Frequently Asked Questions

The opportunities for you to get employment, open a bank account, get credit or insurance, and secure housing are endangered by the unrestricted collection, processing, sale and even misuse of your personal information.

California took the first step in 2018 to allow Californians to take control of their personal data with the passage of the California Consumer Privacy Act (CCPA). This effort was led by the same group that is behind Prop 24 — Californians for Consumer Privacy.

But increasingly businesses are trying to neuter the CCPA and your privacy rights through the Legislature. Unless California voters take action, the hard‐fought rights consumers have won could be undermined by future legislation. Rather than diluting privacy rights, California should strengthen them over time. Furthermore, current California law lacks basic privacy rights such as the ability to let you limit the use of your sensitive personal information (e.g. religion, ethnicity, geolocation, etc.). We as Californians significantly lag behind what Europeans get when it comes to basic privacy rights. The Big Tech companies are not sitting still; we should improve and enhance our privacy law.

Prop 24 is in effect the “Version 2” upgrade of the CCPA, designed to provide each Californian more privacy rights and let you take back control over your data. That is why over 930,000 of your fellow Californians signed the petition to get Prop 24 on your ballot — that is more people than the population of states like Wyoming or Vermont, Alaska or North Dakota — who like you want more privacy rights.

Prop 24 is the “Version 2” upgrade of the CCPA and is designed to provide each Californian even more privacy rights and lets you further take back control over your data. Prop 24 and the CPRA is designed and backed by the same group — Californians for Consumer Privacy — that sponsored the California Consumer Privacy Act (CCPA) ballot measure in 2018. That petition was signed by 629,000 Californians and qualified for the November 2018 ballot.

In June 2018, Californians for Consumer Privacy negotiated with Senator Robert Hertzberg and Assembly member Ed Chau in the California Legislature, and successfully passed the California Consumer Privacy Act (CCPA) in return for withdrawing the ballot measure. The CCPA gives nearly 40 million people in California the strongest data privacy rights in the country.

Now, Californians for Consumer Privacy is back with the California Privacy Rights Act, which builds upon CCPA’s achievements. If voters approve this Prop 24 measure in November 2020, we think it will be the best consumer privacy law in the world. Big tech companies are not sitting still; we need our privacy laws to keep pace with their expanding use of our personal data. That is why over 930,000 of your fellow Californians signed the petition to get Prop 24 on your ballot, and you have the chance to make this into law.

There so many! Here are just a few:

1. Triples fines for violations of children’s privacy: Just in the last two years, we’ve seen continued violations of children’s privacy, including this record fine paid by Google/YouTube. Our children’s privacy MUST be respected.
2. Limit the use of Sensitive Personal Information: CPRA introduces a powerful new concept covering your most sensitive personal information. Under CCPA, you only have the right to stop the sale of your personal information. CPRA goes much further, and lets you tell businesses not to use your most sensitive information, unless it’s to deliver you a product you are asking for.
3. Stop businesses from knowing your precise geolocation: Precise geolocation—exactly where you’re standing or driving—is a new concept, and by including it in the definition of your sensitive information, CPRA will let you stop a business tracking you and knowing exactly where you are at all times.
4. Stopping businesses from profiling you: Are you seeing only certain jobs because of your race, your education, your political leanings? How do you even know? Is some algorithm determining your future by only showing you jobs it thinks you’re qualified for? This new right would allow you to find out about the profiles businesses are collecting about you, and stop the automated processing of your information based on the profiles businesses have created about you.
5. Right to correct your information: this lets you correct the information that businesses have collected about you. Incorrect information online can affect your entire life, and under existing law you have no ability to change it.
6. Right to have your personal information kept safe: the CPRA tells businesses that if they are going to collect personal information, then they must keep it secure from theft! Unfortunately, too many businesses just leave your information lying around in plain text, and who suffers? You do, when your identity is stolen. The CPRA also adds “email plus password or security question & answer” to the list of items subject to a private right of action. Put another way, if your email and password is stolen or hacked due to the negligence of a business, the business could face massive fines —millions or even billions of dollars of fines.
7. Right to see ALL your information, not just the last 12 months: under CCPA, you can only see the last 12 months of information a business has collected about you. CPRA will require businesses to tell you all the information they’ve collected about you, starting January 1, 2022—everything from then on!
8. Creation of a new California Privacy Protection Agency: Californians need a one-stop shop to protect their information. They need somewhere to register their complaints, and ensure big businesses are following this new law.

