California’s statewide privacy coalition weighed in on the regulatory plans for the California Attorney General to administer and enforce the California Consumer Privacy Act.

The verdict? Pretty good job by Becerra’s office, but a few things can always be better. Like what?

*Clamping down on targeted advertising. Transfers of data for the purpose of targeted advertising are “sales”, even if the adtech industry wants to pretend they aren’t.

* Watch out for “risk to security” loopholes. CCPA already provides exceptions for security issues. They don’t need to be broadened any more.

*Limit pay for privacy. Dividing customers by “group” exacerbates the possibility of discrimination by group characteristics. Privacy harms manifest, like other kinds of discrimination, along societal divides. Privacy protections shouldn’t replicate existing discriminatory patterns.

*Data brokers are not service providers. The AG should not conflate the data exchange business with legitimate service providers. Not the same thing.