with Tonya Riley

A big fight is emerging over California’s ballot Proposition 24, which could become America’s new de facto data privacy law. It’s pitting privacy advocates against … checking my notes … other privacy advocates? 

I’m Geoffrey Fowler, The Washington Post’s tech columnist in San Francisco. As a consumer advocate, I often write about how we can get control over our data. So when Cat asked me to fill in for her today, I thought I’d learn more about the California Privacy Rights Act of 2020, also known as the CPRA. It’s being pushed by one of the authors of — and is supposed to improve upon — the state’s existing California Consumer Privacy Act, or CCPA (with a C), which took effect this year. As I’ve written before, the CCPA gives consumers the ability to opt out of the sale of some of our information, but demands we jump through a lot of hoops to protect our privacy. 

So I was surprised to discover the battle lines emerging over the new CPRA (with an R), which has the American Civil Liberties Union aligned with corporate arch-enemies, including data brokers and the online ad industry. 

The fight is not only creating strange bedfellows, but the proposition’s murky language leaves lots of confusion for voters come November. 

My takeaway: The CPRA isn’t the aggressive battle with big tech some privacy advocates wanted and won’t introduce a new paradigm for how California protects data rights. 

But it makes enough changes to existing law (which stays in place if the proposition fails) that it could alter the balance of power with data-hungry corporations. There’s just little agreement on whether those changes are, added up, better for consumers or corporations — or just kind of a wash. And whatever California does on privacy could end up becoming a floor for data rights across the country, because it’s hard for companies to treat Californians differently.   

The CPRA shows how messy privacy policy can become when advocates themselves can’t agree on how hard to push, or who gets to lead the charge. That should be a warning to other states considering privacy laws, as well as those hoping for a federal one 

Driving and funding the CPRA is Alastair Mactaggart, a real estate developer who, as an outsider among privacy advocates, played a big role in getting the CCPA passed in 2018. Mactaggart also helped finance the CCPA initially as a ballot proposition but compromised to get a version passed by the state legislature instead. 

Mactaggart told me his motivation for launching the CPRA was to fix problems with the CCPA. 

As a ballot initiative that can only be overturned by another one, he said the CPRA would become “a baseline for privacy law that can’t be weakened.” A provision in Proposition 24 allows the legislature to amend it, but only for purposes “to enhance privacy and [that] are consistent with and further the purposes and intent of this Act.” 

The CPRA, which is also backed by watchdog group Common Sense, adds new limits on how businesses can use “sensitive personal information” — such as their race, sexuality and precise location. (Consumers would have to give their permission before such data could be sold.) And it makes a big change to how the law gets enforced. Instead of relying on the California’s attorney general, it creates a new data privacy agency and requires the state to fund it with at least $10 million. “This would fund about 50 people,” Mactaggart said. “The [Federal Trade Commission] has 40 people for the entire nation” to enforce privacy. 

Fighting the CPRA is Mary Stone Ross, a former lawyer for the Electronic Privacy Information Center who also used to work with Mactaggart’s Californians for Consumer Privacy and was a co-author of the original CCPA. She says the CPRA not only doesn’t go far enough to improve the CCPA, but actually rolls back some of its protections. And her new organization, California Consumer and Privacy Advocates Against Prop 24, has gotten the support of a consortium including the ACLU, Color of Change, Media Alliance and the California Small Business Coalition. 

Ross shared a laundry list of her problems with the new proposition. “We can all agree there are awesome things that will move privacy forward, but hidden in the 52 pages are a lot of things that are going to move it backwards,” she told me. For example, she says even the language allowing for the CPRA to be modified could be used to harm future pro-privacy moves because it also stipulates amendments should give “attention to the impact on business and innovation.” 

Ross doesn’t like that CPRA would mean a delay in enforcement of the law as a new privacy agency gets set up, and that it has a carve-out in Proposition 24 for loyalty clubs, such as supermarket cards that offer discounts in exchange for tracking purchases. She also doesn’t like that the law gives credit reporting agencies the ability to sell personal information of business owners, she said. 

