` EFF and Privacy Organizations Suggest Technical Corrections for SB 1121 - Clarip Privacy Blog
ENTERPRISE    |    CONSUMER PRIVACY TIPS    |    DATA BREACHES & ALERTS    |    WHITEPAPERS

EFF and Privacy Organizations Suggest Technical Corrections for SB 1121

The Electronic Frontier Foundation (EFF) and other organizations supporting the California Consumer Privacy Act today made public their letter from last week to its authors in the California Legislature opposing recent efforts to weaken the new privacy law.

The EFF and supporting organizations encouraged the legislature to limit SB 1121 to technical fixes in order to clean up inadvertent errors from the bill’s fast trip through the House and Senate. It denounced efforts by organizations to rush through substantive changes at the end of the legislative session that would weaken the California Consumer Privacy Act.

The letter does suggest a few technical corrections to AB 375 that should be adopted in order to fix inadvertent errors. These include:

Sec. 1798.120(d): Change the opt-in reference to between 13 and 15 years of age (rather than 16) to stick with the clear legislative intent to provide the opt-in to children under 16 years of age and not 16 year olds.

Sec. 1798.145(i): Clarify that businesses do not need to collect extra data in order to comply with the law.

Sec. 1798.150(a): Correct the language about encryption and redaction in the language about the creation of the consumer cause of action.

Sec. 1798.145(a)(5): Clarify the definition of personal information.

sanfrancisco

The letter specifically opposes a number of suggested changes that were made recently by business organizations. It defends the:

Right to Access: It argues for maintaining the ability to receive specific pieces of personal information. The EFF calls it consistent with what global companies offer Europeans and an important transparency measure for consumers.

Data Portability: The letter argues that removing this section would make it harder for consumers to switch providers, locking them into services where the price or practices were no longer favorable.

Definition of Personal Information: Although the EFF does not oppose rewriting the definition of personal information to make it clearer, they warn that the industry proposals to remove probabilistic identifiers would weaken the law at the same time that businesses use such information every day to make decisions about consumers.

Right to Opt In: The EFF opposes the adoption of an actual knowledge requirement in order to impose liability for a violation of the right to opt in. They contend that doing so would “substantially remove explicitly chosen protections for the most vulnerable among us ….”

Right to Opt Out: The EFF would maintain the current all or nothing characteristic of the right to opt out rather than provide for more granular controls by businesses or the creation of an account in order to make identification easier. The EFF warns that to do so would make it “needlessly complicated.”

This is going to get interesting. It seems like there is going to be a lot of additional back and forth on the final details of the law going into 2019 as well as during the rulemaking process by the California Attorney General.

Improve Data Privacy for GDPR or CCPA with Clarip

The Clarip team and privacy management software are ready to meet your compliance automation challenges. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.

If compliance with the California Consumer Privacy Act is your focus until 2020, ask us about our CCPA software. Handle automation of data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with the consent software.

Need to improve your GDPR compliance solution? Clarip offers modular GDPR software that can fill in gaps in your privacy program. Choose from the data mapping software for an automated solution to understanding your data collection and sharing, conduct privacy risk assessments with DPIA software, or choose the cookie consent manager for ePrivacy.

Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.

The pixel
Show Buttons
Hide Buttons