With some positive moves toward potential privacy legislation in various U.S. states to open 2021, there was bound to be some efforts that wouldn't make the grade. North Dakota now has the first confirmed cut down among 2021 privacy proposals as the State House of Representatives' Committee on Industry, Business and Labor voted 12–1 with one abstention against advancing House Bill 1330 Feb. 9.
Unlike bills being considered in Virginia and Washington, HB 1330 was not comprehensive in nature. The legislation, introduced by House Republicans Jan. 13, sought to prohibit the sale of personal data without explicit opt-in consent. State Rep. Tom Kading, R-N.D., HB 1330's lead sponsor, made an initial case to move the bill forward, but the hearing was dominated by the opposing testimony that followed.
"While the bill is very simple in its approach, consumer privacy is not a simple concept and the bill raises a number of concerns for our members," said Internet Association Director of State Government Affairs, Northwest Region Rose Feliciano, one of nine industry representatives that shared opposing testimony with the committee. The opposition actually began prior to the hearing with a coalition of advertising groups writing to state lawmakers Jan. 26 urging reconsideration on a number of provisions.
In his introduction to the committee, Kading summed up his bill as aiming to get ahead of the proliferation of personal data sales among Big Tech companies with required opt-in consent that would apply 24 categories of data. The protected data within the bill includes a wide range of information, including personal details, financial information, health information and other miscellaneous forms of personally identifiable data. Also included in the bill is a right of action that allows consumers to sue up to $100,000.
"This bill provides reasonable protection for the small consumer," Kading said. "Opting in to allow the sharing of personal data is certainly reasonable. … The everyday person doesn't have the ability to follow each and every one of these bills like the lobbyists. Those sitting behind me, who represent Big Tech, diligently track these bills and are looking to protect the interests of Big Tech. They might argue that California regulations or federal regulations are a better solution than North Dakota regulations, but I doubt most of you here would agree."
The proposed legislation did not receive further support following Kading's outline, which raised a string of clarification questions from committee members before the opposition teed off on the proposal's shortcomings. Feliciano was quick to point out some glaring issues, a lack of clarity on definitions and others that were omitted.
"The definition of protected data only includes a list of vague terms that are considered 'protected data' but does not further define words like child or interests," Feliciano said. "It's not clear if the child's information would include an individual that is 13 years or younger as defined by the Children's Online Privacy Protection Act or if there's an alternative age in mind. Additionally, the purpose of the bill is to prohibit the sale of personal data, but the bill does not define the term 'sale.'"
State Privacy and Security Coalition General Counsel and DLA Piper Senior Managing Attorney Andrew Kingman opined there would be "no way to advise a client" on compliance with HB 1330 given that the bill covers all businesses and carries "no limitation on size of the business or type of activities the business undertakes."
"I think it's important also to recognize this legislature itself just six months ago recommended that now was not the time for North Dakota to move forward (on privacy)," Kingman added. "When we work with states, we always try to ask them if it's the right time for your state and what's the right way to go about this, so I think it's important to respect the conclusions from just a short time ago."
The reasons behind the prior decision to pause discussions on state privacy legislation are unclear. In 2019, the Legislature voted 43–2 to pass a bill commissioning a study of data issues in lieu of previously drafted measures that would provide individuals with various data subject rights.
The IAPP Westin Research Center compiled this updating tracker of proposed and enacted comprehensive privacy bills from across the country to aid our members’ efforts to stay abreast of the changing state-privacy landscape.
If you want to comment on this post, you need to login.