Mactaggart had agreed to whittle down his biggest stick: The private right of action would permit consumer lawsuits only in the case of a traditional data breach, as when your credit-card information is stolen. And instead of naming every third party they shared your data with, companies would have to disclose only the kinds of data they were sharing, an obligation the companies already had to European consumers under G.D.P.R. Many privacy activists hated the deal, and some of the same groups that had refused to support Mactaggart’s initiative now savaged him for compromising on it. The A.C.L.U. and E.F.F., both of which rely heavily on civil litigation to win advocacy battles, were particularly upset by the narrowed private right of action.

But as Mactaggart saw it, the core of his initiative remained intact — and was in some ways strengthened. Now you could see exactly what information Silicon Valley and the data brokers had collected about you. You could still demand that they stop selling or swapping your data. And if they refused, the California attorney general could investigate and impose fines. Even in this reduced form, Mactaggart and Soltani believed, this would be the most stringent consumer-privacy law in the country — the most significant step in years toward regulating the surveillance capitalists, and a proof of concept for activists and industry alike. If it passed, the tech industry could no longer claim that no one cared about privacy, or that data rules would kill jobs, or were too technically challenging. California’s attorney general could police the entire industry, while other states worked on their own versions of the rules. “Under this law, the attorney general of California will become the chief privacy officer of the United States of America,” Mactaggart argued. Eventually, it might drive the tech industry back to the negotiating table in Washington, in hopes of getting a single national standard.

The next morning, Hertzberg summoned tech lobbyists to a meeting. They had a simple choice, he explained. They could agree to the deal, or take their chances with Mactaggart in the fall. Hertzberg told the lobbyists they could probably scare his colleagues into killing this new bill, too. But Mactaggart’s initiative was polling extraordinarily well. To beat him in November, the tech industry and its allies — the cable companies, the data brokers and the financial companies and retailers that used their data for advertising — would have to mount a huge negative campaign, at considerable cost to their own image. “And if they do, we’ll be right back here next year,” Hertzberg told me later that day.

Legislative staff members had finished rewriting AB 375, and a deal seemed imminent. That Friday, as he drank his morning coffee, Mactaggart decided to read the new bill — the fine print — one more time. He noticed a seemingly minor alteration in one section, the kind of thing most people would skip over. Mactaggart realized it would completely gut what remained of the private right of action. Furious, he called Hertzberg and Chau and told them the deal was off. Neither lawmaker could explain who made the change, Mactaggart told me, but Hertzberg scrambled to fix it. “In most negotiations, you are talking to all these different interest groups,” Hertzberg told me recently. “This is a situation where we had to go and reach out to everyone and bring that information to Mr. Mactaggart and ask him what he wanted to do.” By Monday morning, the deal was back on again.

That Tuesday, Facebook signaled that it would not fight the bill. In a statement emailed to reporters, Will Castleberry said that “while not perfect, we support AB 375 and look forward to working with policymakers on an approach that protects consumers and promotes responsible innovation.” At hearings, industry representatives complained that they had been put in the impossible position of either accepting the compromise or fighting a ballot initiative they had no power to change. “The internet industry will not obstruct or block AB 375 from moving forward,” the Internet Association announced, “because it prevents the even-worse ballot initiative from becoming law in California.” Soltani wryly pointed out that Mactaggart had offered Silicon Valley a take-it-or-leave-it privacy policy — the same kind that Silicon Valley usually offered everyone else.

That Thursday, California lawmakers began voting on the bill. Mactaggart, who wore a blazer and khakis, watched from the Senate gallery with his wife. As the vote was called, Mactaggart kept his eyes on the electronic billboard where votes were recorded: One by one, almost every light flipped to green. They walked over to the Assembly, where much the same scene unfolded. In the end, not a single lawmaker in either chamber voted against the compromise.

Political power is a malleable thing, Mactaggart had learned, an elaborate calculation of artifice and argument, votes and money. People and institutions — in politics, in Silicon Valley — can seem all-powerful right up to the moment they are not. And sometimes, Mactaggart discovered, a thing that can’t possibly happen suddenly becomes a thing that cannot be stopped.

I spoke to Mactaggart shortly after the vote. “It felt like a moment — people didn’t want to be on the wrong side of this issue,” he observed. A part of Mactaggart was already thinking ahead. The legislation would not take effect until 2020, and both the Legislature and the tech industry would have a chance to amend the new law beforehand. In the weeks after the vote, as Silicon Valley’s accumulated troubles sent shares in Facebook and other tech companies plummeting anew, their lobbyists were back on the march. The Trump administration was convening meetings to discuss a new national privacy standard, one that would perhaps override California’s newly minted statute. There would be plenty of chances for mischief. But as he basked in the victory, Mactaggart was giddy, even emotional. “Everyone who could have blocked it didn’t,” he said. “When the system wants to work, it can.”