Last year, California adopted the California Consumer Privacy Act, which restricts how data gathered about a person may be sold, and requires tech companies to keep it safe. Unsurprisingly, many big tech companies (and particularly the Internet Association, a lobbyist group run by Facebook, Google, Microsoft, and Twitter) would like to see it neutered:
The Internet Association, for example, has continued to push legislators to make what it’s called an “ads fix.” [...] The change would exempt much of the ad industry’s pervasive online tracking from California’s rules requiring companies to obtain consumers’ permission when their data is sold, according to privacy advocates who oppose such an exemption.
Such a "fix" would undermine one of the main protections in the law. Targeted advertising, beyond being the original sin of the internet, encourages widespread surveillance across the internet and beyond, providing a financial incentive to build ever more detailed profiles about users in order to sell more highly-targeted ads that don't even offer a significant benefit to publishers. They also put service providers in opposition to their users: rather than providing direct user value, services are incentivized to make their products addictive so that their users will see as many ads as possible. Meanwhile, more and more users are adopting privacy and ad blockers.
There's a general reluctance in Silicon Valley to accept legislative restrictions. Some of this is ideological: much of the web was built on a kind of techno-libertarianism that is still prevalent today. Some of it, at this point, is simply big business lobbying. In a world busily being eaten by software, we have to accept that hackers aren't cultural underdogs any longer. Tech is part of the prevailing culture, and the effects of its products and business models can be felt everywhere. The industry has proven itself to be poor at reigning in its worst impulses: from Cambridge Analytica to Palantir's direct involvement in deportations to Amazon fighting an investor resolution to prevent its facial recognition technology from being used in human rights violations, to the surprisingly widespread opinion that tech monopolies are good, actually, it has become painfully clear that some external guidance is badly needed.
It's true that lawmakers have also proven themselves to be poor at understanding technology. That doesn't mean they shouldn't seek to legislate around it: it just means they need to get smarter. They should seek out subject matter experts and advisors. In the case of the CCPA, that's what happened: it was the result of years of research and consultation. Yes, it has the potential to harm the businesses of companies like Uber and Google. That's not what it should be concerned with: it is a fundamental privacy protection for consumers. If businesses are harmed by privacy rules, that's a strong sign that they are profiting from our personal information. It's okay to say that this shouldn't be allowed.
Hopefully, the CCPA will inspire other, similar bills in other states, and eventually a set of nationwide rules. What happens in the California legislature will have a profound impact on surveillance throughout the world. It's not fair to say that all of Silicon Valley is against it; it's also not fair to allow Silicon Valley to dictate the human rights of millions of California citizens, and billions of internet users around the world.
McAlister, the group’s top lobbyist in California, said tech giants, online publications, Web retailers and others rely on the exchange of this information to make ads work, which they don’t see as a sale. “We have pushed from last year to this year,” he said, and “we’re going to continue to seek clarification.”
I cannot imagine a more disingenuous argument. And I hope that California legislators remain firm. We need these protections - and more.