eDiscovery Daily Blog

California’s AG is Not Happy with the State’s New Consumer Privacy Act: Data Privacy Trends

As I noted a couple of months ago, 2018 is certainly on its way to becoming the year of data privacy rights for the individual.  And, back in June, the California Consumer Privacy Act of 2018 was approved unanimously by the state Senate and Assembly and was signed by Gov. Jerry Brown.  But, California’s AG has just ripped lawmakers for ‘unworkable’ provisions in the new law.

As discussed in Legaltech® News (California AG Rips Lawmakers for ‘Unworkable’ Provisions in New Data Privacy Law, written by Mike Scarcella), California Attorney General Xavier Becerra lashed out at lawmakers for imposing “unworkable obligations and serious operational challenges” on his office by effectively making him the chief enforcer of the new law.

In an August 22 letter to legislators who helped get the law passed in June, Becerra complained that his office is not equipped to handle all the related duties, including quickly drafting regulations and advising businesses about compliance with the California Consumer Privacy Act, or CCPA.

“Failure to cure these identified flaws will undermine California’s authority to launch and sustain vigorous oversight and effective enforcement of the CCPA’s critical privacy protections,” Becerra wrote in the letter.  Becerra also questioned the legality of the civil penalties included in the new law, which he said improperly modified the state’s Unfair Competition Law, or UCL.

“The UCL’s civil penalty laws were enacted by the voters through Proposition 64 in 2004 and cannot be amended through legislation,” Becerra wrote. The data-privacy law’s “constitutional infirmity” can be cured “by simply replacing the CCPA’s current penalty provision with a conventional stand-alone enforcement provision” that does not purport to change the Unfair Competition Law.

Lawmakers tried to address some of the attorney general’s concerns in clean-up legislation that was pending Wednesday in the Assembly. One bill, SB 1121, drops a requirement in the Consumer Privacy Act that consumers must first notify the attorney general’s office before suing over a data breach. The pending legislation recasts the civil penalty provisions and delays enforcement of the new law until six months after the attorney general publishes new regulations or July 1, 2020—whichever is sooner.

A separately pending budget bill would also appropriate $700,000 to Becerra’s office for help drafting and enforcing the new regulations.  But, the changes do not include a broader private right of action—sought by the attorney general—that would shift the litigation burden to consumers. Such a provision would have attracted fierce opposition from business groups that oppose any expansion of plaintiffs’ ability bring class actions and individual suits.

Becerra’s beefs with the Consumer Privacy Act foreshadow the fights that are looming over the state’s sweeping digital information law as interests, including those in government, push to alter its reach and enforcement before it goes into effect in 2020.  And, the business lobby is already pushing to narrow what they have to disclose to consumers about information that is collected about them. Companies are also lobbying the federal government for industry friendly rules that would preempt California’s new law.  It looks like California’s new privacy law may look a bit different when it goes into effect in January 2020 – if that timeline still holds.

So, what do you think?  Will California’s privacy law still hold as is?  Or will it be changed significantly?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.