Ever since the adoption of California’s far-reaching privacy law last June, a coalition led by the California Chamber of Commerce has been working diligently to fix problems with the act before it takes effect on January 1, 2020.
The coalition is supporting legislation to prevent negative, unintended consequences for consumers and businesses, especially small businesses, from the California Consumer Privacy Act (CCPA).
The coalition also is opposing bills that thwart the intent of the law.
Explanations about the pending legislative proposals and an easy way to contact lawmakers are available at the coalition website, www.makeprivacy.work.
Among fixes being supported by the CalChamber and coalition are bills that will:
• Clarify that employees and job applicants are not classified as “consumers” under the law – AB 25 (Chau; D-Monterey Park).
Under the CCPA, “consumers” have the right to know what personal information has been collected about them, as well as the rights to access, delete and opt out of the sale of their personal information. The CCPA defines “consumer” as any California resident.
Without clarifying legislation, a “consumer” under the CCPA could be interpreted to include employees and job applicants, with serious unintended consequences. For example, an employee accused of sexual harassment could ask a business to delete complaints about that employee.
AB 25 will fix this concern and create safeguards to ensure that businesses are not required to give sensitive personal information to someone who could be a fraudster posing as a consumer.
• Clarify access to customer loyalty and rewards programs – AB 846 (Burke; D-Inglewood).
Under the CCPA, frequent flier miles, rewards levels, hotel points, and other retailer programs could be erased or changed, affecting millions of people who have spent years and dollars acquiring these popular benefits.
AB 846 simplifies the non-discrimination section of the CCPA and will ensure that loyalty and rewards programs can continue to operate once the CCPA takes effect.
• Fix the definition of “personal information” to clarify operational uncertainties and eliminate unintended consequences – AB 873 (Irwin; D-Thousand Oaks).
Most people think of personal information as data that could identify someone, like birthdates or Social Security numbers. The CCPA defines personal information far more broadly—as any information that is “capable of being associated” with a consumer or household.
For example, if an online customer browses a store’s website without logging in and then asks the store to delete all of the customer’s personal information, the store could be on the hook to search for and delete IP addresses that could be associated with the customer—even if the store never linked that data to a person and kept it only to perform web analytics.
This means that in order to respond to these CCPA requests, businesses would need to collect more of a customer’s personal information and keep that information all in one place, making it more vulnerable to hackers.
AB 873 fixes this problem by making the definition of personal information more reasonable, without eroding privacy rights.
• Fix language in the CCPA that is unworkable and likely unconstitutional – AB 874 (Irwin; D-Thousand Oaks).
The CCPA limits businesses’ distribution of “information lawfully made available from federal, state or local government records.”
This limitation is unconstitutional and creates practical problems for businesses that rely on the free flow of public records information, including those involved with real estate, journalism, credit reporting and background checks. The restriction also could impede consumer access to housing prices on popular real estate websites.
AB 874 fixes the problematic language in the CCPA.
• Ensure businesses can continue to prevent identity theft and other crimes – AB 1416 (Cooley; D-Rancho Cordova).
The CCPA unintentionally undermines businesses’ efforts to protect consumers from identity theft and to prevent other crimes, such as money laundering or human trafficking.
The CCPA also unintentionally restricts the sale of data to governmental entities in a way that will have a profoundly negative impact on many government services, including reuniting foster youth with relatives and preventing fraud in governmental benefits programs.
AB 1416 fixes both these problems.
The CalChamber and coalition strongly oppose SB 561 (Jackson; D-Santa Barbara), which creates new ways for trial attorneys to sue businesses without cause and has been tagged a job killer.
SB 561 would allow trial attorneys to test businesses’ ability to comply perfectly with the complexities of the CCPA. This will be strict liability—with no proof of injury—even for reasonable differences in interpretations of a law that can be vague and ambiguous.
Privacy experts disagree over certain provisions of the law, and allowing a flood of class action litigation on technical violations is not the way to get clarity. It is a significant and unfair burden on businesses, especially small businesses.
SB 561 also rolls back both businesses’ right to seek guidance from a regulator and their right to cure in case their good faith efforts to comply with the many nuances of the CCPA fall short.
The CalChamber encourages members to contact their legislators to support the legislative fixes to the CCPA. To send an email to your representatives and sign up for updates on the coalition’s activities, including the legislative solutions being negotiated, visit the coalition website at www.makeprivacy.work.