By Susan Grant, Consumer Federation of America
Last year, California enacted the Consumer Privacy Protection Act (CCPA), the most sweeping state privacy legislation in the country. Even though the law doesn’t go into effect until 2020, there are several bills in the California legislature this year that would either strengthen or weaken it.
Why does that matter to those of us outside of California? What happens in that state, the most populous in the nation (and coincidentally, the home of many of the tech companies whose practices have raised so many concerns about privacy lately) influences what other states may do and what happens in the U.S. Congress. In fact, the CCPA is one of the reasons why interest in federal privacy legislation has really heated up over the past year and why some businesses that resisted it before are now pushing for it – as long as it blocks the states from passing stronger laws. We oppose this because states can move more quickly than Congress to enact and amend laws to protect consumers. This is especially crucial as the fast pace of technology raises new privacy concerns.
April 23 is the first big test of California’s resolve to remain a leader in privacy as a number of bills are heard in the legislature’s Privacy Committee, including AB 1760, which we support. Dubbed “Privacy for All,” this bill, introduced by Assembly Member Buffy Wicks, would improve the CCPA by:
- Enabling consumers to learn which companies have received their personal information through a sale or other form of sharing.
- Requiring companies that share consumers’ data, as well as those that sell it, to get their opt-in consent to do so.
- Preventing companies from punishing people who exercise their privacy rights by charging them higher prices or providing them with an inferior product or service.
A recent poll conducted for the ACLU of Northern California showed that people who are likely to vote in 2020 overwhelmingly support the key provisions in this legislation:
- 94% support new laws that require companies to get permission before they share personal information, and that give Californians the right to know what personal information has been collected and with whom it has been shared.
- 9 in 10 agree that even if they don’t pay money for products like Google, Facebook or Twitter, they still have a right to privacy and their personal information should only be shared with permission.
- 89% say tech companies need to take additional steps to protect personal information.
What’s more, 24 tech companies have come out in support of the bill. They recognize that strong privacy protections gives consumers more confidence in doing business, and that’s good for their bottom lines.
Some things we hoped would be included in A.B. 1760 are missing, such as the ability for consumers to take legal action to enforce their rights (currently the CPPA only provides a private right of action in relation to the data breach section of the law). But there is another bill, SB 561, sponsored by state Senator Hannah-Beth Jackson, which would give consumers the right to sue companies that fail to provide them with the information they’re entitled to, don’t honor their requests not to sell their data, or violate other provisions of the law. Predictably, the ad industry is complaining that this would lead to “frivolous lawsuits.” While the California Attorney General can enforce the CPPA, it will never have the resources to bring action in every deserving case. Private lawsuits are an essential and effective tool to ensure that companies play by the rules and compensate consumers who have been wronged – which is why some businesses fight so hard against legislation that allows them and include language in their one-sided contracts that force consumers to go to arbitration rather than seek justice in court.
We need “Privacy for All,” not just in California but across the country. All eyes are on California to see if it can once again lead the way.