There is a new California ballot initiative that will create massive unintended consequences, jeopardize California’s tech leadership, restrict the state’s economy, and put consumers at increased risk of identity theft and other harms. In a recent briefing, leaders from DMA, ANA, 4A’s, IAB, and NAI informed marketers and advertisers about the ballot initiative, and how they can get involved to prevent this ballot initiative from negatively impacting their customer relationships and ultimately business effectiveness.
Dan Jaffe, ANA’s Group Executive Vice President of Government Relations, called the California ballot initiative “the most dangerous policy” that the data and marketing industry is presently facing in the United States. The proposal is “radically different from the EU’s GDPR regulations,” added Jaffe, noting the unprecedented and broad opportunity for massive class action lawsuits and extremely limited basis for data collection.
Extreme Definition of “Personal Information”
The ballot initiative places heavy restrictions on the use of personal information, but also has a much broader definition of “personal information” than typical policy proposals. It includes the typical personally-identifiable information (PII), but also encompasses browsing and search history, geolocation, and other advanced data forms such as olfactory data, psychometric data, etc. Additionally, it defines inferences drawn from any personal information as “personal information.”
“These restrictions include virtually any type of data we can think of,” said Brad Weltman, Vice President of Public Policy at IAB.
The proposal would also require an upfront, conspicuous notice to users stating “Do Not Share or Sell My Personal Information.” If a consumer opts out, businesses cannot change or alter their services or prices, and would not be able to ask them to opt-in for another 12 months. With businesses prohibited from altering services or prices, and potentially unable to institute paywalls, the policy was referred to as “legalized turnstile jumping.”
Massive Penalties and Openings to Lawsuits
In addition to restrictions on the collection and use of data, there are also massive penalties and a wide-ranging enforcement system that would lead to long-running lawsuits and crippling fines.
In 2017 alone, there were over 100 reported data breaches in California, and 2018 is on pace to exceed that number. The ballot initiatives levies massive penalties on companies who are victims of data breaches, including $1,000 per record and $3,000-$7,300 per record for what is determined to be a willful violation. Courts would also be given the ability to impose even steeper fines taking into account other factors, including the assets of company. A small data breach of 100,000 records would mean a company would face a liability of at least $100 million.
“There is a private right of action that we have not seen before,” said Alison Pepper, SVP of Government Relations for 4A’s. This means that companies are open to a broad range of enforcement actions not just from the Attorney General, but also from trial attorneys representing consumers. Scarily enough, the “injury-in-fact” is the simple alleged violation of any part of the statute – there is no harm to consumers required to bring a private action. With additional public rights of enforcement and whistleblower bounties, businesses operating in California will be exposed to massive legal liabilities simply for conducting business online.
Organizations Need to Get Involved – Here’s How!
This is not a legitimate privacy proposal, it is rather a proposal to drive lawsuits and limit how businesses can connect with their customers. “This initiative will limit our choices as consumers and negatively impact Californians,” said Chris Oswald, DMA’s VP of Advocacy. “It will restrict California’s economy and put at risk the state’s connection to the global economy and its role as a technology leader.”
Fortunately, business and nonprofit leaders are speaking out about the harmful impacts of this misguided proposal. “We believe the California measure could have unintended consequences for both businesses and consumers and that there is a better way to give consumers the privacy rights they deserve,” said a Microsoft spokesperson.
A campaign against this law will only succeed if businesses and nonprofits speak out about the harmful impacts. There are three actions DMA members can take today:
1) Register your organization’s opposition to this proposal, and encourage your business partners and clients to do so as well.
2) Speak out about how your California customers will be negatively impacted by this proposal.
3) Make a financial contribution to the “Don’t Disconnect California” campaign
DMA’s advocacy team is actively engaged on this issue. Reach out to Chris Oswald with any questions about how to contribute or to get involved.