Santa Cruz Tech Beat

Companies

Steve Blum: California’s consumer data privacy law survives lobbyist blitz, more or less intact

By Steve Blum
Tellus Venture Associates
Special to Santa Cruz Tech Beat

September 18, 2019 — Santa Cruz, CA

Big tech, big telecom and big business made a big push in the legislature to water down California’s landmark data privacy law, AKA the California consumer privacy act. They won some minor victories as the 2019 session ended, but did not succeed in making major changes.

A blog post by Christina Hyun Jin Kroll in the National Law Review has a good run down of the bills that did and didn’t make it out of the legislature and onto governor Gavin Newsom’s desk. Companies won a year’s delay in implementation of some of the protections that apply to employment-related information and data collected as a result of some business-to-business transactions, and expanded the scope of what can be considered “public information” that’s not subject to privacy restrictions. “Deidentified” and/or “aggregate” consumer information was also excluded – it’s no longer defined as “personal information”.

The battleground now moves out of the California legislature and into the governor’s and attorney general’s offices, and to federal lawmakers in Washington, D.C. Newsom has to decide whether to sign the bills into law (it’s expected he will). California attorney general Xavier Becerra has to issue detailed rules for complying with and enforcing CCPA. The law technically takes effect in January, but Becerra’s rules won’t kick in until July. His first draft is expected in the next few weeks.

So far, California is out in front of both the federal government and other states on privacy policy, which is making business interests nervous. Dozens of CEOs from major corporations signed a letter addressed to key congressional leaders that urges them to preempt state laws, because otherwise their customers might be confused by “rules that may change depending upon the state in which they reside, the state in which they are accessing the Internet, and the state in which the company’s operation is providing those resources or services”. Their altruism is touching.

There seems to be widespread agreement in D.C. that something should be done, but, naturally, no one can agree on what that something is. For now, California’s data privacy law is on track to become the de facto national standard.

###

Tagged

Related Posts

Sign up for our free weekly email digest!

  • This field is for validation purposes and should be left unchanged.

Follow Now

Facebook Feed

This message is only visible to admins.
Problem displaying Facebook posts.
Click to show error
Error: Server configuration issue