The law will replace the California Consumer Privacy Act, which was passed in 2018, following a separate push to get a privacy measure on the ballot that year. The author and chief financial backer of Proposition 24, real estate mogul Alastair Mactaggart, was behind CCPA's passage as well.
"With tonight's historic passage of Prop 24, the California Privacy Rights Act, we are at the beginning of a journey that will profoundly shape the fabric of our society by redefining who is in control of our most personal information and putting consumers back in charge of their own data," Mactaggart said in a statement Wednesday.
Earlier this year, Mactaggart told Protocol that he wanted to take a new privacy initiative, then called the California Privacy Rights Act, to the ballot because he had watched business groups attempt to undermine CCPA through changes in the legislature. "At some point it feels like when you let your guard down, one of these changes is going to come through, have a massive impact, and end up gutting the law," Mactaggart said at the time.
He undertook months of negotiations with privacy groups and business leaders, including tech giants like Facebook, Google and Microsoft in hopes of coming up with a measure that both advocacy and industry groups could live with. But Prop. 24 ended up splitting the privacy community, with organizations like Consumer Reports coming out in favor of the measure and the ACLU coming out against it. The tech community notably didn't fight the measure the way they did when Mactaggart was first pushing a privacy initiative in 2018.
But that doesn't mean they're supportive of it either. On Election Day, Linda Moore, CEO of the lobbying group TechNet told Protocol that while her organization hadn't taken a firm stance on Prop. 24, the measure is "not at all in alignment" with TechNet's views on privacy law. "Part of our opposition is a part of the ballot measure [which] lays out that no changes can be made to [it] without a supermajority of the legislature, which is incredibly hard to corral," Moore said. "The legislature should be in charge, along with the governor, in setting privacy policy. This takes it out of the hands of the people who can work on this complicated issue."
The new law will preserve much of CCPA, but it will also allow Californians to require companies to limit the use of their sensitive personal information, create a new agency to handle privacy law enforcement and establish new fines for violations of children's privacy rights, among other things. Groups like the ACLU worry that the complex nature of Prop. 24 will introduce new loopholes for businesses that further expose Americans' data or require them to pay for data protection.
Businesses operating in California now have until January of 2023 to comply with the new law before it goes into effect.
Climate TRACE's data show emissions at the facility-level.Image: Climate TRACE