Consumer Privacy Expansion
GDPR-style regulations reduce competition and burden small businesses. Should be federal, not state.
Prop 24 expands consumer data privacy laws, making the existing California Consumer Privacy Act more closely resemble Europe’s Global Data Protection Regulation (GDPR). Enacted in 2018, GDPR is the reason that every site asks you to confirm cookies; although it affects Europeans only, websites can’t be sure if a user is European, and the potentially enormous fines make it not worth the risk.
GDPR goes beyond cookie notices though, regulating how long certain data can be held, what kinds of processes must be used to store personal data, and so on. The regulations are so complex that compliance is often infeasible for smaller companies. The result is reduced competition in the tech sector, with big companies like Google (my former employer) charging small businesses for services that deal with the regulations; these costs ultimately prevent new businesses from entering.
Other jurisdictions should be cautious about creating new versions of GDPR. If every country had its own data privacy laws, it could become difficult or impossible for websites to comply with all simultaneously (any website on Earth could be serving California users). California doing it would be better than cities, as San Francisco attempted in 2018 Prop B, but jurisdictions of 40 million people are still too fine-grained. This is a matter for the legislature to consider, and ideally for them to defer to the federal government, which would approach data privacy in the international setting it demands. Vote no.