Privacy. California has one set of rules. The European Union has their own. The EU policies are stricter than ours, so California tech companies are being fined massive amounts, in the billions, for running an honest, open platform. In the EU you are NOT allowed to criticize government. They are dictatorships claiming to be free.
“Five little-known bureaucrats at the California Privacy Protection Agency — the only dedicated privacy regulator in the country — are debating stringent new rules that would restrict how companies can track people’s sensitive data and use it to make important decisions about their lives.
The draft rules are attracting international attention for their potential to cut across an expansive number of industries, from health care to bank loan applications to online marketing, as well as the use of artificial intelligence. Representatives for tech giants like Apple, Google and Meta — and companies as far afield as the United Kingdom and Japan — have jumped in to offer input and criticism of the rules, which are being crafted in a windowless auditorium at an aging San Francisco office building where the agency often convenes.
This is going to be a mess. Watch this as tech companies are forced to change their operations—some for the good, some bad. Either way, this is not productive.
Big Tech has another California problem
The nation’s only dedicated privacy agency is attracting international attention over its California rules that could have wider impacts.
By Tyler Katzenberger, Politico, 04/25/2025 https://www.politico.com/news/2025/04/25/big-tech-california-data-privacy-regulation-fight-newsom-00309171
SAN FRANCISCO — While Google and Meta fight for their futures in Washington, another Big Tech battle is raging in a much smaller arena in California — the outcome of which could have sweeping impacts on everything from online shopping to sports arenas far beyond the state.
Five little-known bureaucrats at the California Privacy Protection Agency — the only dedicated privacy regulator in the country — are debating stringent new rules that would restrict how companies can track people’s sensitive data and use it to make important decisions about their lives.
The draft rules are attracting international attention for their potential to cut across an expansive number of industries, from health care to bank loan applications to online marketing, as well as the use of artificial intelligence. Representatives for tech giants like Apple, Google and Meta — and companies as far afield as the United Kingdom and Japan — have jumped in to offer input and criticism of the rules, which are being crafted in a windowless auditorium at an aging San Francisco office building where the agency often convenes.
The latest figure to emerge in the debate is California Gov. Gavin Newsom, who sent a letter first obtained by POLITICO to the agency’s board on Wednesday, warning them not to overregulate an emerging tech sector.
“Enacting these regulations could create significant unintended consequences and impose substantial costs that threaten California’s enduring dominance in technological innovation,” Newsom wrote in the letter.
Newsom’s intervention underscores the outsized role California plays in tech regulations as the home to some of the world’s biggest companies. It also shows that not even a blue state more inclined to set strict business rules is immune to the reach of powerful tech companies with deep pockets and influential voices.
“Newsom is fundamentally business-oriented. It’s in his DNA,” said Jason Elliot, a former longtime adviser to the Democratic governor, whose portfolio included artificial intelligence. “He knows that business can’t thrive if arbitrary and misinformed rules are constantly changing the ground under the feet of businesses.”
The CPPA also stands in the face of a broader push to deregulate, from Donald Trump’s Washington to even the European Union rethinking its landmark data privacy rules that have inspired lawmakers in places like California.
Supporters of the privacy agency’s proposed rules — including one of Hollywood’s biggest actors’ unions — argue this is precisely why now is the time for California to act to protect users from business interests, before profits end up setting precedent.
“Employers, big tech companies, they’re treating it as if we’re in the wild west,” Carmen Comsti, a policy specialist at the California Nurses Association, told POLITICO. “We want to make sure that there are guidelines and guardrails.”
The CPPA still has a long road ahead to finalize the rules before a state-imposed November deadline, but has already shown signs of leaning into the tech arguments by agreeing this month to explore scaling back certain aspects.
Tom Kemp, the agency’s newly appointed director, said in an email to POLITICO it’s “premature” to judge how the guidelines will reverberate beyond California, given they’re still in development. But the potential consequences of pushing too far on the nationally watched rules are weighing on board members, given it could provoke legal challenges from Big Tech or invite Republicans in Washington to pass a law that overrides California’s robust privacy standards.
“You saw that shot of Mr. Trump’s inauguration when he had all the tech bros behind him,” CPPA board member Alastair Mactaggart, a wealthy Bay Area real estate developer and key architect of California’s landmark 2018 and 2020 privacy laws that underpin the agency, told POLITICO.
“This doesn’t augur well for any law which seeks to rein in the power of these princes of the economy.”
Pressure from all sides
California privacy regulators can independently enact and enforce data protection rules thanks to the 2020 law known as the Privacy Rights Act. The law, passed by voters as a ballot measure, created the agency and enshrined people’s right to control their personal information in the state constitution — but it never explicitly mentions artificial intelligence.
The CPPA first released the new rules for automated decision-making in 2023, arguing they would make it easier for people to exercise their privacy rights. Automated decision-making technology uses algorithms and often AI to assist with —- or in some cases replace —- human decision-making in areas like health care, hiring, education and criminal justice.
The draft rules would allow users to opt out of and see how businesses deploy automated decision-making tools. The same rights would apply when businesses use AI or facial recognition to profile people online or in public spaces, like sports stadiums and shopping malls.
The agency’s independent status is supposed to help shield it from political influence, but that hasn’t stopped outside groups from attempting to pressure the board.
The ACLU of Northern California, California Labor Federation and a Los Angeles-based strippers’ union have swarmed virtual hearings this year, pleading with regulators to pass stringent regulations. Washington lobbyists from TechNet and the Computer and Communications Industry Association, which represent tech giants like Apple, Google and Meta, argued against the rules.
