California’s sweeping consumer privacy and data security law, the California Consumer Privacy Act, is set to take effect in 2020 despite concerns that big problems with the new law remain unresolved.
The primary legislative backers of the CCPA recognized there were flaws when they negotiated and successfully lobbied for its fast-track, high-pressure enactment last year, committing to come back in 2019 to address the problems. A principal author of the CCPA, Assembly Member Ed Chau (D-Monterey Park), spoke to the issue in Roll Call, noting that “we’re cleaning up the law” because it “may not be perfect.”
California legislators have already given preliminary consideration to more than a score of bills from both business and privacy advocates intended to amend the CCPA to address the problems they perceive with the law before it takes effect next year. Many of these bills passed their house of origin last week and are now awaiting hearings in the second house. Yet most of the discussion heading into this week focuses on the failure of SB 561 (Jackson), because its failure may jeopardize the remaining CCPA reform bills.
Powerful State Senator Hannah-Beth Jackson (D-Santa Barbara) raised the prospect of blocking proposed legislative changes to the CCPA in response to the failure of SB 561. SB 561 would have expanded the CCPA’s private right of action and eliminated the ability of businesses to cure violations of the law. The bill would also have eliminated the provision in the CCPA requiring the attorney general to issue compliance opinions.
These carefully negotiated provisions are intended to strike a balance between the interests of consumers and businesses in how the CCPA will be enforced. The private right of action ensures that consumers can directly enforce their rights under the CCPA against a business in the event of a data breach, but the cure provision ensures businesses receive notice of and a 30-day period to cure alleged violations. Better balance was also a consideration in the provision permitting the attorney general to issue CCPA compliance opinions at the request of businesses or individuals. Business interests argue this guidance is essential to ensure their efforts to comply with the CCPA align with the attorney general’s interpretation of the law.
Senator Jackson spoke to this balance in explaining her view to The New York Times: that the CCPA should not be amended at all if her proposed changes in SB 561 will not also be made. “If my bill to try to make [the CCPA] enforceable failed because we have to stick to the deal that was made last year, [other legislative] efforts to undermine it, to give exclusions and exemptions—all sorts of excuses for not enforcing it—then those have to fail as well.”
As chair of the Senate Judiciary Committee, Senator Jackson is positioned to carry out her threat if she chooses to. Most of the proposed amendments to the CCPA sought by business interests are included in bills that originated in the Assembly. As these bills come to the Senate, they will be referred to the Judiciary Committee for a hearing and vote. As chair of the committee, Senator Jackson can block further action on the bills referred to her committee.
Senator Jackson’s tactic is not a surprise. It is common for committee chairs to protect the interests of their house, their caucus and even their personal policy views by holding up other legislation until their legislative priorities are addressed. The only unknowns are whether Senator Jackson will act on her threat and, if so, what policy or other concessions she may require before she releases CCPA reform bills for full Senate consideration.