Silicon Valley is terrified of California’s privacy law. Good.
Silicon Valley is terrified.
In a little over three months, California will see the widest-sweeping state-wide changes to its privacy law in years. California's Consumer Privacy Act (CCPA) kicks in on January 1 and rolls out sweeping new privacy benefits to the state's 40 million residents - and every tech company in Silicon Valley.
California's law is similar to Europe's GDPR. It grants state consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.
For California residents, these are extremely powerful provisions that allow consumers access to their own information from companies that collect an increasingly alarming amount of data on their users. Look no further than Cambridge Analytica, which saw Facebook profile page data weaponized and used against millions to try to sway an election. And given some of the heavy fines levied in recent months under GDPR, tech companies will have to brace for more fines when the enforcement provision kicks in six months later.
No wonder the law has Silicon Valley shaking in its boots. It absolutely should.
It's no surprise that some of the largest tech companies in the U.S. - most of which are located in California - lobbied to weaken the CCPA's provisions. These companies don't want to be on the hook for having to deal with what they see as burdensome requests enshrined in the state's new law any more than they currently are for Europeans with GDPR.
Despite the extensive lobbying, California's legislature passed the bill with minor amendments, much to the chagrin of tech companies in the state.
"Don't let this post-Cambridge Analytica 'mea culpa' fool you into believing these companies have consumers' best interests in mind," wrote the ACLU's Neema Singh Guliani last year, shortly after the bill was signed into law. "This seeming willingness to subject themselves to federal regulation is, in fact, an effort to enlist the Trump administration and Congress in companies' efforts to weaken state-level consumer privacy protections," she wrote.
Since the law passed, tech giants have pulled out their last card: pushing for an overarching federal bill.
In doing so, the companies would be able to control their messaging through their extensive lobbying efforts, allowing them to push for a weaker statute that would nullify some of the provisions in California's new privacy law. In doing so, companies wouldn't have to spend a ton on more resources to ensure their compliance with a variety of statutes in multiple states.
Just this month, a group of 51 chief executives - including Amazon's Jeff Bezos, IBM's Ginni Rometty and SAP's Bill McDermott - signed an open letter to senior lawmakers asking for a federal privacy bill, arguing that consumers aren't clever enough to "understand rules that may change depending upon the state in which they reside."
Then, the Internet Association, which counts Dropbox, Facebook, Reddit, Snap, Uber (and just today ZipRecruiter) as members, also pushed for a federal privacy law. "The time to act is now," said the industry group. If the group gets its wish before the end of the year, the California privacy law could be sunk before it kicks in.
And TechNet, a "national, bipartisan network of technology CEOs and senior executives," also demanded a federal privacy law, claiming - and without providing evidence - that any privacy law should ensure "businesses can comply with the law while continuing to innovate." Its members include major venture capital firms, including Kleiner Perkins and JC2 Ventures, as well as other big tech giants like Apple, Google, Microsoft, Oracle and Verizon (which owns TechCrunch).
You know there's something fishy going on when tech giants and telcos team up. But it's not fooling anyone.
"It's no accident that the tech industry launched this campaign right after the California legislature rejected their attempts to undermine the California Consumer Privacy Act," Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California, told TechCrunch.
"Instead of pushing for federal legislation that wipes away state privacy law, technology companies should ensure that Californians can fully exercise their privacy rights under the CCPA on January 1, 2020, as the law requires," he said.
There's little lawmakers in Congress can do in three months before the CCPA deadline, but it won't stop tech giants from trying.
Californians might not have the CCPA for long if Silicon Valley tech giants and their lobbyists get their way, but rest easy knowing the consumer won - for once.