California Data Privacy Law Highlights Growing Frustration with Tech Industry

on July 17, 2018

After years of glowing admiration and perceived innocence, the tech industry is in the throes of its comeuppance.

Driven by everything from the Facebook-Cambridge Analytica data privacy scandals, to social media-driven fake news concerns, consumers and legislators are starting to push back on the goose that laid the golden digital egg. There’s growing awareness of the incredible power and influence that tech companies have on nearly every aspect of our lives, and alarm bells are growing louder.

The most recent evidence was the swift and unanimous passage of the California Consumer Privacy Act of 2018 (officially labeled AB 375), a wide-ranging piece of legislation that was approved in late June by the CA State Senate and Assembly and signed into law by Governor Jerry Brown.

Conceptually similar to the recently instituted GDPR data privacy regulations of the European Union, the new law gives California-based consumers the right to know about all data being collected on them, the right to refuse sale of that data, the right to delete that data, and much more. As with GDPR, companies that don’t comply are potentially subject to large fines.

One of the many interesting twists about the new legislation—which doesn’t go into effect until January of 2020—is that California was the first in the US to pass a major data privacy law, even though most of the largest tech companies are based in California and the state has tremendously benefitted from their impressive financial success.

So, what made California legislators willing to bite the hand that contributes so strongly to its coffers? Incredible consumer frustration.

In comment after comment posted in response to online articles that covered the news of the legislation’s passage, there was/is a deep sense of betrayal and mistrust directed towards many large tech companies, such as Facebook and Google. Even among those who claimed to not particularly care for California or its legislators, or who found the new law to be flawed in some way, there was/is the sense that it’s still an important step in the right direction.

The combination of all the various data privacy and security scandals seems to have reached a tipping point, and consumers are both starting to demand more control over their personal data and expect more accountability from companies who collect it.

Fundamentally, the problem stems from the simple fact that most people didn’t know about how these companies really operated and now that they do, they aren’t happy. In fact, I wouldn’t be surprised to see several state legislative bodies and, eventually, federal lawmakers start tackling these types of personal data privacy issues quickly. Even by the end of the year, we could end up seeing a very different and much more controlled regulatory environment for tech companies than exists today.

For tech companies, the real-world impact of these regulations isn’t entirely certain, but clearly, they won’t be good for most of them. On the one hand, because many companies have had to deal with GDPR compliance—which is even more far-reaching than this California law—the effect could be minimal. On the other hand, for US-only companies, this legislation could be more challenging because of the huge demand for Internet-related services by California citizens now protected by the law.

Philosophically, both the new California regulations and GDPR put into question some of the core business model principles behind so many Internet-based companies: the collection, analysis, and usage of what most people in the US believe should be fundamentally private information.

Reasonable people understand that companies must earn money to survive and continue providing the kinds of applications and services we like to use, but there are some serious ethical, and even existential, questions about how a business’ income can and should be raised that many tech companies still need to sort out for the long haul.

The irony that an industry which originally promised to free us from an Orwellian 1984-like world is now actually helping to create one is not lost on many. In fact, it’s that realization which is the impetus for much of the current frustration—and legislation. Let’s hope that these newly imposed regulations can drive the development of viable new business models that both let tech companies continue the incredible success stories they’ve built, while still preserving our individual privacy. Finding these new models may not be an easy task, but it’s an incredibly important one for our economy, our personal liberty, and even our democracy.