As I bring this three-part Developing Leadership series to a close, I can think of…
Throughout the 2019 state legislative session, a number of bills to “clean up” the California Consumer Privacy Act of 2018 (CCPA) were put forth by both industry and consumer advocates. Those that made it out of the California State Assembly in May were funneled to the California State Senate’s Judiciary Committee and heard on July 9, just before the start of the month-long recess.
Through the first half of the legislative session in the spring, we had some clear wins:
- AB 1760 (Wicks) bill to make the selling of information opt-in — stalled in the Assembly.
- SB 561 (Jackson) bill to expand the private right of action — held in Senate Appropriations Committee and did not proceed.
- AB 288 (Cunningham) bill that would require a company to delete all personal information upon request — did not move out of the Assembly.
- AB 950 (Levine) bill that would require a company to disclose to the consumer the monetary value to the business of their consumer data, the average price it is paid for a consumer’s data, and the actual price it was paid for a consumer’s data – did not move out of Assembly.
This week, everything came down to the Senate Judiciary Committee’s willingness to reasonably hear, assess, and pass the CCPA amendment bills before them. The two bills of primary interest to us were AB 873 (Irwin) and AB 874 (Irwin) and we wanted both to pass. The final outcome was a mixed result.
- AB 873 would have amended the CCPA to provide that it shall not be construed to require a business to reidentify or otherwise link information that is not maintained as personal information; this bill failed passage by a 3-3 vote with 1 abstaining.
- AB 874 clarifies that “personal information” does not include consumer information that is de-identified or aggregate consumer information, and this bill passed.
Collectively, the California Legislature does not have great objections to clarifying the CCPA or efforts to make it workable without the unintended, negative consequences. There are, however, a couple of significant political obstacles. Senate Judiciary Chair Hannah-Beth Jackson is a staunch privacy supporter who suspects that CCPA amendments were attempts by industry groups to create loopholes for tech companies. Senator Jackson stunned the industry coalitions a couple of weeks ago when she replaced two of her committee members who were receptive to the industry coalitions’ point of view with two brand new Senators. The two junior Senators were not around last year when the CCPA was written, had no substantive background in the issue, and were inclined to vote with their committee chair rather than passing their own judgment. Senate President pro Tempore Toni Atkins could have interceded with Senator Jackson on industry’s behalf. However, Senator Atkins is of the opinion that industry advocates are overblowing the harm of the CCPA and prefers to take a wait-and-see approach before intervening with potential amendments.
What comes next?
All bills still moving forward this year are now pending in Senate Appropriations Committee. The legislative session does not conclude until October 13, the deadline for Governor Gavin Newsom to sign/veto bills; however, the outcome of the July 9 Senate Judiciary Committee hearing defined which bills are headed to the Governor’s desk and which are not. Governor Newsom was supportive of the original ballot measure, which was a more extreme version of current law.
This is by no means the end. Conversations and negotiations about next year will begin in earnest after Summer Recess.
The other 49 states
Other states are waiting to see the final version of the CCPA so they can use it as the framework to draft their own state laws. We’ll need to keep a careful watch for outliers, such as New York that is right now examining opt-in legislation. The Shared State Legislation Committee of the Council of State Governments meets on July 19 to examine bills that have become law in one state to identify those that the committee will recommend to other states for consideration. Among those on the docket include the 2018 Vermont law that requires data broker registration and the CCPA.
Our heaviest focus is on a single solution at the federal level, with a national privacy bill that pre-empts state-by-state legislation. The Senate Commerce Committee, and specifically the “Gang of Six,” a bipartisan group of committee members, meets weekly on this issue and they clearly hear the January 1 CCPA ticking clock. The members of the working group are Richard Blumenthal (D-Conn.), Maria Cantwell (D-WA), Jerry Moran (R-KS), Brian Schatz (D-HI), John Thune (R-SD) and Roger Wicker (R-MS).
If your organization has a presence in one of these key jurisdictions – Connecticut, Hawaii, Kansas, Mississippi, South Dakota, and Washington – you can be a strong influencer for the nonprofit sector and we need to hear from you. Please contact me at firstname.lastname@example.org to learn more.
The Nonprofit Alliance (TNPA) is a membership association that formed in 2018 to promote, protect, and strengthen the philanthropic sector in the best interests of donors and beneficiaries. TNPA has been a leading voice for nonprofits in the privacy debates in both California and Washington, DC. For more information, visit https://tnpa.org.