A new internet privacy regulator in California, headed by Ashkan Soltani, needed assistance getting off the ground. This would be the first agency of its sort in the United States. As a result, he contacted the Horse Racing Board of the state.
During an interview with Scott Chaney, the executive director of the California Racing Board, which regulates around ten racetracks, Mr. Soltani inquired about the ins and outs of operating a tiny agency inside the enormous state government of California. They spoke about how to deal with remote work and recruiting in the event of a pandemic. Mr. Chaney also provided guidance on how to navigate the public sector successfully.
Chaney described Mr. Soltani as “basically creating” the State Department. It’s almost like he’s creating the thing from the ground up.”
Mr. Soltani has the difficult task of presiding over the first government organisation in the United States tasked with the primary responsibility of regulating how Google, Facebook, Amazon, and other firms acquire and utilise data from millions of people. Mr. Soltani has a long list of responsibilities. The California Privacy Protection Agency, which will have a staff of more than 30 people and a budget of $10 million per year, will be responsible for enforcing the state’s privacy legislation, which is among the most rigorous in the nation, in the state.
But first and foremost, the agency must be established — and Mr. Soltani, 47, a privacy specialist who formerly worked as the Federal Trade Commission’s chief technologist, must overcome the absence of precedent in order to succeed. As a result, he has gone out to organisations that are not directly related to what his agency will be, such as the racing board, for assistance in navigating his new role.
He has already had to deal with difficulties. He and his colleagues have received reams of comments from industry lobbyists, which they have incorporated into their work. When privacy campaigners query if their budget is sufficient to monitor the world’s greatest corporations, they respond affirmatively. The board meetings must be open to the public in order to be effective. It will also be necessary for them to transform the criticism they have received into concrete guidelines in the coming months.
The establishment of the new California agency is indicative of a broader change in how the rules of the global internet are being established — and who is doing the establishing. State capitals and foreign governments are increasingly adopting a hands-on approach to regulating online data gathering, restraining the influence of tech firms, and filtering extreme material on social media platforms, according to a new report.
It was a 2018 state privacy legislation that resulted in the establishment of the California Privacy Protection Agency, which gives citizens the ability to request personal data from websites and to have it removed. The state attorney general was tasked with developing guidelines to implement the statute and bringing legal action against businesses that violated its conditions. In 2020, privacy advocates were successful in their effort to get a ballot proposal passed that added extra requirements to the legislation and formed a new agency to carry them out, which was ultimately approved.
The board of directors started meeting last year to consider the possibility of creating the Privacy Protection Agency from the ground up. Mr. Soltani, a Pulitzer Prize-winning journalist, was recruited as the agency’s executive director in October of this year.
Mr. Soltani embarked on a listening trip shortly after that. Besides talking to the horse racing regulator, he also met with representatives from the California Department of Justice, the state’s consumer financial regulator, and the state’s medical board. He also talked with those who were engaged in the establishment of government agencies.
Staff members from various state agencies were first assigned to Mr. Soltani’s project, and he worked with them for the first several months. Before joining the agency, the acting chief legal officer worked at the Department of Motor Cars, where he assisted in the development of standards for autonomous vehicles.
This strategy would test whether creating a dedicated agency for enforcing online privacy can make the United States a stricter regulator of internet firms, as proposed by California officials.
In Europe, dedicated data protection agencies are the norm, and they are responsible for enforcing the EU’s General Data Protection Regulation, which regulates how websites may gather information from their visitors. However, there has been a varied response to the way in which these organisations have executed the legislation. European governments, according to critics, lack the resources to compete with Google, Amazon, and other large corporations.
California is confronted with comparable concerns. The new agency’s yearly budget of $10 million is insignificant when compared to Google’s $76 billion earnings for the previous year. Furthermore, many of the technology businesses that may be targeted by the state are entangled in the state’s economic fortunes and political manoeuvrings.
Jose Castaneda, a Google spokesman, said in a statement that the company has advocated for national privacy legislation, and that as “the California Privacy Protection Agency continues its work, we will continue to constructively engage to ensure that we protect our users’ privacy.” “The California Privacy Protection Agency continues its work,” Castaneda added.
The board of directors of the Privacy Protection Agency said in February that it will host workshops, which are expected to take place this month, to gather more input from privacy experts and academics. Mr. Soltani said at a meeting that month that the committee was likely to publish its first rules later in the year so that it could balance recruiting a staff with the complicated concerns it needed to solve.