Privacy Beat

Your weekly privacy news update.

1. Some CCPA changes appear positioned for Calif. Senate passage — then Assembly talks in September

It looks as if the final language of the California Consumer Privacy Act, effective Jan. 1, is going to end up subject to last-minute lobbying in a legislative conference committee between now and Sept. 13.  That’s according to an Aug. 14 blog account by attorney Cynthia J. Larose, of the Mintz, Levin law firm. 

“As of the Senate Appropriations Committee hearing yesterday, a group of amendments were pulled from the agenda at the last minute and appear to be heading directly to the Senate floor for a vote without further changes,” Larose writes. “Once voted out, these are likely to be crossing over to the Assembly for conference markup.”

Her report ticks off the affected amendments.  One, AB-846, could affirm the ability of publishers to charge for digital content, because it refers to “premium services” as well as loyalty programs.  Another, AB-1355, allows a consumer to be treated differently based on the value of the information they are willing to share.

The others affect employee information, data from public records, auto-vehicle records and whether a website has to have a phone number as well as an email address for consumer privacy inquiries. Larose says one proposal, AB-1281, which would have regulated facial-recognition technologies, “appears to have stalled for now.” 


So many people have told us this newsletter is valuable.
Please support the continued work of ITEGA to foster a digital marketplace that respects privacy and identity.


2. OTI urges tech focus on ‘marginalized’ civil rights protections; author is named Shorenstein fellow

New America’s Open Technology Institute (OTI) released a report this week outlining how problems with companies’ data practices disproportionality affect marginalized communities. It proposes steps to protect their civil rights and mitigate any harms. 

“As policymakers consider passing meaningful privacy legislation, civil-rights protections are a critical but mostly overlooked component. To have effective privacy legislation, we must ensure that companies’ data practices do not violate individuals’ civil rights — especially when it comes to marginalized communities. Problematic commercial data practices disproportionately harm people of color—especially Black and Brown communities — women, immigrants, religious minorities, members of the LGBTQ+ community, low-income individuals, and other marginalized communities.” 

The report supports giving the Federal Trade Commission more rulemaking authority and giving individuals multiple ways to rectify perceived violations of privacy and civil rights. As discriminatory practices are making it into the digital realm the report states that “Further guidance and broader policy changes are needed to resolve the ambiguities around applying civil rights laws to these novel means of discrimination.”

The report’s authors include Becky Chao and Eric Null, who both work at OTI, and Brandi Collins-Dexter, who was just named a 2019-2020 fellow at the Harvard-JFK Shorenstein Center to “write a paper on the digital ecosystem and how it has forever altered the political, economic, sociological and psychological ways in which we engage offline.” 


3. Republican leading Senate tech task force says first priority should be data privacy

Differing from the Democrat-led House, U.S. Senate Judiciary Committee Tech Task Force leader Marsha Blackburn (R-Tenn.) wants to focus on data-privacy legislation, putting the tackling of big tech and antitrust issues on the back burner for now. She says that we should first see how companies’ business models and market competition change after privacy legislation is passed, and take a more incremental approach to regulation.

In a conversation this week with the Washington Post, Blackburn didn’t give a clear timeline on when legislation should be in place or indicate if that would be before or after CCPA is enacted. She said a key priority of the task force is to help lawmakers “up their institutional knowledge” on issues like privacy, data security, competition, and political censorship accusations. She cited the BROWSER Act, which she introduced in April, as a starting point for data regulation.

Sen. Dianne Feinstein (D-Calif.) is co-chair of the task force and Blackburn expects the work to span committees and parties.



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. New research finds consent notices meaningless or manipulative

TechCrunch reported on a recent academic study concluding, “that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.” The research co-authored by academics at Ruhr-University Bochum, Germany, and the University of Michigan compiles multiple studies on cookie notices and cookie consent mechanisms.

” Overall, we conclude that the GDPR is making the web more transparent, but there is still a lack of both functional and usable mechanisms for users to consent to or deny processing of their personal data on the Internet,” they study’s authors write in the report extract.  

The research argues that the majority of cookie notices are not GDPR compliant. “Our results show that a reasonable amount of users are willing to engage with consent notices, especially those who want to opt out or do not want to opt in. Unfortunately, current implementations do not respect this and the large majority offers no meaningful choice.”

The research found that design choices can manipulate users consent choices. One example is that the more privacy choices there were, the more likely people were to opt out of cookies all together.

“Consent fatigue and mistrust is definitely a problem,” says co-author Martin Degeling, “Users that have experienced that clicking ‘decline’ will likely prevent them from using a site are likely to click ‘accept’ on any other site just because of one bad experience and regardless of what they actually want (which is in most cases: not be tracked).”


Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds (TechCrunch)


5. “Race to the Top” seeks participation in effort to whet investor appetite for privacy technologies

Turning the attention of investors to technologies that respect privacy and user-controlled identity exchange is part of an initiative that meets next month in Silicon Valley — and organizers are inviting participants.

If today’s data practices are causing people to feel disempowered and eroding their trust, the “Race to the Top” initiative says that we have now entered a downward spiral — a race to the bottom — in which the competitive dynamics of the tech industry are increasingly at odds with the interests of individuals.

Helping investors to find and track value around trust, privacy and user-managed identity — not surveillance — is the mission of “Race to the Top.” The initiative of the venture-capital community is explained by Magdi Amin in this blog post – “Race to the Top: A New Business Paradigm for Identity Data.” The next working meeting is Sept. 13 in Silicon Valley.  LEARN MORE AND REQUEST INVITATION.


“Civil rights protections must apply to the digital economy. Though we have a number of federal civil-rights statutes that exist to protect individuals from unjust treatment by various institutions, these laws are insufficient for protecting against the discriminatory practices that have expanded into the digital realm.”

– ‘Centering Civil Rights in the Privacy Debate’ by: Becky Chao, Eric Null, Brandi Collins-Dexter, and Claire Park of New America











Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is:

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.