California ballot measure could become ‘America’s GDPR’
Call it privacy’s revenge. The California Consumer Privacy Act now appears likely to qualify for the ballot, with more than enough signatures to put the measure before voters in November.
After that, it would have a reasonable chance to pass absent a well-funded campaign that might scare voters into not approving the measure. Proponents present it as a vehicle for consumers to reclaim control over their personal data.
Here’s how the measure is officially summarized:
Gives consumers right to learn categories of personal information that businesses collect, sell, or disclose about them, and to whom information is sold or disclosed.
Gives consumers right to prevent businesses from selling or disclosing their personal information. Prohibits businesses from discriminating against consumers who exercise these rights. Allows consumers to sue businesses for security breaches of consumers’ data . . . Allows for enforcement by consumers, whistleblowers, or public agencies. Imposes civil penalties. Applies to online and brick-and-mortar businesses that meet specific criteria.
[F]iscal impact on state and local government: Increased costs, potentially reaching the low tens of millions of dollars annually, to state and local governments from implementing and enforcing the measure, some or all of which would be offset by increased penalty revenue or settlement proceeds authorized by the measure.
And businesses would be required to disclose the categories of information they have on users — including home addresses, employment information and characteristics such as race and gender.