Some of the conflict has to do with how Mactaggart wrote CPRA in consultation with the tech industry. As Issie Lapowsky wrote in Protocol, at least half a dozen provisions in the initiative trace directly back to Mactaggart's private negotiations with companies including Google and Facebook. (Google and Facebook haven’t taken an official stand on CPRA.) 

Mactaggart said he brought a draft of the proposition to a coalition of privacy advocates, and addressed 27 of their 41 concerns. Jacob Snow, of the ACLU of Northern California, told me Mactaggart actually made a “single digit” number of pro-privacy changes. “What you see are a lot of new provisions that are favorable to big tech companies, and provisions that add privacy protections are weak,” he said. (He endorses the idea of a law requiring consumers to opt in to data collection, rather than opt out.) 

The fight has also gotten personal. 

Last month, ahead of a meeting to determine whether the California Democratic Party would support the proposition, technical consultant to Mactaggart’s organization Ashkan Soltani tweeted that “the opposition campaign was orchestrated by a former CIA operative / scorned employee that intentionally misrepresented the #CPRA.” Ross told me she was a Central Intelligence Agency analyst earlier in her career, but was “never an operative.” (After lobbying by both sides, not enough state Democrats endorsed the proposition for it get the party’s official approval. The California Republican Party opposes the ballot measure.) 

Ross said Mactaggart “likes the initiative process because he can be the one in control of it but it’s not the process to use any more.” 

On that, Ross is in alignment with the Interactive Advertising Bureau, an industry association. “To get it right, it is essential for new laws and regulations to undergo a process, with the ability for comment and debate,” said Dave Grimaldi, the organization’s executive vice president for public policy. 

Data broker Acxiom also told me it was opposed to Proposition 24. 

Ross said she’s not opposed to taking money from the tech industry to fund her campaign against Proposition 24. “In my mind, this initiative is so bad and I know I am going to need money to fight it.” 

Some traditional privacy advocates are now sitting out the CPRA. The Electronic Frontier Foundation said last week it “does not support it; nor does EFF oppose it.” 

Said Snow of the ACLU: “Sometimes we agree with Alastair and sometimes we don’t, so I think it’s on the substance, to be honest.” 

Now all that complexity is in the hands of voters, who have to try to read the proposal’s intricate language themselves — or to trust whichever side they hear from the most. That could get expensive in an election year where the ballot contains a number of controversial proposals. 

Mactaggart’s organization on Saturday said its own survey of likely voters found 81 percent support for Proposition 24, and 72 percent supported it after people heard the opposition arguments as presented in the ballot guide. 

Cat Zakrzewski is on vacation until Aug. 10. We'll be treating you this week to a slate of guest authors from The Post's stellar tech team. Enjoy.

Our top tabs

Trump wants the government to get a cut if Microsoft buys TikTok.

The White House set a Sept. 15 deadline for Microsoft or another U.S. company to acquire TikTok's U.S. assets from Chinese parent company ByteDance. Trump said he will ban the company for posing a national security threat after that point if no sale occurs.

Whether it's Microsoft or somebody elsethe United States couldshould get a very large percentage of that price because we're making it possible, Trump told reporters Monday. We make it possible to have this great success. TikTok is a tremendous success. But a big portion of it in this country.

Trump did not clarify which party in the deal was expected to pay the Treasury Department.

“Whatever the number is, it would come from the sale,” the president said. “Which nobody else would be thinking about but me. But that’s the way I think.”

A Treasury Department representative did not immediately respond to a request for comment. A White House spokesman also did not immediately return a request for an explanation.

Trump's order for ByteDance to sell off TikTok's U.S. operations follows a Treasury Department-led review into national security concerns. Lawyers familiar with the review process told The Post that the Treasury Department typically collects a small fee from the companies for the review. 

New York and California will partner with the FTC to investigate Amazon.

