Don’t look now but California wants to regulate your internet. What could go wrong?

Consumers are rightfully concerned about data security and personal privacy. Data breaches, hacking and poor personal security practices have compromised internet users’ financial and personal information. Large majorities of Americans want to improve their control over their own personal information.

But a California-only approach to enforce data a privacy regime is the wrong approach.

Legislation pending in the Senate would require internet service providers, companies such as Comcast, AT&T and others that hook up your home or business to the internet, to get affirmative consent from internet users before using almost any information for reasons other than billing or emergency contact.

While at first glance it may seem natural to give more control to consumers over use of personal data, this proposal would unleash vast unintended consequences that could boomerang to seriously harm California internet users.

Enacting new state-only regulation of internet practices is uncharted territory; we don’t really know how to create a California-only island in the great web of internet use. What will be the costs to California users to isolate their data handling practices from users throughout the country? What will be the implicit premium charged California consumers and how will that compare to the value these consumers receive?

Perhaps even more troubling is the unknown of whether these new requirements may open new opportunities for hackers, phishers and internet thieves. Incessant requests to approve data uses for numerous purposes may desensitize users who need to remain vigilant about messages from the real bad guys – who mimic legitimate requests to gain access for nefarious purposes.

These are just a few of the very basic questions that necessitate in-depth inquiry and debate before enacting such a far-reaching new policy. But with one day remaining in the legislative session, this debate simply has not yet occurred.

Legislators will have done their constituents a disservice by not developing and airing – much less resolving – these issues publicly. If the Legislature desires to enact new California-only privacy rules for the worldwide internet, it should undertake more and better deliberation to address these unanswered questions. More to the point,2 with the FCC likely sending jurisdiction of internet privacy back to the FTC this year, what is the urgency to rush a bill through that jeopardizes consumers’ access and security of the internet?