As Europe's sweeping new privacy law went into effect on Friday, California voters may get to decide on strict privacy laws for their state.
An initiative likely headed for November's ballot in California would be one of the broadest online privacy regulations in the U.S. and could impact standards throughout the country.
One of the initiative's biggest backers is Alastair Mactaggart, a San Francisco real estate developer. Mactaggart has put more than $2 million of his own money into getting the California Consumer Privacy Act of 2018 on the ballot. The initiative hasn't been officially certified by the state, but it has gotten more than 600,000 signatures, nearly twice what it needs to qualify.
Mactaggart recalls the moment about four years ago that turned him into a privacy advocate. He asked a Google engineer at a cocktail party whether he should be worried about his privacy. "He said, 'Oh if you just knew how much we knew about you, you'd be really worried,' " recalls Mactaggart.
Mactaggart says he and a small group of his neighbors consulted with academics, lawyers and technologists to write a bill they hope will curb privacy abuses. "What people are concerned about is misuse of their data," Mactaggart says, "and so we give people the right to say, 'Stop selling my information.' "
If voters approve the measure, businesses will be required to have a "clear and conspicuous link" on their website's homepage titled "Do Not Sell My Personal Information." The link would take users to a page where they can opt out of having their data sold or shared.
Mactaggart says the proposed law would not prevent Facebook, Google or a local newspaper from collecting users' data and using it to target ads to them. But users will have a right to stop companies from sharing or selling their data. And businesses would be required to disclose the categories of information they have on users — including home addresses, employment information and characteristics such as race and gender.
The measure has the backing of consumer advocacy groups, such as Consumers Union. Justin Brookman, Consumers Union's director of privacy and technology policy, says Europe's new law is stricter. "This ballot initiative is actually pretty modest," he says. "In some ways, I wish it would go further."
Still, if the California act passes, it will be one of the broadest privacy laws in the U.S. because it will affect anyone who goes on the Internet in California. And because California is the fifth-largest economy in the world, Brookman predicts many companies will implement the same standards nationally.
"Most companies aren't going to try to configure their systems to guess when an IP address is based in California," he says. "They'll say, 'You know what, this isn't that hard to do. We're just going to do it for the entire country.' "
But opponents of the measure say it will be hard to implement, and opposition has been fierce in a state that is home to Silicon Valley, where many tech companies are based.
"Every industry sector [that] has looked at this initiative considers it a very serious threat to the ability to do business in California," says Robert Callahan, vice president of state government affairs for the Internet Association. The group represents major tech companies, including Google, Facebook and Netflix.
Callahan says the measure would impose harsh financial penalties on companies that violate it, even if they make a small mistake. "Whether or not any harm or damages are received, the companies are strictly liable [for] thousands of dollars per violation," he says.