer has not set their settings correctly," Johnson said, referring to Clearview AI, a new company that launched a facial recognition tool for law enforcement with a massive database of images scraped from the internet.
Mactaggart said he broadened the definition of "publicly available" at the recommendation of constitutional law professors.
"I have zero interest in making this law weaker. Zero," he told lawmakers. "I do, however, have an interest in making sure it survives the test of time. And when I have four constitutional law professors telling me to do something, I think I’m going to listen to them."