TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

United States Privacy Digest | Notes from the IAPP Publications Editor, July 13, 2018 Related reading: US lawmakers agree to temporary FISA Section 702 extension within NDAA



Greetings from Portsmouth, NH!

Usually, summer means a bit of relaxation, but not in 2018. Privacy developments are emerging without any regard for our need to sunbathe and enjoy cookouts.

Of course, California’s new and sweeping privacy law is top of mind for many privacy pros, and rightly so. It’s a major privacy law that will affect, according to our estimates, as many as 500,000 U.S. businesses — and most of those are small to medium-sized organizations. No doubt it was rushed and is filled with ambiguities. For example, as Sam Pfeifle recently pointed out, it’s not even clear if non-profits are covered. And Phil Gordon notes that it’s not clear whether it covers employees. Others have likened the law to ... well, that description is NSFW.

It’s hardly surprising, then, to see industry groups are already taking action in the hopes of amending the law, and, according to a report in MediaPost, the concerns raised by the California News Publishers Association have apparently prompted the state’s Assembly Committee on Privacy and Consumer Protection to vote on issuing “technical corrections.” Lawmakers have characterized the proposed changes as “technical, non-substantive, and non-controversial drafting errors.” Regardless, and undoubtedly, the CNPA is not alone. The Association of National Advertisers has weighed in, arguing that businesses should be granted more time to “digest the bill” before rushing to correct any technical corrections.

The California Consumer Privacy Act of 2018 may have even bigger implications, however. Could it be an impetus for other states to draft their own versions? Or could it mean future federal privacy legislation?

Dean Garfield, who is with the Information Technology Industry Council, a trade group that represents several large tech companies, expressed concern that the CCPA could serve as a template for other states. “You don’t want fragmentations among states,” he noted. Instead, he’s lobbying for a framework that is made up of broadly applicable standards and norms. Rep. John Delaney, D-MD, said, “Inevitably, what will happen is there’ll kind of be a patchwork of state regulations. … Then it feels like there’s going to be a role for the federal government to try to synchronize these things.”

Even former Bush-era Department of Homeland Security Secretary Michael Chertoff thinks it’s time for the U.S. to consider some form of federal privacy legislation. Currently on a book tour, Chertoff said, though the EU General Data Protection Regulation is “somewhat over-bureaucratic and complicated,” the U.S. should think about enacting the regulation’s core logic. “The principle that people ought to have some right to control their data is a principle we need to adopt ourselves,” he added.

Though, in today’s messy political climate, it’s next to impossible to imagine that Congress will get anything passed, perhaps the CCPA will be enough, after the midterms, at least, to prompt some form of federal privacy law.

In the meantime, don’t expect Alastair Mactaggart, one of the architects who helped start the California ballot initiative that was used to create the quick passage of the CCPA, to sit on his hands. He fears “tech will now sneakily come in and eviscerate this law. … I want to stay involved to make sure we keep the gains we made.” Notably, he plans to work with the state attorney general by assembling a group of engineers and technical experts to help implement and enforce the CCPA.

These are busy times for privacy pros.

1 Comment

If you want to comment on this post, you need to login.

  • comment Jennifer Elkayam • Jul 13, 2018
    California is at the forefront of enacting laws, particularly with respect to privacy and data protection, and it will be interesting if and how other states follow suit and whether they adopt a similar statute (although CaCPA could change significantly by Jan. 2020).