The reality is that kids’ lives are being lived online, more and more. For parents of young children, Covid has reinforced how omnipresent screens are in kids’ lives—before it was for entertainment, now it’s for school too. Businesses will do anything to keep kids’ eyeballs on their sites, hoovering up data about as many children as they can. As parents we need to safeguard our children online.

Prop 24 protects kids in a multitude of ways. One critical way is that CPRA triples fines for violations of children’s privacy (e.g. $7500 for each violation involving the personal information of minor consumers). So, if a Big Tech company is violating privacy laws regarding minors, the fines could be massive. Money talks, and this is the best way to change behavior. Furthermore, CPRA would also require opt-in consent in order to sell personal data from consumers under the age of 16.

Just in the last two years, we’ve seen continued violations of children’s privacy, including this record fine paid by Google/YouTube. Our children’s privacy MUST be respected, and CPRA provides these important rights to protect kids.

Prop 24 and the CPRA give Californians the fundamental right to have your personal information kept safe. Specifically, the CPRA tells businesses that if they are going to collect personal information, then they must keep it secure from theft! Unfortunately, too many businesses just leave your information lying around in plain text, and who suffers? You do, when your identity is stolen.

Furthermore, the CPRA adds “email plus password or security question & answer” to the list of items subject to a private right of action. Put another way, if your email and password is stolen or hacked due to the negligence of a business, the business could face massive fines, potentially owing thousands or even millions of Californians up to $750 each.

Yes! CPRA introduces a powerful new concept covering your most sensitive personal information. Under CCPA, you only have the right to stop the sale of your personal information. CPRA goes much further, and lets you tell businesses not to use your most sensitive information, unless it’s to deliver you a product you are asking for.

One key element of sensitive personal information is your precise geolocation—exactly where you’re standing or driving. With CPRA by including it in the definition of your sensitive information, CPRA will let you stop a business tracking you and knowing exactly where you are at all times.

The reality is that businesses are expanding their use of big data, machine learning and artificial intelligence techniques to gather increasingly more and more personal information about you. Your personal data is increasingly the fuel that powers their businesses. The opportunities for you to get employment, open a bank account, get credit or insurance, and secure housing are endangered by the unrestricted collection, processing, sale and even misuse of your personal information.

Increasingly businesses are trying to neuter your current privacy rights through the Legislature. Unless California voters act, the hard‐fought rights consumers have won could be undermined by future legislation. Rather than diluting privacy rights, California should strengthen them over time. The Big Tech companies are not sitting still; we should improve and enhance our privacy law.

Prop 24 gives Californians a wide range of new privacy rights that level the playing field and give you a say on how those businesses can or cannot use your own personal data.

Congress has failed to act on privacy, since the dawn of the internet. Industry is too powerful for Washington to act and thumbs their noses when called upon to testify and explain how they make money off your information. Sacramento isn’t any better—that’s why it took the threat of an initiative in 2018, and another one now, to force real change.

Californians for Consumer Privacy would welcome a strong, effective national privacy law. However, Congress has failed to act on privacy, since the dawn of the internet.

As Californians, let’s control our destiny and strive to have more privacy rights and be able to take control over our personal data. That’s why you should vote Yes on Prop 24 and the CPRA.

No. CPRA only covers businesses that buy and sell your information, or big huge businesses. There are 3 tests for whether a business even has to comply with CPRA.

