This is the property of the Daily Journal Corporation and fully protected by copyright. It is made available only to Daily Journal subscribers for personal or collaborative purposes and may not be distributed, reproduced, modified, stored or transferred without written permission. Please click "Reprint" to order presentation-ready copies to distribute to clients or use in commercial marketing materials or for permission to post on a website. and copyright (showing year of publication) at the bottom.

Data Privacy

Oct. 16, 2020

Prop 24 would help revitalize California’s economy

Proposition 24, the California Privacy Rights Act, offers a potential solution to the EU’s call for action after invalidating the EU-U.S. Privacy Shield Program.

Dominique Shelton Leipzig

Partner, Perkins Coie LLP


Dominique is a privacy and cybersecurity partner and co-chairs the firm's Ad Tech Privacy & Data Management group. She provides strategic privacy and cyber-preparedness compliance counseling, and defends, counsels and represents companies on privacy, global data security compliance, data breaches and investigations with an eye towards helping clients avoid litigation.

David Biderman

Partner, Perkins Coie LLP


David is firmwide chair of the Consumer Products & Services Litigation Practice.

Chris Hoofnagle

Professor, UC Berkeley School of Law

Chris is faculty director of the Center for Law & Technology at Berkeley Law.

The COVID-19 pandemic has laid bare our reliance on technology and data while forcing millions of Californians to work and attend school virtually. The pandemic has also opened a Pandora's box of technology challenges for consumers and policymakers alike -- including very real concerns related to data-driven racial profiling and bias.

Data is the oil that drives the California and global economy, and businesses like retailers, banks and airlines need it to effectively run their daily operations. But concerns about consumer privacy continue to mount.

On July 16, the European Union's highest court, the European Court of Justice, invalidated the EU-U.S. Privacy Shield program, a vehicle for responsibly moving data from the EU to the United States. The ECJ decision claimed that U.S. privacy laws were inadequate because of the government's national surveillance powers. The ECJ decision also reflected a desire for other reforms.

Why should Californians care what a distant EU court thinks about consumer privacy?

In a word, jobs. Secretary of Commerce Wilbur Ross has warned of the decision's negative impact to the $7 trillion-plus transatlantic trade relationship. Many of these jobs, especially technology-driven ones, deliver paychecks across Silicon Valley that also boost the local economy.

Assuming the U.S. surveillance concerns raised in the ECJ decision are resolved politically, there is an additional hurdle to address. The EU needs to see that U.S. privacy law is "essentially equivalent" to the EU's regulations to allow the transfer of consumer data to the United States.

Yet there is no national U.S. law of the necessary breadth and depth that currently meets this standard, notwithstanding the fact that both businesses and consumers have increasingly cried out for federal legislation.

A new initiative on California's November ballot, Proposition 24, the California Privacy Rights Act, offers a potential solution to the EU's call for action.

Prop. 24 would amend existing California law to include many protections harmonious with European privacy law.

It would enshrine data transparency; create new rights for consumers (defined as all California residents) to limit the use or disclosure of sensitive data, including racial and ethnic data; expand access and deletion rights in keeping with EU law and rights to be forgotten for California residents; provide clearer rights with respect to automated profiling systems; and establish a new California Privacy Protection Agency to enforce these measures.

All these provisions would be necessary to bring an American law closer to matching "adequacy" with the EU.

Paired with political negotiations regarding foreign surveillance, the CPRA would provide a set of concrete protections for U.S.-EU policymakers to discuss within a newly revived cross-Atlantic data-sharing deal, which would offer stronger consumer privacy protections than the Privacy Shield accord.

The CPRA offers the fastest route to a new equilibrium with Europe, restoring a transatlantic data-sharing process that would be efficient and trusted by most stakeholders.

It would also critically preclude the need for any new U.S. federal law that would take months, if not years, to be approved by a politically divided Congress in Washington, D.C. And, because of the "California effect," we believe that most companies in the United States would then match their privacy protections to the CPRA.

The current situation is clearly not working for American consumers or businesses. Privacy concerns are rising, and regulators are creating a dense thicket of business rules that, in their disharmony, impose compliance costs and more red tape.

The CPRA is a solution that creates a strong baseline and would establish privacy rights in a robust fashion. It could also help revitalize cross-Atlantic commerce by harmonizing U.S. and EU consumer privacy standards while also giving a much-needed lift to California's economy. 


Submit your own column for publication to Diana Bosetti

For reprint rights or to order a copy of your photo:

Email for prices.
Direct dial: 949-702-5390

Send a letter to the editor: