The Legislature must fix the California Consumer Privacy Act before it takes effect on Jan. 1, 2020.
The law is riddled with unclear definitions, overly broad mandates, and small errors that will lead to unnecessary costs and widespread confusion about compliance.
When the California Consumer Privacy Act passed in 2018, we heard many promises that the Legislature would take the time to fix its flaws and address its unintended consequences. That time is growing alarmingly shorter.
When the Legislature returns Monday for its final month of the year, finding reasonable solutions to the problems associated with the California Consumer Privacy Act must be a top priority.
Immediately after passage of the act, the California Chamber of Commerce provided the Legislature with a comprehensive list of concerns that needed to be addressed. Following the chamber, legal scholars and privacy lawyers sent letters and wrote analyses detailing significant problems with the legislation.
The advertising industry added its concerns about the impact of the act on advertising agencies and media, and entertainment and technology businesses that are dependent on internet advertising revenue.
Many other business sectors have explained to the Legislature the changes needed to make the law work, sectors ranging from restaurants to wineries to blogging to start-up tech companies. All have expressed their concerns about impacts on their business operations.
Two easy fixes would help:
- One, originally in Assembly Bill 873, would clarify that “personal information” as defined in the consumer privacy act applies to information that identifies or links, directly or indirectly, to a particular consumer.
- Two, as originally proposed in Senate Bill 753, the Legislature should refine the provision defining the “sale” of information, so that businesses can comply with the request to not sell data while continuing to provide customized content and relevant advertising to consumers.
These straightforward changes neither repeal any provisions of the California Consumer Privacy Act, nor weaken any protection of consumers’ personal information.
In fact, they’re a necessary step toward strengthening the act to ensure it’s a policy that works in the real world, not just sounds good on paper.
The changes would allow businesses to continue to provide consumers with the goods and services they desire, while operating under the intent and goals of the California Consumer Privacy Act.
Several legislators—Sen. Henry Stern and Assembly members Marc Berman, Autumn Burke, Ed Chau, Ken Cooley, Jacqui Irwin—have been working hard on the fixes. But so far, legislative leadership is failing to keep its promise. Important bills have stall in the Senate Judiciary Committee, and leaders have not stepped in to make things right.
The stakes are high and the window to act closing. Because the law has not yet taken effect, many California companies have not begun to focus on the change required by the California Consumer Privacy Act.
But when they do, there will be anger over the high costs of compliance, uncertainty about how to comply, confusion about the management of data, misinformation about liability, and concern about the changes to the internet economy.
There is still time for the act to be modified to address these concerns. But that requires legislative leaders to stick to their word, and allow solutions to be considered. If legislators do not attempt to fix the law, then businesses in their districts will have good reason to hold them accountable for the consequences.