Tech companies and business interests have successfully lobbied California lawmakers and blocked the expansion of the California Consumer Privacy Act (CCPA) which takes effect next year.
Andrew Oxford explains why this is such a big victory for the tech industry in this report from the North Bay Business Journal:
The state that is home to Silicon Valley and tech giants such as Facebook passed the country’s most sweeping data privacy law last year. The law gives customers the right to know what data companies are collecting from them as well as the right to delete and restrict the sale of that information. The California Consumer Privacy Act takes effect next year.
Attorney General Xavier Becerra and privacy advocates called on lawmakers to go further this year and give the public a right to take companies to court over violations of the law and to toughen how the state enforces its provisions.
Business groups and the tech industry fought the proposal, arguing it would create unnecessary lawsuits, and the Senate Appropriations Committee defeated it Thursday. It was the latest action in the political tug-of-war over consumer data amid mounting concerns about the influence of the tech industry and prevalence of data-driven technology in everyday life.
“The truth of the matter is the tech world is such a behemoth at this point in time, they have so much money, they have really been driving this whole discussion,” said Democratic Sen. Hannah-Beth Jackson of Santa Barbara, the bill’s author.
Privacy advocates had rallied behind the idea of letting consumers sue companies over violations of the privacy act, such as when companies do not delete data when asked, arguing it would ensure accountability in the tech industry.
Under the California Consumer Privacy Act, consumers have few options for taking a company to court to enforce the law. Otherwise, it will mostly fall on the state of California to enforce the new privacy act. “There are so many aspects to this where violations could occur but the attorney general could be the only entity that could bring a suit,” Jackson said. Her bill would also have scrapped a provision that will require the state give a company 30 days notice to fix a violation of the privacy law before the attorney general pursues enforcement action.
