Proposition 24: Why it Matters for Businesses Everywhere

Consumers are demanding more control over their data. In recent years, new data privacy laws have gone into effect, creating new restrictions and requirements for the organizations that collect or use personal data. In the recent U.S. election, California voters approved Proposition 24, a new measure that expands the state’s existing data privacy laws.

A Brief History of Data Privacy Laws

The General Data Protection Regulation (GDPR) went into effect in the E.U. on May 25, 2018. The legislation is hundreds of pages long and is currently considered the toughest law of its type in the world. Organizations that do not comply with the GDPR’s data privacy and security requirements can face hefty fines. Brazil’s General Data Protection Law (LGPD), a somewhat similar law, went into effect in 2020.

In the U.S., California has been leading the way in data privacy legislation. The California Consumer Privacy Act of 2018 (CCPA) gives consumers the right to know about the personal information that a business collects, uses, or shares; the right to delete their personal information; the right to opt-out of the sale of their personal information; and the right not to be discriminated against for exercising their CCPA rights.

California’s Proposition 24 Has Now Passed

The Official Voter Information Guide says that Proposition 24 will allow consumers to prevent businesses from sharing personal information, it will allow consumers to correct inaccurate personal information, and it will limit the use of sensitive personal information, which includes precise geolocation, race, ethnicity, and health information. It will also establish the California Privacy Protection Agency.

According to the Associated Press, Proposition 24 is supposed to expand the CCPA and close some of the loopholes that businesses have exploited. It also triples the fines for companies that violate children’s privacy or sell children’s data illegally.

The Impact on Businesses in Other States