I wanted to take this opportunity to share the key takeaways from yesterday’s Senate Judiciary Committee hearing on The State of Data Privacy Protection: Exploring the California Consumer Protection Act and its European Counterpart (see video), where I presented my thoughts regarding a path forward for data management that involves transforming our view of data and reimagining data as a pre-tangible asset in this post-data world. Here are my takeaways from the hearing:
- There was a strong frontal attack against the Ad Tech ecosystem and general distaste for practices that are not totally transparent to consumers, as well as a disdain for privacy policies, which is interesting given the emphasis in the California Consumer Protection Act (CCPA) on more detailed notice! The WSJarticle, regarding surreptitious and unauthorized sharing of health/pregnancy data with Facebook (even where the users did not have Facebook accounts), was cited repeatedly, notwithstanding the fact that the article reflected that the rogue app developers sending Facebook this material were violating Facebook terms.
- There does not appear to be a strong movement toward any meaningful changes of the CCPA. To the contrary, there is a good chance that the Senate Judiciary Committee will approve SB 561, giving consumers a private right of action to enforce the entire statute.
- Alastair Mactaggart appears to have established a very strong relationship in the Senate. Senate Judiciary Chairperson Hannah-Beth Jackson hailed Mactaggart as a hero.
- Mactaggart indicated that he would be open to excluding employees from the CCPA, but other community group speakers were vehement that they would oppose a blanket exclusion of employee data and argued instead that the exception to deletion rights for where business needs the data to comply with other legal requirements would address employee data.
- The senators seemed very sympathetic to the attorney general’s arguments that (a) no advisory opinions should be given to business and (b) all consumers should have a private right of action.
- The legislature made it clear that they were skeptical of the Chamber of Commerce, and while they were prepared to make certain efforts to clean up problems, they were not inclined to countenance every possible use case against the law.
- Mactaggart initially testified that the January 1, 2020 effective date would not reach back to 2019, but prompted by his attorney, reverted to say that the law would, on January 1, 2020, provide consumers the right to know what data was collected the year prior. A senator wanted to know if a consumer could ask for all their data to be deleted, even beyond one year, to which at least Mactaggart said no, only data from the year prior.
- Mactaggart was confident that based on his conversations in Washington, D.C. that there would be no federal preemption law passed before CCPA’s effective date in January 2020. The business community has mixed views on this as I have learned from my privacy partners in D.C. Stay tuned for the outcome, but remain vigilant and realistic.
- I was very honored to testify at the hearing to provide my personal perspective that CCPA is part of a bigger conversation regarding data management and compliance and now that we are in a post-data world, we must all work together—regulators, legislators, consumers and businesses—to have a collective conversation about how we will want to proceed in the days ahead. It is too simplistic to paint all businesses as bad and all consumers as good. There is space for ad-supported internet and for the tremendous innovation that technology brings. My eBook called “Transform: The Leader’s Guide to Data as a Pre-tangible Asset in a Post-Data World” will be out soon, and I will make sure you have the details on where to download it!
Looking ahead, I am very glad that most of you have started working on your CCPA compliance efforts! For those of you who have not, please get started on this right away.