Even rideshare company Lyft got involved. The company had an informational meeting with CPPA board member Jeffrey Worthe to discuss the rules, according to a person with knowledge of the conversation, granted anonymity to disclose private discussions. Worthe said at a recent board meeting he met with a rideshare company.
Agency staff said they received more than 626 public comments on the proposed rules over about four months, from web browser Mozilla to software company Workday, cybersecurity firm Crowdstrike and American Express. Japanese mega conglomerate Hitachi and British data privacy consultancy Formiti also chimed in.
All that feedback, plus responses from the CPPA, totaled more than 1,600 pages when agency staff stuffed it into a bulging binder for regulators to review at a board meeting earlier this month in San Francisco.
“There was a period where I think I got the same exact email every day for about 60 days,” Worthe said while holding up his binder of public comments at the meeting.
Business and tech groups fear the CPPA’s draft rules could crush Silicon Valley under onerous and costly regulations at a crucial moment in the worldwide AI arms race.
“What’s most likely to happen is this massive, burgeoning, blossoming industry goes somewhere else, outside the reach of the CPPA,” said Matt Regan, a policy expert for the business group Bay Area Council, whose members include Apple, Amazon and Meta. “If they get it wrong, we risk losing our preeminence in this next massive industrial revolution.”
California’s Chamber of Commerce, which represents more than 14,000 businesses statewide, has been one of the most vocal opponents. CalChamber blanketed Instagram, Facebook and LinkedIn feeds of users in the state’s capital of Sacramento with ads protesting the rules’ price tag earlier this month.
Business groups further argue it’s outside the young agency’s role to make rules that impact fast-evolving AI technologies, a claim disputed by agency staff.
“They’re really flying by the seat of their pants,” Regan said. “It’s a very concerning dynamic when you look at what’s at stake.”
CalChamber also rallied a bipartisan group of 18 state lawmakers behind a February letter urging the CPPA to narrow its regulations. The letter, led by Assemblymember Jacqui Irwin, warned revenue losses resulting from the rules could hurt the state’s tech-dependent bottom line, which already looks dire as tech stocks sink amid Trump tariff fears.
“We understand that the board thinks that we can’t pass legislation on automated decision-making, but we are trying in the Legislature to be thoughtful and deliberate and prudent,” the Southern California Democrat told POLITICO in an interview.
Kemp pushed back on that sentiment in a statement, saying one of the agency’s goals “has been to harmonize with other state laws where applicable.”
Consumer rights advocates and labor unions counter that people should decide whether companies can feed their most sensitive data to algorithms when deciding who to hire for a job or whether to approve someone’s health insurance claim.
More than two dozen such groups, including the powerful California Labor Federation, Hollywood actors’ guild SAG-AFTRA, health workers’ union SEIU California and the Electronic Privacy Information Center, made their case to the CPPA in a letter earlier this month, urging board members to resist business groups’ “anti-democratic assault.”
“This is part of a larger effort to block the will of the voters … all to protect some of the largest and most profitable corporations in history from a common sense foundation of transparency and accountability,” the groups wrote.
But CalChamber’s campaign appears to be gaining traction. The CPPA board earlier this month moved to water down portions of the draft rules that would allow people to opt out of some uses of the technology, including generative AI tools and personalized online advertising.
“All of those folks who wrote in should recognize this as a really big deal, and that the agency is listening and paying real attention to these concerns,” CPPA board member Drew Liebert said at an agency meeting this month.
‘Tip of the iceberg’
The CPPA board is far from finished on the rules and must overcome internal divisions ahead of a fast-approaching November deadline imposed by California’s Office of Administrative Law to finalize regulations.
Even if the board rallies together to revise the generative AI and advertising rules at their next meeting in May, they still have to work through two other sections: cybersecurity and risk assessments for nearly all businesses that sell, share or process people’s personal information. Any substantial revisions would require the agency to open a minimum 15-day public comment period, which puts board members on an even tighter schedule.
Lindsey Tonsager, co-chair of global data privacy and cybersecurity practice at the law firm Covington & Burling, said the agency’s more than five-hour meeting earlier this month “was only the tip of the iceberg.”
“All of that uncertainty leaves a big question mark of whether or not the agency is still on track to enact final regulations by the end of this year,” Tonsager said.
The looming debates could widen rifts between board members. Mactaggart already cast doubt on the risk assessment rules at a November 2024 board meeting, arguing there’s “no chance” the CPPA’s roughly 40 staff members would be able to review “tens and tens of thousands of multi-page risk assessments.”
Mactaggart — the most vocal opponent on the board of stronger rules for automated decision-making — fears overly ambitious attempts to rein in the technology could make the agency a target for lawsuits from tech industry groups.
“We will be tied up in litigation for years. It will drain our young agency of resources,” Mactaggart said at this month’s board meeting. “This is going to be an egregious waste of taxpayer money.”
Elliott, the former Newsom adviser who now runs his own consultancy, raised similar concerns.
“If the governor, a significant number of important legislators and a number of board members are all saying they don’t want to move in this direction, why are we still moving in this direction?” he said in an interview.
Board chair Jennifer Urban, however, worries an overcorrection could undermine the agency’s constitutional charge of protecting people’s right to decide when and how companies use their personal information.
“It is completely unclear to me why in the world you would suggest that staff haven’t actually been keeping all of this in mind as they have crafted these regulations,” Urban said at the CPPA meeting, countering Mactaggart.
“We all know that they absolutely have — that they have been, in my view — extremely careful and creative and creating a set of regulations that have a very limited universe.”
Awesome https://t.ly/tndaA