California AG Objects to 5 Sections of CCPA Privacy Law
California Attorney General Xavier Becerra sent a letter last week to the co-sponsors of the California Consumer Privacy Act objecting to five sections of the new privacy law. The letter has been posted online and we have summarized the objections below. They range from concerns about the law’s constitutionality to the increased enforcement cost for the state with the current limited private right of legislation.
The California legislature is currently considering technical amendments to the language adopted in AB-375 to correct a few issues that arose from the abbreviated legislative process. We will have to wait and see whether these changes are incorporated into the new law now or if they decide to wait until 2019 to do so.
Here are the objections from the Attorney General:
Section 1798.155 of the CCPA provides for the Attorney General to offer opinions to any business or third party regarding guidance on compliance with the law. The Attorney General objects to this section since it requires the public to pay for legal counsel for businesses and could create a conflict of interest in enforcement.
2. Civil Penalties
The Attorney General is concerned that the civil penalty provisions as written are unconstitutional because they purport to modify a law that was enacted through a ballot initiative by the California voters and thus cannot be amended by legislation. The Attorney General believes that it can be addressed by replacing the current scheme of penalties with its own enforcement provision.
3. Notification of Lawsuit
The Attorney General called section 1798.150(b)(2), which provides for notification to the Attorney General by a private plaintiff of the filing of a private cause of action in the courts, as an unnecessary requirement that should be eliminated as it “imposes unecessary personnel and administrative costs.”
4. AG Regulations
The Attorney General finds the one-year deadline for establishing implementing regulations unworkable, particularly because the office has historically been an enforcer rather than a regulator. The Attorney General demanded more time to issue strong regulations and the funding to do so. The letter noted that the law has not provided for a budget to either issue regulations or enforce the law.
5. Private Right of Action
The Attorney General urged the legislature to broaden the limited right to sue provided in the law to data breach victim into a broader legal remedy to allow consumers the ability to protect their privacy themselves. The Attorney General believes this would decrease its expenditure for enforcement and become “a critical adjunct to governmental enforcement.”
Here is the link to the Becerra letter:
Other Blog Posts on the California Consumer Privacy Act:
PWC Survey on CCPA: Enterprise Compliance Expected at 52% by January 1, 2020
California Adopts SB-1121 Amendments to Consumer Privacy Act
SB 1121 to Amend California Consumer Privacy Act Soon
SB 1121 Won’t Make Substantive Changes to New California Privacy Law
SB 1121 Amendments Kickoff Debate Over California Consumer Privacy Act Changes
Expect AG to Issue California Privacy Regulations in June 2019
Will California’s Privacy Law Extend to the Rest of the Country?
Big Day for California Privacy Law
California to Pass New Privacy Law: CA Consumer Privacy Act
Improve Data Privacy for GDPR or CCPA with Clarip
The Clarip team and enterprise privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent management software.
Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.