Policy \ Govt Initiative


California is a major center of new privacy law and regulation, creating opportunities for internet safety advocates to help design policies that will ripple out well beyond the state’s borders. Their Privacy Rights Act (CPRA), passed by ballot proposition in 2020, created the California Privacy Protection Agency (CPPA), which seems to be getting closer to initiating its first formal rulemaking process.

California law requires a data broker, as defined in California Civil Code § 1798.99.80, to register with the Attorney General on its internet website that is accessible to the public, on or before January 31 following each year in which a business meets the definition of a data broker.

On May 4th, California Governor Gavin Newsom signed into effect a “Blockchain Executive Order”

“[to] assess how to deploy blockchain technology for state and public institutions, and build research and workforce development pathways to prepare Californians for success in this industry”.

We have monitored and involved ourselves in this new agency since its inception, and Lisa LeVasseur (our Executive Director) and Noreen Whysel (Director of Validation Research) shared their expertise on product audits and dark patterns, respectively, in a recent pre-rulemaking CPPA Stakeholder Session (May 5-6).

California SB1190 that would establish a “Trust Framework” at the state level. This bill was introduced to the state senate in early March by Robert Hertzberg, close friend of Los Angeles billionaire investor Nicholas Berggruen

The Verifiable Credential’s Policy Committee, (that Kaliya Chairs) in California had a big win this week

As an abstract of the bill explains, while existing law requires such records “to contain certain information and to be printed on chemically sensitized security paper, as specified,” the new legislation enables a county recorder to, upon request, issue a birth, death, or marriage record “by means of verifiable credential, as defined, using blockchain technology, defined as a decentralized data system, in which the data stored is mathematically verifiable, that uses distributed ledgers or databases to store specialized data in the permanent order of transactions recorded.”

The California Privacy Rights Act of 2020 (“CPRA”) established the California Privacy Protection Agency (“CPPA”). The CPPA has full administrative power and authority to implement the CCPA and CPRA, which basically means that the CPPA will be in charge of updating regulations and adopting new regulations, while enforcement of these regulations will be done by both the CPPA and the Attorney General

May be of interest: https://www.latimes.com/california/story/2021-06-18/california-unveils-system-to-provide-digital-covid-19-vaccine-records

SMART Health Card Framework: https://vci.org/about#smart-health

To achieve this purpose, the founding members of VCI™ have collaborated to develop (1) the SMART Health Cards Framework Implementation Guide based on the World Wide Web Consortium (W3C) Verifiable Credential and Health Level 7 (HL7) SMART on FHIR standards, and (2) the SMART Health Cards: Vaccination & Testing Implementation Guide.

If you are in California, you can get your vaccine record here: https://myvaccinerecord.cdph.ca.gov/

You’re invited to participate in an exciting pilot program being launched by ATB Ventures and the Government of Alberta.