More Technical Amendments Suggested for CCPA; CA GOP Introduce Another Privacy Bill
The privacy debate is heating back up in California with the organization that kickstarted the California Consumer Privacy Act (CCPA) defending it and California Republicans in the Assembly proposing additional protections in a new privacy bill.
— Californians for Consumer Privacy suggest new technical amendments to the CCPA
Californians for Consumer Privacy and Common Sense Kids Action sent a letter in mid-January to Assemblymember Ed Chau and Senators Robert M. Hertzberg and Bill Dodd suggesting additional technical amendments to the CCPA. The letter explains the reasoning behind five changes to the law (passed in June 2018 as AB 375 and amended a few months later by SB 1121). It also makes a few other changes that are labeled self-evident typographical errors or omissions or cross-reference corrections.
A quick run down of some of the changes:
The recommended change to Section 1798.115(a) would eliminate a discrepancy with Section 130(a)(4)(C) by including a required disclosure of the categories of persons to whom personal information was disclosed for a business purpose. The corrections in this section would also change usage of the term “third party” to “person” in order to broaden the disclosures captured beyond those operating without a contract, which is captured by another disclosure.
The recommended change to Section 1798.120(c) would eliminate a discrepancy in the text regarding the age at which a consumer must be given opt-in consent. The text will be changed from its current text of between 13 and 16 years of age. This will reflect the overall legislative goal to provide the right to consumers who are less than 16 years of age.
The exception to the prohibition on discrimination for the exercise of consumer rights in section 1798.125 has a few errant references to the value provided to the consumer. Instead, the difference in the goods or services must be reasonably related to the value provided to the business by the consumers’ data.
The suggested technical corrections also include two changes to the definition of personal information – one clarifying the conditions upon which government information is considered publicly available and the other specifying that deidentified or aggregate consumer information is excluded from the term “personal information” rather than the term “publicly available”.
Other clarifications that were considered obvious and not explained in the letter:
– Adding portable format rather than just a reference to being portable.
– reference to the section number of the financial incentives.
– correct a reference to the section providing the right to opt-out contained in the delegation of authority to the California Attorney General.
– a few other minor alterations of text, such as changing a by to from and moving the location of a reference to “or as otherwise permitted by this title”.
Californians for Consumer Privacy intends to submit potential substantive changes to the legislature in the future. They also warned that they would defend against any efforts to erode the consumer rights provided by the CCPA.
— New Privacy Bill Introduced into California Legislature
On National Data Privacy Day, California Assembly Republicans introduced their #YourDataYourWay privacy bill, AB 288, to regulate social media companies.
This legislation would require a social media company to offer users . It would provide for a consumer that suffers damages with a private right of action to seek actual damages, court costs and attorney’s fees, plus for willful violations, punitive damages of not less than $100 and not more than $10,000 for each violation. The proposed bill also permits class actions.
The bill was introduced by Assembly Member Jordan Cunningham, representing California’s 35th District (San Luis Obispo County and portions of Santa Barbara) The list of co-authors includes: Assembly Members Chen, Gallagher, Lackey and Mayes.
The Republicans are expected to push for additional privacy protections in the coming months, including:
– Limiting retention and mining of data from smart speakers.
– Require parents’ permission for minors to use social media.
– Inform consumers within 72 hours of data breaches.
– Restrict voice-activated devices from storing recordings without your consent.