On November 6, 2018, voters in San Francisco will decide whether to enact the city's Privacy First Policy that aims to protect the personal information of residents and visitors from abuse by companies doing business in San Francisco. The policy establishes a set of privacy principles to guide the city's government when considering the adoption of privacy policies, laws, and regulations, and when determining whether to issue permits, licenses, or other entitlements to the its contractors and third parties. If the policy is passed, businesses in San Francisco would be required to disclose their data collection policies and obtain input from communities impacted when drafting those policies.
According to the city supervisor, the policy is motivated primarily by the city's sense of responsibility to set ground rules that protect the best interest of the general public as the information technology sector shap[es] much of our city's identity. The policy rides the coattails of the California Consumer Privacy Act passed in June 2018, which empowers consumers with various rights such as the right to know what information is being collected about them and whether it is being sold and the right to opt out of the sale of their personal information.
On July 24, 2018, San Francisco city supervisors unanimously approved placing the policy initiative on the November ballot. The initiative cites 11 principles for the city to abide by in adopting privacy laws and regulations:
Engage with and inform those likely to be affected by the collection, storage, sharing, or use of their Personal Information prior to authorizing and prior to any change regarding the collection, storage, sharing, or use of their Personal Information. Ensure that Personal Information collected, stored, shared, or used is done so pursuant to a lawful and authorized purpose. Allow individuals to access Personal Information about themselves that has been collected, and provide access and tools to correct any inaccurate Personal Information. Solicit informed consent to the collection, storage, sharing, or use of Personal Information, and provide alternative and equal access to goods and services for those who deny or revoke consent. Discourage the collection, storage, sharing, or use of Personal Information, including potentially sensitive demographic information, unless necessary to accomplish a lawful, authorized purpose. De-identify data sets collected for...