Earlier this week, members of the California State Legislature announced a proposal that sets forth measures to further the state’s proactive stance to privacy and consumer protection. The proposed set of bills, which consists of previously submitted proposals and bills yet to be drafted, arise from efforts of the recently formed Committee on Privacy and Consumer Protection and address a variety of issues that range from consumer goods to law enforcement techniques.

While describing these measures, California State Senator Ted Gaines, one of the legislators tasked with announcing the package, cautioned that “[t]he potential for data collection and the abuse is staggering. Our privacy is under assault.” High-level descriptions of some of the notable proposals from cybersecurity and privacy field include the following:

  • Reasonably Prudent Encryption: Establishes a minimum standard for the encryption of personal information.
  • Cyber Exploitation: Provides for investigation and enforcement mechanisms to build on the previously introduced legislation that criminalizes intentional distribution of intimate photographs without consent (often referred to as “revenge porn”).
  • Driver Data Privacy: Prohibits any public agency from collecting data, such as location or speed, from a vehicle’s diagnostic system, except as specifically permitted to comply with state emissions regulations. This proposal was previously introduced by State Senator Gaines as SB 206. (For some background on situations where these driver data privacy concerns could come into play, see the prior Sourcing@MorganLewis entry on vehicle-to-vehicle communication as an example of the Internet of Things.)
  • Cyber Carjacking: Establishes “cyber carjacking” as a felony offense and other unauthorized access to the systems or data within a vehicle as a misdemeanor offense.

As is often the case, these measures to address privacy in the consumer space must be considered concurrently with the corresponding effect that they have on technology and innovation. To this point, proponents of the legislation clarified that the intent is not to negatively impact any technology or reduce businesses’ profit margins, but rather to ensure that individuals’ privacy and other freedoms are retained in the face of new technologies. However, a statement released by the Internet Association, a group that represents technology companies, urged California lawmakers not to lose sight of the innovation, economic growth, and positive social change presented by the technology companies that would be directly affected by the legislation.

Andrew Clark