Big Tech companies often have snappy mottos such as “Don’t be Evil” and “Do the Right Thing.” Given the massive influence on the electorate and our democracy that popular social media and internet search products have, we should probably not blindly assume that these online platform providers are always living up to their mottos. It is therefore incumbent that the electorate have the power to verify if these powerful platform providers are in fact putting their proverbial thumbs on the scale of our democracy in terms of unduly favoring their preferred political candidates or ballot measures.

The good news is…


As Marc Andreessen noted in 2011, software is eating the world. Data is the fuel that feeds software, including the digital exhaust that each person creates as they interact with web sites and services.

The collection and processing of personal data as well as the translation of that information into behavioral data for analysis and sales has led to what Shoshana Zuboff calls “Surveillance Capitalism.” The net result of Surveillance Capitalism is that businesses and governments can purchase access to “digital voodoo dolls” of each one of us. This means there is now unprecedented insight into who we are and…


In the past I have done a deep dive on California’s Data Breach Notification Law and called for specific enhancements to it. I have also banged the drum for a while now for a national data breach law. Considering the recent SolarWinds and Colonial Pipeline attacks there is finally some momentum for a national data breach notification law. But even if a federal law were to come into being there needs to improvements to the California Data Breach Notification law and better alignment with the California Privacy Rights Act. …


As part of my continued evangelism of the California Privacy Rights Act (CPRA) Resource Center — which you should most definitely check out! — here is what the authors of the CPRA (Californians for Consumer Privacy aka CCP) considers the top 20 new privacy enhancements found in the CPRA compared to existing California law (the California Consumer Privacy Act or CCPA).

As an added bonus, I added hyperlinks to the actual text of the CPRA that documents each of these major CPRA privacy enhancements, and threw in my own top 12 list.

CCP’s Top 20 CPRA Privacy Enhancements

[Note this…


Below is a proposal to enhance and better align the California Data Broker Registry Law with the California Privacy Rights Act. I first provide a background on the why and what should be done to the Data Broker Registry Law and then provide the proposed edits to the law itself.

Source: https://oag.ca.gov/data-brokers

Background

In October of 2019 California passed AB 1202 that requires “data brokers to register with, and provide certain information to, the Attorney General” and in turn the Cal AG office would provide a website that lists all the registered data brokers. There is a nominal penalty of $100 per day…


As another example of the great content found in the California Privacy Rights Act (CPRA) Resource Center that I contributed to, below is a reproduced article from the CPRA Resource Center that provides a section-by-section summary of the CPRA. Check out the full CPRA Resource Center for more great content on the CPRA, including the full text of the CPRA with over 175 annotations as well as a comparison of the text of the CPRA compared to the CCPA.

Section 1: Title: The California Privacy Rights Act of 2020

Section 2: Findings and Declarations

Preamble emphasizes California Constitution’s right to…


As a highlight to the great content in the California Privacy Rights Act (CPRA) Resource Center that I helped contribute to, here is the content from the Resource Center regarding the timeline for the rollout of the CPRA.

· December 11th, 2020: Election Certified. Under Article II, Section 10(a) of the California Constitution, the measure becomes effective five days later, or December 16, 2020. However, with several exceptions described below, the measure becomes operative on January 1, 2023. See Section 31. The following provisions become operative on December 16, 2020:

· “Employer — Employee exemption” [Section 1798.145(m) and (n)] Information…


Over the last few weeks, I have been working with Alastair Mactaggart on a “Resource Center” for the California Privacy Rights Act (aka the “CPRA” which was enacted into law with the passage of Proposition 24). Alastair is the Chairperson of Californians for Consumer Privacy (“CCP”) and was the main visionary and sponsor of Proposition 24 (and before that, the California Consumer Privacy Act or “CCPA”). Alastair created the great content for the CPRA Resource Center (with editing help from the incomparable James Harrison), and I volunteered to take Alastair’s content and organize it (including making sure each section has…


California Proposition 24 (aka the California Privacy Rights Act of 2020 or CPRA) provides additional rights to consumers (e.g. right to correct personal data, limit use of sensitive personal information such as geolocation data, etc.), adds additional obligations to businesses to better protect consumers’ personal data (e.g. data protection impact analyses must be performed, maintenance of records of processing activity, etc.), but probably most significantly it creates a new regulatory agency to enforce data protection and privacy in California — the California Privacy Protection Agency (CalPPA).

In this blog post I will provide four recommendations for the CalPPA agency beyond…


California Proposition 24 (aka the California Privacy Rights Act of 2020 or CPRA) resoundingly passed this past November with over 9.3 million votes — the 7th most votes for any candidate or initiative in any State election in US history. The CPRA represents the most significant and comprehensive privacy legislation ever passed in the United States and gets California on par with the gold standard of consumer privacy protection laws — Europe’s General Data Protection Regulation (GDPR). CPRA provides additional rights to consumers (e.g. right to correct personal data, limit use of sensitive personal information such as precise geolocation, etc.)…

Tom Kemp

CEO. Co-founded/co-built @Centrify, Idaptive & NetIQ. Board of @DreamCatchersCA. I blog on #Privacy and #Security at http://tomkemp.blog & tweet at @TomKemp00.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store