One question we get frequently asked is … does Prop 24 get California closer to the broad privacy rights that Europeans have with their privacy law, the General Data Protection Regulation (GDPR)?
Our answer is Absolutely Yes! Prop 24 gives Californians privacy rights that are at the same levels as Europeans get.
Europe’s landmark privacy law, the GDPR, and the California Consumer Privacy Act (CCPA), were both enacted in 2018, but CCPA didn’t go into effect until just this January 2020, and is only being enforced as of July 1, 2020. Both laws give consumers the right to know what information businesses have collected about them, and the right to delete that information, as well as the requirement for businesses to keep that information safe.
While the CCPA was a good first step for California (and Californians for Consumer Privacy, the backers of Prop 24, were the driving force behind the CCPA), Prop 24 is the “Version 2” upgrade that we need to reach parity with the privacy rights have in other regions of the world such as Europe. Prop 24 is also known as the California Privacy Rights Act of 2020 (CPRA).
For example, like what Europeans get with the GDPR, Prop 24 adds the concept of “sensitive personal information,” which is information such as union membership, sexuality, race, health info, etc., and passage of Prop 24 would allow California residents to limit the use of that information. For example, if you sign up to use a health app, you can stop that business from turning around and sharing and selling to other companies, an/or using your health info for other purposes beyond what you signed up for.
As Consumer Watchdog, a leading consumer protection non-profit, writes in its endorsement of Prop 24: “Significant new privacy rights will be available to Californians – including the right to data correction, purpose limitation, storage limits, and data minimization – in line with the protections provided in Europe under the GDPR. Californians’ protections would be sufficient for the state to gain “adequacy” under European law to give the state a leg up in fast track commerce with the European Union, assuming the US and EU resolve the national security aspects of privacy laws currently under discussion.”
Consumer Watchdog also notes that Prop 24 will create a “European Union style privacy commission …. The commission must develop expansive new privacy rules for consumers: For instance, a right to know meaningful information about the logic behind Google’s automated targeting algorithms and behind the information they see popping up in their Facebook feed.”
So, it is not surprising that when voters were polled if they wanted “additional consumer privacy protections to the existing law— protections that are already available to consumers in Europe and elsewhere in the world” over 70% of Californians said yes to that statement and Yes to Prop 24.
Here’s the detail comparison on how the CPRA (Prop 24) compares to both current California law (the CCPA) and Europe’s GDPR. As you can see, it brings California on par with privacy rights in Europe, which is exactly what voters want.
| Components | EU Privacy Law (GDPR) | California Privacy Law (CCPA) | Prop 24 (CPRA) |
|---|---|---|---|
| Right to Know What Information a Business has Collected About You |  |
|
|
| Right to Say No to Sale of Your Info | |
|
|
| Right to Delete Your Information | |
|
|
| Data Security: Businesses Required to Keep Your Info Safe | |
|
|
| Data Portability: Right to Access Your Information in Portable Format | |
|
|
| Special Protection for Minors | |
|
|
| Requires Easy “Do Not Sell My Info Button” for Consumers |  |
|
|
| Provides Ability to Browse with No Pop-ups or Sale of Your Information | |
|
|
| Penalties if Email Plus Password Stolen due to Negligence | |
|
|
| Right to Restrict Use of Your Sensitive Personal Information | |
|
|
| Right to Correct Your Data | |
|
|
| Storage Limitation: Right to Prevent Companies from Storing Info Longer than Necessary | |
|
|
| Data Minimization: Right to Prevent Companies from Collecting More Info than Necessary | |
|
|
| Right to Opt Out of Advertisers Using Precise Geolocation (< than 1/3 mile) | |
|
|
| Ability to Override Privacy in Emergencies (Threat of Injury/Death to a Consumer) | |
|
|
| Provides Transparency around “Profiling” and “Automated Decision Making” | |
|
|
| Establishes Dedicated Data Protection Agency to Protect Consumers | |
|
|
| Restrictions on Onward Transfer to Protect Your Personal Information | |
|
|
| Requires High Risk Data Processors to Perform Regular Cybersecurity Audits | |
|
|
| Requires High Risk Data Processors to Perform Regular Risk Assessments | |
|
|
| Appoints Chief Auditor with Power to Audit Businesses’ Data Practices | |
|
|
| Protects California Privacy Law from being Weakened in Legislature | N/A | |
|
For more information on how Prop 24 gets California on par with Europe with respect to privacy rights, check out this 1 minute video below:
Yes on Privacy & Yes on Prop 24!
