Crypto rewards browser Brave has written to the Californians for Consumer Privacy seeking support for California Privacy Rights and Enforcement Act (CPREA). It is also seeking to make recommendations on some privacy improvements.
Brave concerned about the privacy of Californians
To begin with, Brave is recommending that the CPREA should cover all information that can help in singling out a person. Brave indicates in the letter that the explanation of personal information as contained in the Act is similar to that of the GDPR but excludes publicly available information. According to Brave, the “personal information” is synonymous with “personal data” as provided for in the EU protection law.
Early this month, Governor Newsom signed into law AB-874, which offers a way forward on what should entail personal information. AB-874 excludes publicly available information that can the federal or state government records can provide lawfully.
The second recommendation requests CPREA to implement a legal basis model for the GDPR. Brave expressed its disappointment regarding the CPREA not requiring a legal basis to process personal information. From Brave’s perspective, having a legal basis such as legitimate interest, consent, and the contract could improve the levels of privacy of Californians.
Stopping surveillance from tech giants
The purpose specification, as provided for in CPREA, has the capability of stopping surveillance free-for-all in the large tech companies. The present cross-use of information excludes new entrants and stifles innovation and market choice.
Brave also wants the CPREA to implement stringent provisions on de-identification and notifications. It raised concerns regarding the CPREA as it may change what deidentified means. Therefore there is a need to have provision theta will guarantees that future standard will be stronger than the one it will replace.
Further Brave suggested that there is a need to adopt a risk-based approach that will protect small enterprises creating fewer privacy concerns from a regulatory problem. More emphasis should be on scrutinizing and enforcement of the approach on larger enterprises that often create huge privacy risks. Brave has equally recommended that enforcements should not just cover financial implications but should also include a ban on processing.