Home

Donate
Perspective

Californians Deserve Better than Newsom’s ‘DOGE but Better’

Sara Geoghegan / Aug 1, 2025

California Governor Gavin Newsom delivers remarks on April 4, 2024. Source: US Department of Interior Bureau of Reclamation photo. CC by 2.0

In Washington, the so-called Department of Government Efficiency has slashed federal regulation and left consumers in harm’s way, a plan orchestrated and implemented by tech billionaire Elon Musk. Now California is following this dangerous path of weakened regulation, aided and abetted by California politicians and regulators.

California has long heralded itself as the leader of data privacy protections in the US. The state has effectively set privacy standards for users across the country as many companies have changed their data practices to comply with requirements set by the first-of-its-kind California Privacy Protection Agency. But California is losing its edge, and industry is getting what it wants as the governor and agency cower to Big Tech’s interests at the expense of consumers and workers.

For years, the state’s privacy watchdog has been developing regulations to implement and clarify the landmark California Consumer Privacy Act (CCPA), including regarding automated decision-making technologies (ADMTs) and risk assessments that the agency recently finalized.

The California Privacy Protection Agency promulgates regulations to help implement the state’s watershed privacy law. The agency’s process includes proposing regulations, receiving feedback from the public, amending regulations as it saw fit, and voting to finalize proposed regulations.

In 2023, the agency proposed regulations regarding ADMTs and risk assessments that were not perfect, but overall offered strong protections for Californians against some of the riskiest processing of their personal information. The agency then promulgated different versions, first in November and then again this year, with the latest iteration offering significantly weaker protections.

Earlier versions of the regulations included a broader definition of ADMT, a lower threshold for ADMT uses that trigger risk assessment requirements, and included the use of behavioral advertising as a trigger for risk assessments.

The newest definition of ADMTs is narrower, stipulating that systems with a human in the loop would not be covered. This excludes many entities that might use an ADMT for a significant decision, even if the human involved simply rubber stamps the ADMT decision. Similarly, the 2025 threshold for uses of ADMTs that trigger risk assessments were narrowed, excluding many harmful uses from coverage.

Originally, an entity was required to conduct a risk assessment when an ADMT was used to make a “significant decision,” but decisions around criminal justice, insurance, or essential goods and services were removed from the latest regulations. This means that ADMT uses in these categories — which can gravely impact a person’s well-being — do not trigger a risk assessment. Additionally, behavioral advertising was removed as a trigger for a risk assessment.

These rollbacks were a result of the tech industry's push to have fewer and weaker regulations. Big Tech spends massive resources lobbying for rules that help it evade responsibility. It is panning out in California.

Governor Gavin Newsom (D), who is friendly with Big Tech billionaires, asked the agency to weaken its rules around ADMTs. According to Politico, Newsom wrote to the agency warning that its regulations “could create significant unintended consequences and impose substantial costs that threaten California’s enduring dominance in technological innovation.” Politico reported that “Newsom’s message is likely a welcome one for businesses and tech lobbyists,” noting that labor unions and privacy advocates would disagree.

The gutting of these regulations harms consumers, and the finalized regulations do not include risk assessments robust enough to protect Californians.

Risk assessments increase transparency and hold companies accountable because they require them to provide enforcers and consumers with summaries of potentially harmful data practices. Requiring companies to determine their privacy risks and explain how their practices’ potential benefits outweigh them should be a required business practice. These regulations could have been a crucial step toward tech companies moving away from their “move fast and break things” ethos and toward more responsible business practices.

California once did what seems impossible on a federal level: It passed a ballot measure to address the problem of an unregulated internet. The issue became popular enough with voters that the state’s legislature and governor established a new privacy law, and later a new privacy agency, to address the harms that voters spoke out about. This progress is why it is even more disappointing now that these same regulators are moving backward.

Industry is pushing arguments that are antithetical to the agency’s mission and the law’s mandate. The board is giving the gift of weak regulation to Big Tech, maintaining the status quo that the agency was built to disrupt while undoing the progress it has already made. Newsom is in on it too, taking a page out of President Donald Trump’s playbook by rolling out the red carpet for tech billionaires.

The governor has provided top tech executives with burner cell phones with his personal phone number for access and said he wants California to do “DOGE but better” — even as the DOGE-facilitated federal surveillance state comes for California. I personally don’t dream of a better DOGE, but a world without DOGE at all.

While the country has watched Trump and Musk gut the federal government to promote their deregulatory agenda, California’s governor and privacy watchdog have chosen to follow Trump’s lead by favoring Big Tech’s interests and watering down regulations that were meant to protect the state’s residents.

We need leaders and regulators that prioritize the well-being of us all. We need meaningful regulations and robust enforcement. We don’t need DOGE.

California leaders need to decide: Do they want to build a safer, less discriminatory internet that prioritizes the well-being of each person over tech companies’ record profits? Or do they want to follow in Trump’s footsteps by allowing Big Tech to write — and unwrite — the rules at the expense of us all?

Californians, and all Americans, deserve privacy protections that aren’t watered down under pressure from Big Tech and politicians trying to cozy up to billionaires. And if the state doesn’t stand up to Big Tech, it risks losing its spot as the nation’s leader in privacy regulation.

Authors

Sara Geoghegan
Sara Geoghegan is Senior Counsel at EPIC. She focuses on commercial surveillance, consumer privacy, and health and reproductive privacy. She is a graduate of UIC John Marshall Law School in Chicago. During law school, she served as the Editor-in-Chief of the UIC Journal of Privacy & Technology Law, ...

Related

Perspective
California Governor’s Report Sidesteps AI LiabilityJune 23, 2025
Podcast
An Interview with California's New Chief Technology Innovation OfficerMay 29, 2025
Transcript
Transcript: Elon Musk's DOGE Farewell Press Conference with President TrumpMay 30, 2025

Topics