Last month, California Gov. Jerry Brown rushed to approve a law that gives consumers more control and transparency into how their data is being tracked and shared by businesses that operate in the state.
The implications of this law will likely cross California borders, as any company that does business online in the United States almost certainly delivers their product or service to individuals in California, forcing them to comply with the law. As such, we can — and should — expect additional state and/or federal legislatures to follow in California’s footsteps and become more aggressive when it comes to consumer privacy.
{mosads}Consumer privacy at the federal level: More than the thought that counts
Given the upcoming midterm elections, it’s hard to anticipate what legislation Congress will actually pursue. What is clear, however, is that many politicians view consumer privacy as a crucial issue to their constituents. For example, in the weeks following the Facebook hearings on the Cambridge Analytica data scandal, many Senate and House Democrats and Republicans openly discussed introducing legislation intended to protect consumer privacy. Whether these bills come to pass is an open question, though a good proof point will be whether or not any politicians campaign on the issue this fall.
Using the California law as a template: How will the feds react?
If there is serious traction for federal consumer privacy legislation, which there absolutely should be, the California Consumer Protection law can serve as a solid template to model future laws after. However, one major – and unfortunate – caveat to this is that the California Consumer Protection law is not scheduled to go into effect until 2020.
First, that gives Big Tech approximately 18 months to lobby the Congress of California to water down the law. Second, it provides a window for the Congress of the United States to pass its own federal law and effectively supersede California’s law. In theory, this could work for or against consumer protection.
On one hand, I could easily see a business-friendly Congress passing a law superficially claiming consumer privacy protection, but that actually limits the scope of that protection and lessens any potential damages a company might face. On the other hand, it’s possible that Congress chooses to pass a much more aggressive consumer protection law, perhaps something closer to the General Data Protection Regulation (GDPR) that stipulates very specific requirements and very stiff penalties for non-compliance in Europe. Only time will tell which direction, if any, the country will take on privacy legislation.
Will we see a state-by-state domino effect?
It’s entirely conceivable that the tech behemoths will lobby U.S. Congress to pass a narrower federal law that is more business friendly and that ultimately limits consumer privacy protection. However, this is predicated upon how successful they are at undermining the California law. If they can somehow find a way to neuter that law to make it less effective, they may not want to run the risky gambit of supporting federal legislation of any kind.
What’s more, penalties under the new California law are small. They limit the amount of damages individuals could sue for at $750 and the total damages a company would be forced to pay would be capped at $7,500. If you’re Facebook or Google, the PR hit of being in non-compliance with a privacy law would be much greater than the actual penalties they would have to pay.
An additional consideration is whether or other states like New York would choose to follow California’s lead and pass their own legislation. In theory, another state could pass an even more aggressive law that would became the new de facto American standard.
One thing is certain: if grassroots support around privacy legislation continues to grow, we will absolutely see state legislators incorporate consumer privacy as part of their platforms. Consumers are rightfully demanding more control and privacy of their data and it’s time our nation steps it up to avoid embarrassing data scandals and pointless legal scrutiny.
Jeremy Tillman is director of product at Ghostery, a provider of free software designed to enhance web browsing by detecting and blocking thousands of third-party data-tracking technologies.