Google Wants to Make California’s New Privacy Law Useless

Published on September 5, 2019

Aside from the fact that Google is already in enough legal trouble regarding its privacy practices, announcing its agreement on Wednesday to pay the FTC a record $170 million for child privacy violations on YouTube and video-sharing platform, the company along with industry allies now want to weaken the first major data-privacy law in the U.S.

You’re kidding right?

On Wednesday afternoon, Google and lobbyists are making a late bid to weaken California’s Consumer Privacy Act, or CCPA, which was the first major data-privacy law in the U.S., passed in August 2018. For those against this move, lobbyists have until September 10 to get these new proposals into a bill.

The California Consumer Privacy Act

Under the California Consumer Privacy Act (CCPA), if a business collects any type of personal information, that information should be disclosed in a clear privacy policy available on the website of the business.

Upon a consumer’s desire to know what data is being collected, the company is required to provide such information including, but not limited to the categories of personal information collected, specific data collected about the individual, methods used to collect the data, the business purpose for collecting the information, and third parties to which personal information may be shared.

Currently, the CCPA prohibits the sale or distribution of user data if the user has opted out, with limited exceptions.

A Silly Lobbyist’s Attempt to Weaken California Privacy

Now, we can all agree that the CCPA is not perfect. From the day it was passed, voices on both sides of the privacy debate have agreed that the act needed some fine-tuning.

In an interview with WIRED Magazine, Mary Stone Ross, who helped draft the initiative while she was president of Californians for Consumer Privacy, described the subsequent attempts to erode the CCPA as “painful” to watch. “We forced the hand of the legislature, but not it’s shifted back again,” she told Wired.

Upon its passing, some considered the CCPA to be a “GDPR-like” structure for the U.S. In its current form, businesses will be required to comply with any and all provisions of the CCPA by January 1, 2020.

A lobbyist for Google recently distributed proposed new language to state lawmakers that would essentially amend the CCPA. The law currently limits how Google and other companies collect and make money off user data online. The lobbyist is pushing for the continuation of collecting user data for targeted advertising, and in some cases, the right to do so even if users opt out, according to documents obtained by Bloomberg and those familiar with the negotiations.

In attempts at identifying the lobbyist for clarification, Grit Daily was also told that the lobbyist requested to not be identified and to keep the name confidential. Absolute silliness.

As it stands, its unclear whether the language circulating around the state Capitol was drafted by Google. Industry groups such as the California Chamber of Commerce and the Internet Association often help write legislation and have been the face of the industry during two years of debate over the CCPA.

According to Bloomberg, the new proposal is also trying to loosen and widen the definition of “business purpose” outlined and defined in the privacy law. Currently, the term as defined in the act allows a list of specific activities, including auditing and security of data. The proposed language would be amended from “business purposes are” to “business purposes include,” before the list of approved activities.

Why This Move Here Is Extremely Questionable

For obvious reasons, many believe this is a personal strike to consumer privacy and an absolute destruction to the entire purpose of the CCPA.

According to Senator Hannah-Beth Jackson (D-Santa Barbara), the CCPA’s entire purpose would be compromised by such a move. “This is a jailbreak,” the Senator stated. “This blows up the entire purpose of the CCPA, which is for people to know when their information is being used and to give them the right to opt out.”

However, a spokesman for Alphabet Inc.’s Google said the company has “long supported privacy legislation that protects consumers’ data and encourages innovation.”

Yet, that doesn’t seem to hold up here, when the very words coming from this proposed legislation is that the CCPA needs to be weakened.

“The CCPA will impose new obligations on thousands of small and large businesses, and it is critical that its requirements are clearly defined,” Alphabet Inc.’s spokesman added in a statement. “We are encouraged that California legislators have been considering clarifications to the law in recent months.”

One must wonder that after horrendous breaches like Capital One, Facebook, and Equifax, why in the world anyone would want to weaken such legislation. The very purpose of the CCPA is to clearly define requirements upon both small and large businesses. This seems like another example where our lawmakers truly don’t understand the nature of today’s digital age.

One of the proposals shared by the lobbyist, who distributed the newly-revised language, would allow Google and others use data collected from websites for their own analysis, and then share it with other companies that may find it useful.

Okay, stop here. Absolutely not. We are talking about strict clarification—this is anything but strictly defined. Rather, this is a wild-west of deciding what to do with consumer information. Apologies, but if the lobbyist is reading this, you should be ashamed of yourself for ever having let those words come out of your mouth.

The Google representative has yet to find a lawmaker to sponsor the amendments, according to those familiar with negotiations. And rightly so. To be eligible for lawmakers to vote on it before they adjourn for the year beginning September 13, the proposal must be in a bill by September 10.

What Happens if the Proposal Fails?

Since California’s new privacy law will essentially operate as the benchmark other states will use for their own data-privacy regulations, the CCPA could also act as a template for future federal law. In Congress, lawmakers are already discussing new language that would supersede the CCPA, creating nationwide legislation for privacy—like the EU’s GDPR law.

However, if Google and other internet companies fail to change the CCPA, as lobbyists are attempting to do now, it’s very likely the industry will continue to push for exceptions on behalf of technology giants, or at least push for a more-favorable federal law.

Andrew "Drew" Rossow is a former contract editor at Grit Daily.

Read more

More GD News