Your online data, big tech and California’s strict new law

California begins country's strictest data privacy law Jan. 1. Host John Thomas Flynn talks what started it, who's affected and will citizens see a "data divide...

Ever wonder just how much of your personal information is being collected online by search and social media titans such as Google and Facebook?

Laurel Rosenhall, a former The Sacramento Bee reporter, decided to explore the issue and the new California legislation aimed to regulate it. She published her recent article in CalMatters, a nonprofit, nonpartisan news site covering state government and politics where she now works. We were able to chat with her this week to learn more.

Laurel Rosenhall, CalMatters

Rosenhall began by highlighting the case where a writer, Dylan Curran, downloaded his data from Google and Facebook and published an article about his findings for The Guardian newspaper.

“The extent and the quantity of the information was just mind blowing. The Google data was the equivalent of 3 million word documents and the Facebook data was about 400,000 word documents worth of information,” Rosenhall said.

The companies had histories of every location Curran had visited in the last year, including the time and date he was there. Plus he received a listing of events that he had put on his calendar and also notations of which events he actually attended.

“The data included all the photos he’d ever taken with his phone, including when and where they were taken as well as every email he’d ever sent or received, including the ones he had deleted,” Rosenhall said.

Every image, location or story you’ve ever clicked

She wrote that according to Curran, “They also have every image I’ve ever searched for and saved, every location I’ve ever searched for or clicked on, every news article I’ve ever searched for or read, and every single Google search I’ve made since 2009. And then finally, every YouTube video I’ve ever searched for or viewed, since 2008.”

“Our actions online have created a vast trove of information worth billions of dollars. Every time we search, click, shop, watch, send, receive, delete or download, we create a trail of data that companies can use to figure out our tastes and interests”, Rosenhall wrote.

Such powerful, far-reaching and profitable developments haves not escaped the notice of privacy advocates and elected officials alike. While the former have long lamented the corporate intrusion into our personal lives, the latter have begun the process of reigning in these phenomenally profitable enterprises. In fact, as Rosenhall wrote about the California Consumer Privacy Act which takes effect in just three weeks, “California’s privacy law is the strongest in the United States, giving consumers a new level of control that may become the national standard. Companies are spending an estimated $55 billion to comply, largely on updates to their policies and systems.”

However, “The law doesn’t stop companies from collecting personal data”, she continued, “It just gives people more ways to know what’s being collected and to ask that their information be deleted. In other words: the impact of the law may rest in how many people exercise their new rights.”

“If Californians want this information from companies starting in January, they will be able to get it. But if consumers don’t take any proactive steps to seek out this information, then they probably won’t notice any change other than we are all going to be inundated with the announcements that there’s updated privacy policies from all kinds of websites that that operate in California,” she said.

Half a million companies must comply

As to coverage and compliance with the new law, it’s quite expansive in terms of who has to comply. And while nonprofits organizations are exempt, “Businesses, they have to comply if their revenues exceed $25 million a year or if they get at least half of their revenue from selling consumers’ personal information, or if they buy or sell personal data of at least 50,000 households,” Rosenhall said.

An estimated half-a-million companies are likely to have to comply with this law, and not just those in California.

“Companies don’t have to be based in California to follow it. Anyone who has any website anywhere, if they do business with a Californian, or have any customers in California, then they have to follow it,” she said.

Law arose from dinner party conversation

It is somewhat astonishing that such an important legislative development actually had a rather serendipitous beginning. It seems that it was hatched during a dinner party, as Rosenhall explained.

“There is a real estate developer in San Francisco named Alastair Mactaggart. He’s not someone who had any kind of career in privacy policy or activism until a few years ago and he’s now kind of become this extremely influential person in the privacy debate.” It appears that Mactaggart was at a dinner party in the Bay area where he struck up a conversation with a Google engineer. “The engineer told him in the course of their conversation that Americans would be shocked if we knew how much information Google has about us,” Rosenhall said. This made quite the impression on Mactaggart, and with other concerned Californians, he decided to do something about it. “And one thing that is possible in California is what we call, a citizens’ initiative, which is where anyone who has enough money can put something on the ballot for a public vote,” said Rosenhall.

Mactaggart spent about $3 million collecting signatures and getting an initiative qualified for the ballot that would give people more control of their data. “And the tech companies were freaking out. They completely opposed this,” said Rosenhall

So the tech companies began to raise money to oppose Mactaggart’s ballot measure.

“Then they realized that they didn’t actually want to take this into a public campaign because the optics of fighting consumer privacy would be really bad for them,” Rosenhall said. So both sides went to the legislature and basically said, “Look, let’s work this out. ‘If you pass a law in the legislature,’ Mactaggart said, ‘I’ll take my measure off the ballot,’” according to Rosenhall.

And so Mactaggart basically used that ballot measure as leverage.

“And in 2018, the legislature passed this law, passed this bill. Gov. Jerry Brown at the time signed it into law, and it takes effect on Jan. 1 of 2020,” she said.

Data dividend like Alaska’s oil dividend

One additional item of particular interest is the discussion of what has been referred to as the data dividend. This is an idea floated by current Gov. Gavin Newsom shortly after he was inaugurated at the beginning of 2019 to give Californians some kind of compensation for their data.

“And potentially it could be structured similar to how Alaska shares the wealth from its oil, by sending checks to each resident of Alaska. But right now we really don’t know exactly what the governor has in mind,” Rosenhall said.

So what is a Californian’s data worth

“There’s not a perfect way to measure it, but economists have looked at it a few different ways. The combined value of 61 basic information items about the average person is $4.83 cents. But if you start including a lot of more personal information, including like their financial history and things like that, all that data might be worth almost $300,” Rosenhall said.

So when its aggregated in a state the size of California with 40 million people, “The value of our personal data is estimated at $10 to $12 billion,” she said. Wow!

One thing is for sure — the battles are far from over, and the lobbying money will continue to grow while the law and regulations are evolving, and the data dividend is debated. But the so-called purveyors of surveillance capitalism will no longer have free rein over our personal data and privacy. It’s a good start.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.