1. Over $25,000,000 in annual revenue in the preceding year
2. Buys, sells or shares the personal information of at least 100,000 consumers a year
3. Makes more than 50% of its revenue from selling personal information.

CPRA only covers big businesses or data brokers. Your corner dry cleaner, flower store or book shop is not covered (unless they are buying information about you or taking your personal information and selling it).

Yes. These companies make billions of dollars a year by collecting and using our personal information. The opportunities for you to get employment, open a bank account, get credit or insurance, and secure housing are endangered by the unrestricted collection, processing, sale and even misuse of your personal information. You should have the right to control how your personal information is used because the impact that these businesses may have on your life, and, after all, it is your data and you should have basic privacy rights that only Prop 24 and CPRA will give you.

To be clear, CPRA is not aimed at any one company. CPRA is aimed at a set of business practices where you are tracked constantly, and your personal information monetized. If you are a business and use personal information in a way that your customers are comfortable with, then you should have nothing to fear, and likely, privacy regulations will not have a major impact on your operations. If, however, you use personal information in a way that would lead many of your customers or site visitors to say, wait a second, I never agreed to that, I didn’t expect you’d do that with my information, then such a business should be prepared to make substantial changes to its business model in light of the passage of Prop 24.

Californians for Consumer Privacy is the group behind both the original CCPA and now the CPRA / Prop24 ballot initiative. Alastair & Celine Mactaggart are currently the sole major funders of the initiative and the group behind Prop 24, and we welcome your support. More and more of our fellow citizens are contributing whatever they can at our website, www.caprivacy.org. We would so appreciate your assistance—going up against the world’s most valuable companies is daunting, and we need every bit of assistance we can get.

A number of privacy and civil society groups support Prop 24 as well as major unions. For example, the NAACP, Common Sense Media, Consumer Watchdog are examples of civil society groups that support Prop 24. Unions include the California Firefighters and the State Building Construction & Trades Council of California, as well as regional unions such as UA Local 38 Plumbers and Pipefitters and IFPTE21. National and state political leaders also support Prop 24 including former Democratic Presidential Candidate Andrew Yang, Rep. Ro-Khanna (CA-17), California State Controller Betty Yee and State Senate Majority Leader Bob Hertzberg.

No. Big Tech companies raised over $2 million to fight Californians for Consumer Privacy and our CCPA initiative in 2018, so clearly, they are not fans of the types of regulation that we are proposing. Large data brokers like Acxiom have already announced they oppose Prop 24, so if they wrote Prop 24, why would they announce opposition to it?

As much as opponents may wave their hands and try to confuse you with wild claims, the reality is that the CPRA significantly increases privacy rights. Please see the question “What are the main new privacy rights that Prop 24 gives us Californians?” above for a number of examples.

Absolutely yes. Prop 24 gives Californians privacy rights that are at the same levels as Europeans get.

Europe’s landmark privacy law, the GDPR, and California’s Consumer Privacy Law, were both enacted in 2018, but CCPA didn’t go into effect until just this January 2020, and is only being enforced as of July 1, 2020. Both laws give consumers the right to know what information businesses have collected about them, and the right to delete that information, as well as the requirement for businesses to keep that information safe.

While the CCPA was a good first step for California, the CPRA is the “Version 2” upgrade that we need to reach parity. See this blog post here for a comparison of what the various laws do or would do.

CPRA and Prop 24 includes a one-way ratchet: a simple majority of the California Legislature (with the Governor’s consent) can amend the law in any way that is pro-consumer-privacy; but no amendments that harm consumer privacy are permitted. This initiative puts a floor under privacy and ensures California will continue to have the strongest consumer privacy protections in the country, while allowing the law to grow and change with the times.

This conclusion is of course backed by California Constitutional legal scholars. Or see this blog “Yes, Prop 24 Can Be Amended to Further Enhance Privacy.”