A proposed bill will allow consumers to wipe their online data in one action. This sounds like a great idea since most people know that while their data is out in cyberspace, it also leaves them vulnerable. So why is The Delete Act, SB 362 by Sen. Josh Becker (D-San Mateo), moving through the Legislature along party lines, and unusually quickly? Why are Democrats in support of this bill while Republicans are not?
It appears Venture capitalist Tom Kemp, a Silicon Valley investor who sponsored the bill, stands to directly profit from provisions in the proposed bill. While California’s business climate is suffering in most other sectors, this bill appears to be yet another example of someone in Silicon Valley profiting off of sponsored legislation. Kemp states he helped craft the bill on his blog:
“Congrats to State Senator Josh Becker for proposing this, and thanks for letting me propose and contribute to its drafting.”
Kemp is a tech investor with financial ties to companies that are paid to remove personal data, Atlas Privacy and DeleteMe. On their website, Atlas boasts “leveraging privacy legislation such as CCPA” (the California Privacy Protection Act – sponsored by Kemp) to remove consumer data.
While benefiting certain special interests, SB 362 would be harmful to small businesses, start-ups and non-profits, according to business groups. These companies and organizations rely heavily on the use of data to effectively and affordably conduct online marketing to their target audiences. If data is no longer available, small businesses, entrepreneurs and non-profit fundraisers will no longer be able to reach audiences and grow. Big businesses that can afford traditional mass marketing will be able to crush their smaller competitors.
Senate Bill 362 will set up within the already existing California Privacy Protection Agency a mechanism through which California consumers can request that data brokers delete their personal data, which is gathered when you surf the web, shop online, and “Google” anything. As the bill analysis says, “Most people know that when they use a ‘free’ service on the Internet (one for which there is no monetary charge), they are actually paying for it in the form of the data they reveal about themselves: the contents of their messages, their reactions to social media posts, their GPS coordinates, the identities of their contacts, etc.”
According to the Assembly Privacy And Consumer Protection Committee analysis, SB 362 is also overwhelmingly supported by trial lawyers and their related organizations, like Californians for Consumer Privacy (where Kemp is an advisor), Consumer Watchdog (Jamie Court), the Consumer Attorneys of California, and many more. It appears SB 362 would make it quite convenient for trial lawyers to work with “authorized agents” to root out lawsuits.
According to Rachel Michelin, President and CEO of the California Retailers Association:
SB 362 would undermine protections for consumers and their privacy. Eliminating your data means all of your data. This legislation does not allow for the balance established just a few years ago by the California Consumer Privacy Act, which empowers an individual to choose which companies can use their data.
Glaringly, SB 362 excludes companies like social media platforms and search engines which generate billions in advertising revenue by collecting vast amounts of consumer data. The rush to get this bill through rather than get it right may mean that small businesses can’t compete for affordable advertising, while the big players get even bigger.
Assembly Floor Analysis reports:
A coalition of 20 legal aid groups and consumer rights nonprofits explains the need for this bill:
[C]oncerns [about data brokers’ practices] are not abstract for countless Californians. […] Elderly individuals are at a higher risk for scams, identity theft, and financial exploitation that rely on the collection and misuse of personal information. Furthermore, invasive marketing practices and price discrimination can result from data brokers’ sale of consumer information to businesses. Without adequate knowledge about the types of information collected and sold by data brokers, and without the ability to delete that information upon request, consumers are left defenseless against such practices, and suffer from diminished autonomy and privacy in their daily lives.
A coalition of nine business trade associations explains why this bill is unnecessary:
With the passage of the CCPA, California was the first state to pass a comprehensive privacy law that applied in an industry neutral manner, and it followed that law with a consumer- facing registry that specifically would enable consumers to exercise their rights with data brokers. Unfortunately, based on an inaccurate interpretation of existing law, the bill creates a duplicative and potentially confusing regime for companies that are already subject to the CCPA, which already includes disclosures around collection activities and otherwise provides consumers with deletion rights and the ability to opt out of the sale and sharing of [personal information].
While SB 362 seeks to set up a free mechanism through the California Privacy Protection Agency (CPPA) where consumers can have a one-stop shop to request data deletion, the bill allows for an “authorized agent” to request and verify the data deletion on behalf of consumers. It appears companies like Atlas would qualify as authorized agents.
The proposed SB 362 data deletion mechanism would put the state in possession of the requesting consumer’s personal data. The bill notes that there would be security on the system, but can they guarantee no breaches of these wide swaths of private information? The recent data breach that exposed a million CalPERS/CalSTRS members raises more questions about the state’s ability to protect private data.
The Sacramento Bee reported in November 2022:
California has spent tens of millions of dollars trying to upgrade its online campaign finance portal, yet it somehow remains stuck in the Y2K era.
The state launched Cal-Access in 2000, but it has not seen substantial updates in more than 20 years.
The Legislature has allocated more than $55 million for the Cal-Access project, and $39 million has been spent, according to Glazer. There is no estimated roll-out date for the new site, but the latest timeline indicates it likely will not happen until after the 2024 election.
According to the Assembly Appropriations Committee, the California Privacy Protection Agency estimates costs of about $1.14 million in fiscal years (FY) 2024-26 and $600,000 in FY 2026-27 and ongoing to establish and maintain the data broker registry, issue and update regulations, establish and maintain the accessible deletion mechanism, and receive audits submitted by data brokers. Actual costs may be higher than this estimate if the Privacy Agency incurs additional workload costs receiving and reviewing exemptions claimed by data brokers. Any costs may be offset by fees, penalties, and expenses collected in the Data Brokers’ Registration Fund.
Not only will taxpayers be on the hook for developing this system, the State of California does not have a good track record of spending taxpayer dollars on online systems responsibly.
- Gov. Newsom Vetoes Bill to Charge Parents With ‘Child Abuse’ for not Affirming Trans Children - September 23, 2023
- Music Icon David Foster’s Daughters Declare ‘Hate’ for Gov. Gavin Newsom - September 22, 2023
- She Can Stay: GAO Says Julie Su Can Be ‘Acting’ Labor Secretary Indefinitely - September 21, 2023