Regulating Privacy: Big Tech Request Federal Assistance

Last June, California Governor, Jerry Brown, signed into law the nation’s most restrictive regulation on privacy, the California Consumer Privacy Act (“CCPA”). The law takes effect on January 2020 and grants California residents: the right to know what personal information a business collected on the resident; the right to request the business to delete the personal information; the right to prevent a business from selling the personal information; and prohibits service providers from reducing services to customers that exercise any of the previously mentioned rights. Consumers may also experience negative effects of the regulation as compliance will likely cause companies to no longer provide monetary free services in exchange for the user’s personal information.

On September 26, 2018, major tech companies, including: Google, Twitter, Amazon, and AT&T, arrived at the nation’s capital in support of a less restrictive federal privacy regulation. The industry’s motivation for supporting a federal regulation was to preempt compliance to the CCPA. Furthermore, the federal regulation would enable certainty for businesses by preventing states from adopting their own regulations, as “executives argued that a patchwork of different state laws would make it tough for companies to operate and would threaten innovation.”

Given the substantial restrictions and penalties provided by the CCPA, and the potential for other states to adopt their own restrictions. It is not a surprise that the tech industry is willing to negotiate for a lesser privacy restriction that would be applicable to the whole nation, rather than accept a more stringent restriction applied to just one state. However, should the tech industry fail to have a federal regulation passed that preempts the CCPA, another available option to limit the CCPA’s impact remains available. Although, it would not be as successful in ensuring business certainty across the country, the tech industry could try to influence the California Legislature to amend the regulation. The tech industry may likely prevail with the state legislature, the reason being, the CCPA was drafted and passed by the state in less than a week in order to prevent a more restrictive regulation from reaching the state election through a voter initiative.

Executives argued that a patchwork of different state laws would make it tough for companies to operate and would threaten innovation.

In California, there are two ways create a law. The first follows the traditional approach of using the legislature and governor. The second, is through a ballot initiative, which allows the public to create a law. If a member of the public is able to meet all the statutory requirements of a voter initiative, including creating a proposal and gathering the sufficient number of signatures, the proposed law makes its way to the ballet in the next state’s election.

The significance in the state wanting to avoid the ballot initiative is due to the general rule that governs amending a law. Under the traditional approach, the legislature needs a majority vote in deciding whether to change a bill. In contrast, the only way to change a law created by a ballot initiative, is with another law created by a ballot initiative or seventy percent legislative majority and the modification must be “consistent with and further the intent of this Act.”

The rushed passage of the CCPA was in response to a California resident successfully acquiring over six hundred thousand signatures to move their even stricter privacy ballot initiative to the state’s election. This influenced the legislature to approve the less restrictive CCPA, in exchange for the proposal owner to terminate the ballot initiative.

California’s conduct in accepting the CCPA, shows the state is aware of the potential damage that could occur with overregulating the tech industry. Considered with the state being the home of Silicon Valley, the hub in which some of the largest corporations in the world are headquartered. California should have an even greater interest in protecting the tech industry.

As a result, if the tech industry fails to achieve federal regulation, California most likely would limit the CCPA by the time it becomes effective in January 2020. However, the issue for the tech industry becomes waiting to see what other states implement into law.