Even a few short years ago, it seemed unlikely that Congress would enact comprehensive privacy legislation. But a series of high profile data breaches; increasing concerns about data practices, particularly when connected to political micro-targeting; fears about the rise of autonomous, and potentially invisible, decision-making; and the passage of far-reaching foreign and now State privacy laws have all changed the zeitgeist. Congress has taken notice, and, for the past year, Data Matters has been closely following the Legislative Branch’s moves as it a federal privacy bill looks more likely than it has in a generation. (more…)
When California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law on June 28, 2018, there was broad agreement that revisions and clarifications were necessary. The CCPA was written and enacted with extraordinary speed, as legislators felt the need to move quickly in order to preempt a data privacy ballot initiative that had received enough signatures to be placed on California’s November ballot. Consequently, June 28 was, in many ways, the beginning of a debate over the specifics of the CCPA, rather than the end. Indeed, the California legislature has already passed a “clean-up” bill to address concerns expressed about the CCPA, and heated debates over the meaning and merits of specific provisions continue. (more…)
With the midterm election out of the way, legislators on Capitol Hill and in state capitols are getting ready to consider the future of data privacy regulation in 2019 and consumer and industry groups continue to weigh in on the ongoing debate. The debate has begun to move from principles and frameworks to drafting of legislative language.
As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy. Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates. First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year. Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States. As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts. (more…)
* This article originally appeared in Law360 on September 27, 2018.
The growing network of internet of things (IoT) devices is expected to reach 30 billion devices by 2020. Despite this tremendous growth, the state of IoT regulation is patchwork at best. Although the FTC is the primary security regulator for consumer IoT devices, there are no comprehensive regulations or laws specific to the unique challenges of the IoT market. This absence of clear and unambiguous standards can be a burden for IoT companies who are looking to innovate while maintaining their customers’ privacy. (more…)
On Friday, August 31, the California legislature unanimously passed a host of “clean-up” amendments to the new California Consumer Privacy Act (CCPA), AB 375, as it set about addressing flaws and other concerns in the state’s groundbreaking data privacy law. These amendments are now awaiting Governor Brown’s signature. (more…)
On June 29, the day after California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law, Data Matters provided a summary of the important new legislation. In doing so, we noted that the law was scheduled to go into effect on January 1, 2020 and that, if and when it did, it would be the “broadest privacy law in the United States” and “may well have an outsize influence on privacy laws nationwide.” Because of this, we further predicted that “[t]he coming months will no doubt stimulate considerable legislative and litigation activity to test the acceptability of [the CCPA’s] effects on interstate commerce, free speech, commercial innovation, reasonable regulatory burdens and meaningful privacy protection.” (more…)
*UPDATE: The ballot initiative has been replaced by a new California law, AB 375. Please see California Enacts Broad Privacy Protections Modeled on GDPR for more information.
On June 25, 2018, California Secretary of State Alex Padilla announced that a potentially significant privacy initiative is eligible for the Nov. 6 general election ballot. If passed, the ballot initiative — the California Consumer Privacy Act (CCPA) — would immediately make sweeping changes to California’s privacy laws. This initiative would likely create a de facto national standard on transparency around third-party sharing as well as consumer rights to restrict data sharing and could affect many business models that depend on data monetization to offer a free good or service. Many see the law as having echoes of the new European General Data Protection Regulation (GDPR) that went into effect on May 25. If voters pass the initiative, it would go into effect shortly after the election — providing little time to develop an extensive internal regulatory program, yet providing immediate exposure to penalties for failures to have those extensive compliance processes in operation. (more…)