In a prior blog we discussed at a high level how Prop 24 builds upon and extends California’s existing privacy law (the California Consumer Privacy Act or CCPA). In this blog we will talk in a bit more detail on how Prop 24 — formally known as the California Privacy Rights Act or CPRA — adds even more privacy rights compared to the CCPA. Specifically, we are going to give you our “Top 20” list of the privacy “benefits” that California residents will get with the CPRA that they don’t have with the CCPA. Most people give you a Top 10 list, but Prop 24 has so many benefits we feel compelled to give you a Top 20!
We think reading this blog post will make obvious that Prop 24 greatly enhances privacy rights compared to current California law, and that the Prop 24 Opposition’s arguments that Prop 24 somehow weakens our privacy, is frankly, just plain silly when you look at all the privacy benefits listed below. But if you don’t have time to read this blog post for a few minutes, check out this quick 1-minute video where we discuss how in fact Prop 24 strengthens California privacy.
Top 20 Benefits of Prop 24 that are not in the CCPA
- Purpose limitation — this means businesses can only use your personal info for stated purpose. Which means if they collect your cell phone number for the purpose of providing advanced security in the form of two-factor authentication, they can’t turn around and use your phone number for another purpose such as sending you SMS texts with product offers.
- Storage limitation — this means businesses can only keep your personal info as long as business has said it will. So this will help prevent businesses from collecting and storing more information from you than necessary.
- Data Minimization — this means businesses can’t collect more info than necessary and required.
- Chain of custody — this means onward transferees of your personal data must offer the same level of protection of your data that the business that originally collected is on the hook for.
- Requirement for reasonable & appropriate security for businesses to protect personal info. This means there is an “accountability” provision in the law that will raise the bar on how businesses that collect your personal information in turn must secure your data.
- Deletion expansion — this means businesses must be able to tell businesses they’ve sold personal info to, or shared it with, to delete info when a deletion request is received.
- Right of Correction — believe it or not, current California does not give you the right to correct any personal data they have on you. The current law’s inability to correct data could impact your ability to get a loan or a job etc. So, this may seem like a small benefit, but could have significant impact to let you fix “bad data.”
- Triples fines for violations involving children’s information. This will make businesses think twice if they are properly handling kids’ online privacy.
- Sensitive Personal Info — this is a huge privacy right as it provides Californians the right to stop the use of their most sensitive data. Sensitive personal information includes race, precise geolocation, religion, union membership, genetics, biometrics, sexual orientation, contents of communications, etc. Can dramatically reduce potential discrimination etc.
- Right to see ‘all’ personal info, not just last 12 months. The current law only lets you see the personal data that a business has on you going back just 12 months, this lets you see it all (i.e. not just within the last year).
- Precise geolocation — no tracking within ~250 acres. Another major privacy feature that stops businesses from precisely geotracking you, e.g. if you were at a rally or at a medical clinic.
- Profiling — this is the right to object to automated decision-making, and to learn meaningful information about the logic involved.
- Removing 30 day right to cure violation (ends “two strikes you’re out”). This makes businesses take privacy violations more seriously.
- Right to opt out of cross-context behavioral advertising — this fixes major a CCPA weakness. What this means is that it limits the ability for businesses to “retarget” you with digital ads based on your internet behavior and activity by giving us consumers further control over the use of our personal data.
- Data protection agency with guaranteed funding. This is also a big new benefit. It creates an agency that is 2x+ bigger than current enforcement by the California Attorney General (AG) to solely focus on protecting your and your fellow Californians privacy. Prop 24 removes exclusive enforcement by AG (i.e. allows 58 county and 4 largest city DA’s to enforce the law via Business & Professions Code Sec. 17200) but allows the AG the ability to intervene and take over a case.
- Annual cybersecurity audits required of businesses whose data processing poses a high risk to consumer privacy and security. Again, this enforces more accountability with businesses who collect and sell your personal data.
- Annual risk assessments required of businesses whose data processing poses a high risk to consumer privacy and security. Again, enforces more accountability.
- Chief Privacy Auditor as part of the dedicated privacy agency to audit businesses for compliance.
- Consumer Privacy Fund from industry fines, annual interest goes to general fund, that can fund additional consumer privacy protection.
- Prevents law being weakened in the Legislature, but any amendments in furtherance of consumer privacy allowed by simple majority of the Legislature.
Wow, that’s a lot of net benefits to us Californians over the current privacy law we have! To be candid, just having a handful of these would be a great step forward, but cumulatively these 20 benefits are a major leap forward privacy-wise.
So, as you can see Prop 24 significantly strengthens our privacy rights, and we kindly ask you to Vote Yes on Privacy and Vote Yes on Prop 24!