During this year’s General Election, Californians are casting a vote on new data privacy legislation, Proposition 24, and choosing whether to move forward with what many are calling “CCPA 2.0” after the California Consumer Privacy Act. Proposition 24 has been more formally known as the California Privacy Rights Act (CPRA).
For a bit of recent history, the California Consumer Privacy Act (CCPA) went into effect back on January 1, 2020 and—despite the challenges created by the pandemic—the CCPA began formal enforcement on July 1, 2020. Proposition 24 is a follow-up intended to further strengthen privacy rights for California voters or, at least, that’s the claim for “more teeth”!
But the road to adopting the CCPA, a landmark privacy legislation for consumer privacy rights, has not been easy. Along the way, amendments were passed, in some cases simply to clarify terminology and ensure proper scope, but in other cases, proposals to potentially weaken the law. But why would anyone argue for weaker privacy rights?
Follow the money
The answer is usually related to potential monetization: the value of data to create new revenue, the cost of proper governance over it, and who ultimately benefits from using it for value creation.
There’s a popular saying nowadays, especially as it relates to social media that, “if you’re not paying for the product, you are the product.” And while there is some dark truth in that, it’s not that simple either. Not all organizations intend to exploit consumer data in violation of consumer rights—that wouldn’t be good for long-term reputation. But there is value in serving targeted ads and affinity marketing programs, for example, when you visit your favorite online shopping site and they seem to magically know that you needed a new broom because your web searches that day included “how to fix my broken old broom.”
This creates a tension within businesses who wish to offer new targeted products and services by understanding customer buying behavior and preferences, but also ensure that personal data on those consumers is used responsibly according to their explicit rights. There is nothing inherently wrong with having this transparency, assuming it does not extend beyond consumer rights for deemed appropriate use—the consumer needs to be in control and that’s what the CCPA endeavored to achieve and where Proposition 24 endeavors to move further.
So then—why Proposition 24? What’s new?
Data privacy is not a destination—it’s a long-term journey towards improving data privacy governance. By understanding what data is being captured on consumers, classifying it and handling it appropriately according to consumer rights, organizations can achieve the best of both worlds—improving consumer relationships, while also offering better products and services. The two go hand in hand, when personal data is used responsibly.
But do consumers believe that we’ve achieved everything we can with the CCPA? It would seem that the answer to that is no. As of late October, early-voter exit polls throughout California indicated that the new mandate will pass, signaling that consumers demand increased privacy rights, not wait-and-see approaches. It’s hard to say no to more privacy rights!
And there are compelling reasons for endorsing and approving Proposition 24 that include:
- Triples the fines for violations of children’s privacy
- Limits use of sensitive personal information
- Stops businesses from knowing your precise geolocation
- Stops businesses from profiling you
- Rights to correct your information
- Rights to have your personal information kept safe
- Rights to see all your information, not just last 12 months
- Creation of a new California Privacy Protection Agency for more rigorous enforcement
While this all sounds great on the surface, it comes at some cost to businesses as they will need to address these changes or face ever-increasing fines for negligence. Some argue that this benefits large businesses who have the resources to enforce protections, while making it impossible for small business to compete. A multi-million-dollar violation could arguably put the average mom-and-pop shop out of business!
But the arguments against Prop 24 go further: a top worry is the emergence of “pay for privacy” schemes, ones that would push the costs back to the consumer to be charged for the privilege of privacy, rather than its assumed status as a universal right. We’ve seen this before with attacks on net neutrality, arguing different service levels that disproportionally impact lower income consumers; in the case of Prop 24, those who can’t afford the “premium” or ad-free experience could receive a tiered, less privacy-assured, lesser service offering.
Too fast, too soon?
Perhaps one of the best arguments for or against Proposition 24 passing is that the dust has yet to settle on the original California Consumer Privacy Act, and now we’re asking consumers to weigh in on a ballot measure that arguably few truly understand. It’s unlikely that consumers have read the entire 53-page document (you can do that here, I’ll wait).
While the intent may be good, and certainly the exit polls paint a pretty picture that Californians value data privacy, the results may end up as a mixed bag, and just as confusing to businesses as they are barely able to now wrap their heads around the CCPA since taking effect.
And it’s not simple enough to look to political parties for answers. The well-respected Electronic Frontier Foundation took a neutral position based on various pros and cons, the California Democratic Party is also neutral, and the state Republican party is against the proposition.
Where do you stand?
As a proponent of data privacy governance best practices, Informatica can help organizations prepare for future mandates that require safer consumer data handling and efficient compliance with rights, whether California, the wider US or global requirements.
Whether Prop 24 passes and becomes yet another milestone on the path to data privacy nirvana, one thing is clear: consumers care about personal data rights. But at what price? Are you giving up the “free” services you rely upon, or can you afford a premium offering that takes your privacy more seriously and provides greater limits? Are you a skeptic who believes privacy is dead anyways and you have nothing to hide, so why pay a price?
Informatica provides tools for businesses that handle sensitive consumer data that enable an organization to accelerate data privacy compliance and improve customer loyalty by:
- Defining privacy policies using Axon Data Governance for organizational transparency
- Classifying data to understand what is sensitive and private with Enterprise Data Catalog
- Assessing and analyzing risks, and orchestrating automated remediation, such as DSAR reporting and data protection with Data Privacy Management, and
- Protecting data with Data Masking and managing consumer consent with Customer 360
By adopting and evolving a data privacy governance program, businesses can both accommodate privacy rights, while also improving customer experience, and do so with efficiency and transparency to save costs through governance best practices that apply intelligence and automation on top of existing workflows.
Are you ready for the increased demands of consumer privacy or still waiting for the dust to settle? Contact Informatica to start a conversation and accelerate your privacy compliance journey, no matter where mandates are driven in the future.