Who’s protecting your right to privacy? California must empower citizens to sue

Internet privacy has become a front and center issue for Americans. Click by click, site by site, companies are tracking our every move and sharing or selling that information without our permission or knowledge.

Corporate surveillance has made us uniquely vulnerable. It knows our shopping habits, personal interests and political views. It knows our kids’ and our sensitive health information.

The Cambridge Analytica scandal, in which data was illicitly taken from 50 million Facebook users to spread propaganda and impact an election, showed that it’s not just our individual safety and privacy that’s at stake – our collective future and democracy are too.

We cannot count on profit-driven companies to prioritize privacy and consumer protection. We need strong laws. We need laws where accountability and enforcement lead to changes in company behavior. We need laws that restore privacy protections and put the public back in charge. That’s why I am working with Attorney General Xavier Becerra this year to pass Senate Bill 561.

Consumers want – and need – more safeguards and protections from companies that use and share our private data. As Californians, we have a fundamental and constitutional right to privacy. Just last month, a Morning Consult/Politico survey showed that 63 percent of California voters agreed that personal information shared online is “private and tech companies should not have it.”

The California State Legislature passed the landmark California Consumer Privacy Act last year. It will allow consumers to opt out of the sale of their data to corporations. It will give consumers other rights as well. This includes the right to delete personal information or to move it to another site.

Under the new law, Californians will have similar rights to consumers in the European Union under the General Data Protection Regulations, or GDPR. Yet California’s new law does not provide the same enforcement powers that make Europe’s privacy laws so strong.

Instead, the state’s Attorney General must take on enforcing this sweeping law with limited taxpayer dollars. Privacy-invading companies are also given a “get out of jail free” card, where they can avoid accountability through a 30-day “right to cure” period. So they can take the risk of violating consumer privacy because if they get caught they won’t be penalized.

Why should Europeans have stronger rights than we do? And doesn’t it make sense to distribute the enforcement burden in order to ensure companies face a range of consequences for violations?

A law is only as strong as its enforcement. SB 561 will provide Californians with the right to sue if their privacy rights under the Consumer Privacy Act have been violated. It will strengthen the law by clarifying the attorney general’s advisory role in providing guidance on the law, ensuring a level playing field for businesses that play by the rules and giving consumers the ability to enforce their constitutional right to privacy in court.

The California Consumer Privacy Act set the foundation for stronger privacy rights. SB 561 will make sure the law is properly enforced, because that’s the only way to make sure that privacy is, indeed, our right.