The attorneys general offices in both states will work with the Federal Trade Commission to interview witnesses about the e-commerce company's marketplace platform for sellers, Spencer Soper at Bloomberg  News reports

Amazon faces enormous scrutiny from both regulators and lawmakers over allegations that it uses data it collects on third-party sellers to launch competing goods. Although Amazon has denied the allegations in the past, chief executive Jeff Bezos testified last week that he couldn't confirm that company had never used the data to launch its own goods, Jay Greene reported.

“What I can tell you is we have a policy against using seller-specific data to aid our private-label business,” Bezos replied. “But I can’t guarantee you that policy has never been violated.” (Bezos owns The Washington Post.) 

Members of Congress cited testimonies from sellers on Amazon who have accused the company of copying their products and running them out of business. 

New York Attorney General Letitia James also launched an investigation in March into the termination of a former employee who led a strike at a New York Amazon warehouse. Both New York and California are also involved in probes into the marketplace powers of Google and Facebook. 

Twitter could face a fine of up to $250 million from the FTC for misusing user personal data.

Twitter disclosed the potential loss in an SEC filing, Salvador Rodriquez at CNBC reports. The FTC's complaint related to the company's use of phone numbers and email addresses provided for security features for targeted advertising. Twitter ended the practice in September, calling the use of data “inadvertent.”

The FTC says the practice violated an agreement with the agency in 2011 barring the company from misleading consumers about its privacy practices. 

The new filing also noted a recent hack of 130 high-profile accounts including former vice president Joe Biden. The filing says the breach could “impact the market perception of the effectiveness of our security measures, and people may lose trust and confidence in us, decrease the use of our products and services or stop using our products and services in their entirety.”

Rant and rave

Facebook refused to remove a  video of House Speaker Nancy Pelosi (D-Calif.) manipulated to make her appear drunk. 
A manipulated video of House Speaker Nancy Pelosi (D-Calif.) was circulated across several social media platforms in early August. (The Washington Post)

Facebook labeled the video as "partly false," while TikTok, Twitter and YouTube all removed the footage, CNN reports. Now, many of the same Democrats who took Facebook to task at an antitrust hearing last week are firing off at the social media giant as the manipulated video's views climb above 2 million.

Rep. David Cicilline (D-R.I.):

Rep. Jerry Nadler (D-N.Y.):

Rep. Joe Neguse (D-Colo.)

Agency scanner

The FCC will take public comment on Trump's petition for new social media rules.

Members of the public will have 45 days to comment on the petition filed by the Commerce Department asking the agency to reevaluate legal protections for Internet companies from liability for what users post, Reuters reports. The petition seeks to require social media companies to more transparently disclose how they moderate content.

It could be months before the Federal Communications Commission proposes any action to address the petition, and even then both Democrats on the commission have stated fierce opposition to the agency weighing in on the law. 

Trump withdrew the nomination of FCC Commissioner Mike O'Rielly yesterday just days after the Republican expressed reservations about the FCC's authority over the matter. O'Rielly's nomination was already on hold by Sen. James M. Inhofe (R-Okla.) pending his agreement to overturn the agency's recent decision to allow a private company to use spectrum that the Defense Department says could interfere with military use.

Hill happenings

Republicans want a classified briefing on TikTok and other Chinese tech.

“While we remain deeply concerned with TikTok, such concerns extend beyond the popular short-form video app," House Minority Whip Steve Scalise (R-La.), Energy and Commerce Committee ranking Republican Greg Walden (Ore.) and Rep. Cathy McMorris Rodgers (R-Wash.) wrote in a letter to Secretary of State Mike Pompeo

The lawmakers cited facial recognition company DeepCam and subsidiaries of China's TCL, which "develop and offer apps with spyware and malware designed to harvest user data and send it back to China."

Trump will act soon on a broad array of national security concerns about Chinese software, Pompeo told Fox News Sunday.

Inside the industry

Facebook signed a new lease in Manhattan. 

The lease brings the company's footprint to more than 2.2 million square feet acquired in less than a year, the New York Times reports. Facebook said it's unclear how many employees will work that office given the pandemic.  Amazon, Apple and Google all lease in the same midtown area.

More industry news:



Before you log off

A TikTok breaking down what's going on with TikTok: