Thank you Chairwoman Jackson and committee members. I am honored to be here.
My name is Todd Weaver, and I think you’ll find both Gabriel and I are quite unusual witnesses from the tech sector here today. This is because we are here as the CEOs of growing technology companies that protect privacy rather than exploit it. I am calling for much stronger consumer privacy protections here in California and around the world, not weaker ones.
I believe the default approach in California should be the right to opt in, rather than requiring all of us to have to inconveniently opt out, of the exploitation of our most personal data across all software, each service and every site we use. As Mr. Mactaggart, whom I’d like to take a moment to thank for his tireless years of effort on AB 375, appropriately stated, a do-not-track browser extension backed by law is helpful for protection on websites, but misses on the widely popular applications and services; this is one of many reasons we need to protect personal privacy by default.
I also strongly support holding companies, like mine, accountable in court if we violate a person’s privacy rights – rights which are guaranteed in the state’s Constitution, but that I believe our laws do not yet fully respect when it comes to the Internet.
I am here to tell you it’s time for California’s extraordinary tech industry to stop harvesting and “sharing” our most personal private data without our meaningful consent and knowledge. You all have the power to make this happen, and I believe the time is long overdue.
Now you have heard some business and tech communities suggesting California’s new privacy law–if not substantially amended (which of course means weakened) before it is allowed to go into effect–is going to cause extraordinary business hardship and confusion. These are of course the same arguments that were made by many of these same companies regarding Europe’s GDPR – but since the GDPR went into effect, these companies have continued just fine, and in most cases have grown profits. That is real evidence that California’s new privacy law is not going to destroy Internet commerce as we know it.
I am here to tell you that AB 375 (or stronger) protections – just like those in the GDPR – are not going to be hard to implement. The key is whether we, companies, are willing to simply begin to honor our customer’s privacy rights by designing our services to be privacy-protecting by default, rather than privacy-exploiting by default.
Is this possible? Yes. I am here to tell you that my growing company was founded on the simple principle that privacy is a right and needs to be the default in all products and services.
Let me be clear: technology advancements can absolutely be rooted in moral values and still lead innovation. Society’s technology genius is not lacking, its moral genius is. And this is where you come in. Technology innovation that complies with privacy protection is easy. Let me restate: it is easy to operate a successful business, while playing by the rules you set.
I started Purism when I came to realize that my two daughters, like all children, need convenient products and services that protect them, rather than exploit them. As a technologist, I understand painfully well how much the technology sector can exploit my kids with ease. For example, as each of you, critical policy-makers, will come to realize, your smartphones track your exact location and everything done on that device, every millisecond of every day, and record that personal data permanently for retrieval at any point in the future. Not forgetting every search, chat message, photo, video, and every article you read.
Well here’s the bad news: the current unregulated exploitative models in use today ensure everything you do in the digital world leaves exacting, privacy invading, excruciating details about you permanently.
That’s why, in 2014, I started Purism. It is a social purpose company completely founded on privacy-protection principles. Purism is already manufacturing in California, and assembling these laptops right here, including the operating system, applications, and bundled services that will not track you, period. Purism is growing triple-digits year over year; future innovation and job creation around privacy by design is the future that California needs to lead on.
Consumer demand for privacy is real and happening, and needs to be the default.
This year we will be manufacturing a security and privacy-designed phone with bundled services that comply with AB 375, and go even further with opt-in by default for all offered services. Use these phones and your most sensitive details will be under your control and kept completely private. Isn’t that a confidence level we all should have?
This is done by a simple approach: privacy by design. And this is an approach all tech companies can implement if they are truly committed to privacy, beyond just marketing slogans.
As AB 375 seeks to make clear, privacy is a right, and your every location and every communication and every web page and every search stored permanently should not be exploited to use needed services online.
I strongly suggest the time has come for Californians to take back their constitutional right of privacy on the Internet, and urge you to substantially strengthen the privacy protections afforded by AB 375.
For your, and my children’s sake. Thank you.