California’s SB 690: A Stealth Attack on Your Privacy
A Bill That Could Hand Your Data to Corporations and Government Alike Seems To Be Sailing Through The Legislature. Huh?
If you’ve been reading my work over the years, you know I don’t trust big government much, and I’m fierce about protecting people’s right to privacy. Especially when it comes to keeping your personal information truly personal, born in 1967, I’ve had a front-row seat watching the digital revolution slowly chip away at those early protections we thought we could count on. I’m writing about some legislation flagged for me by a reader, or I would not have even known it existed.
A Quiet Threat in a Digital Age
These days, almost every American lives online. Our data—where we shop, what we search for, and who we message—gets collected and sold like commodities at a farmers market. Yet as our digital lives become more exposed, the protections that should shield us keep weakening. From my reading, Senate Bill 690, making its way through the California legislature (it passed the State Senate early last month), fundamentally changes privacy rights.
We’re already living with our online lives bare, and SB 690 threatens to worsen things. Picture this: a website asking you, “You have a right to privacy for your data, where you go online, and what you do. Click to waive these rights, or your data won’t be kept.” That straightforward choice doesn’t exist now, and SB 690 goes in the wrong direction, allowing businesses to process certain personal information under a broad “commercial business purpose” exemption, shifting away from California's strong privacy standard that often required explicit consent for such activities.
Undermining Decades of Privacy Protections
California used to lead the charge on privacy laws. The California Invasion of Privacy Act (CIPA), passed in 1967—the year I was born—set demanding standards against unauthorized surveillance. Senate Bill 690 weakens CIPA by creating new exemptions for “commercial business purposes.” While the bill aims to clarify what falls under this, my read on the language is that it changes the law enough to allow a wide range of online tracking, from cookies to chatbots, without the same strong privacy safeguards CIPA initially provided.
Under the California Consumer Privacy Act (CCPA), you’re automatically opted in and then forced to hunt through complicated settings to opt out—something most people never figure out how to do. Research confirms this system fails because people don’t know these options exist. Rather than strengthening explicit consent, Senate Bill 690 aligns this new exemption with California's existing 'opt-out' privacy framework. I would argue that it places the burden on consumers to protect their data. Backwards from what it should be.
Does This Make It Easier For the Government To Sidestep The Fourth Amendment?
By the way, a relatively common practice now by government (federal, state, local) is to circumvent your Fourth Amendment privacy rights by purchasing data from businesses. So this is not just about businesses potentially getting your data without your express, clear permission. It is about that data potentially getting into the hands of the government.
SB 690 Takes Away Your Ability To Defend Your Right to Privacy
This bill, as drafted, makes it harder for you to fight back legally if you feel your privacy has been violated, effectively removing the power for individuals to sue over many data harvesting operations that now fall, or will spring up, under this new “commercial business purpose” exemption. I’m generally not a fan of making it easier for people to sue businesses. But I have a big caveat regarding protecting your privacy rights. You should be able to take legal action if someone, some company, or your government tries interfering with your right to privacy. Otherwise, what would your recourse be to enforce your right to privacy?
With 67% of America’s biggest tech companies calling California home, whatever the state decides could ripple across the nation, potentially ignoring how your data might be used without your knowledge or consent. If companies can take your data without asking for it clearly and simply, who’s left to defend you? Under Senate Bill 690, it looks like no one.
A Call to Action for Legislators
This isn’t about partisan politics but protecting every Californian’s fundamental right to privacy. As Senate Bill 690 moves to the Assembly, lawmakers must ask themselves some hard questions: Does this bill strengthen privacy protections or tear them down?
To the legislators deciding this bill’s fate: put people first. Vote no on Senate Bill 690 unless it includes precise consent requirements and leaves intact the ability of someone to take action if they feel their privacy rights have been violated.
The question we face is simple: Should the default be that we have to fight to protect our data, or should businesses and the government need to ask our explicit permission before they take it?
All of those people who voted for you? They do not have lobbyists. They have you.