Package of Privacy Bills Advances in California Legislature
A bevy of bills would create additional consumer protections, but key parts of the legislation have shifted or fallen away since originally introduced. They include restrictions on what data voice assistants can store.
A privacy legislation package designed to give added protections to consumers while also augmenting the landmark California Consumer Privacy Act (CCPA) is making its way through the state Legislature — though its contents have changed significantly since originally introduced.
The Your Data Your Way initiative was introduced in late January by a cadre of Republican Assemblymembers, with the basis being additional data privacy protections.
A number of bills in the package recently made their way through the state Committee on Privacy and Consumer Protection (P&CP) — and now face a potential vote on the Assembly floor. If the bills pass the Assembly, they will then move on to the Senate and come one step closer to becoming law.
However, the package has gone through significant changes during committee process — with some pieces of legislation remaining largely unscathed, while others have been tabled or substantially altered.
The initiative when initially introduced consisted of five pieces of legislation:
- One of the more prominent bills within the package would create a corporate notification requirement relative to data breaches. The bill, introduced by Assemblyman Chad Mayes, originally would have asked that companies notify consumers within 72 hours of a data breach. However, the bill’s text now gives companies a window of 45 days to notify affected consumers. This would still put tighter restrictions on companies, which, according to current California laws, must notify consumers “in the most expedient time possible and without unreasonable delay.” The bill recently exited the P&CP Committee and will be voted on in the House.
- A bill that would have allowed consumers to request that social media companies delete their personal data after they had closed their accounts has been pulled from consideration. The bill would have also prohibited companies from "selling that information to, or exchanging that information with, a third party in the future, subject to specified exceptions." The bill, which was introduced by Assemblyman Jordan Cunningham, was pulled from consideration in the P&CP Committee and has instead been converted into a “two-year bill,” which means Cunningham will continue to do work on it with the hope of reintroducing it next year. “He is committed to continuing to work on that bill over the course of this year,” said Nick Mirman, legislative aide to Cunningham. “It’s been tabled for the rest of this year and we plan on continuing to work with stakeholders to craft a bill that accomplishes the same goals that the Assemblyman has.”
- The "Anti-Eavesdropping Act," also sponsored by Cunningham, would curb the kind of data collection that tech companies can conduct through smart devices like Amazon Alexa or a Google Home device. The bill would ban companies from storing and selling data collected through voice commands without written consent from individual consumers. The bill recently exited the P&CP Committee and is expected to be voted on “in the next few weeks,” said Mirman.
- The "Family Green Light Bill” is being sponsored by Assemblyman James Gallagher and would require social media companies to receive a parent or guardian’s permission before a child under the age of 16 could use their platforms. The point of the bill is to give parents greater control over the amount of social media they are exposed to, Cunningham said in an interview with Techwire. The legislation recently exited the Committee on Appropriations and is currently on the Assembly floor and will be voted on in the coming weeks, said a representative of Gallagher’s office.
- A non-binding resolution on “21st Century Monopolies” had been announced as part of the bill package that would have called on Congress and the Federal Trade Commission to update federal anti-trust laws to be more effective — with a particular eye toward reining in big tech companies. However, the language within the resolution has yet to be clarified, according to Cunningham. “We’re still working on the language of it,” he said. “We’re trying to build a broad coalition and get a consensus and be thoughtful about it. ... Monopolistic behavior, like all large aggregations of power, historically is really bad for the little guy and the public.”
The initiative’s larger goal to augment and hone the regulatory framework put forth by the CCPA is an important one, according to Cunningham.
“I was proud to vote for it,” Cunningham said of the CCPA during an interview with Government Technology, while also noting that he felt it was “passed in quite a hurry. ...There are some issues that need to be cleaned up. ...We need to make sure that we’re narrowly tailoring [the legislation] to the problem. But it’s a strong law — it’s stronger than anything we have federally.”
Ultimately, Cunningham said, he felt that privacy was an issue that both sides of the political spectrum could come together on.
“Privacy is a very bipartisan — I would even say nonpartisan — issue,” he said. “I’m very thankful to have colleagues on both sides of the aisle willing to take on this fight. There are some very well-financed groups that have a lot of clout that have thus far opposed these bills, but I’m willing always to collaborate with anybody to accomplish the goal.”