A Landmark California law to enact the strongest privacy rules in the country and regulate the online marketplaces of personal data is caught in a tug of war between industry lobbyists who want to weaken it and consumer groups who believe it doesn’t go far enough. The California Consumer Privacy Act (CCPA) will take effect in January 2020.
- There are at least 30 state-wide proposals for data privacy. Would a national policy be better than a patchwork of policies?
- Could the right federal law provide broader and stronger privacy protection? For example, a privacy law that authorizes the Federal Trade Commission and state attorney generals to enforce it.
- Should businesses work with the Federal government or state governments to protect personal data rather than fight it? If you were a CEO of a tech company, what actions would you take in working with the government on stronger privacy and protection laws?
- Should privacy laws like CCPA rely on the concept of notice and consent which places a burden on the consumer? Would a more effective law shift the burden away from individuals and onto the businesses that collect personal information?
- All of these industry interests are trying to weaken privacy in California,” says Jacob Snow, staff attorney with the ACLU of California. “The Privacy Committee members who were present revealed their constituencies are tech companies.”
- One bright spot for privacy groups is a bill that advanced out of California’s Senate Judiciary Committee, which would give Californians the ability to sue for violations of their privacy rights under CCPA.
- There is also an ongoing battle in Washington, DC where tech and other industry groups are pushing Congress to pass a federal privacy bill that would override state privacy laws altogether.
CCPA was intended to give the state’s residents unprecedented control over how companies use their data. CCPA includes the ability to request the personal data collected by businesses, demand it be deleted, and opt out of having data sold to third parties, among other actions.
Voices on both sides of the privacy debate believed it needed fine tuning from its passage in June 2018. Last week, the California Assembly’s Committee on Privacy and Consumer Protection advanced a series of bills that would either amend CCPA or create exemptions for certain categories of businesses. These bills received widespread backing from business groups, including the California Chamber of Commerce, as well as leading tech lobbying firms that represent companies such as Facebook, Google, Amazon, and Apple. But privacy groups almost unanimously opposed them, concerned that state lawmakers are about to dismantle the country’s most robust privacy law before its implemented.
Consumer advocacy groups want to ensure that people have a clear and easy way to “globally opt out” of having their personal data collected and sold, regardless of whether they can decide to opt out for certain types of data.
Unlike the EU’s General Data Protection Regulation, which requires companies to ask consumers to “opt in” to having their data collected or sold and sets high fines for violations, California’s privacy law gives people the chance to “opt out” and have their data deleted and sets smaller penalties for violators.
It is critically important, they say, to close loopholes in the law that could create a “pay for privacy” model in California, giving companies permission to charge higher prices or offer lesser quality services to customers if they exercise their privacy rights.