Tech companies and the ad industry want Congress to override California's new privacy law, but watchdogs say the measure should be even tougher.
“California can and should continue to lead on consumer protection, as it has for decades, with robust, thoughtful legislation that puts people first,” the Electronic Frontier Foundation, Center for Digital Democracy, Consumer Reports and a dozen others say in a letter sent to state lawmakers this week. “To that end, the legislature’s focus this year should be on building upon -- and clarifying when needed -- CCPA’s protections.”
The California Consumer Privacy Act, slated to take effect in 2020, requires companies to disclose data about consumers at their request, and allows consumers to opt out of the sale of their data to third parties. The bill also tasks the state attorney general with developing enforcement regulations.
Earlier this year, the Association of National Advertisers, U.S. Chamber of Commerce and other groups pushed California to amend the law. Among other changes, they wanted lawmakers to narrow the bill's definition of "personal information." The current definition includes cookies, IP addresses and web-browsing history -- which appears to cover data used for ad targeting.
Tech companies, the Interactive Advertising Bureau and other groups also argue that states shouldn't regulate online privacy at all, and that Congress should pass a federal privacy law that would effectively nullify the new California measure.
But consumer groups and privacy watchdogs say California should beef up its law by placing more restrictions on companies that collect data.
“The CCPA, as drafted, does not sufficiently define or deter companies’ internal misuse of data,” the groups write.
“Data misuse should include instances where companies themselves use information in ways that are unexpected and unwanted by individuals,” the organizations argue. “Under this definition, a social media company would be barred from using inferences it makes about individuals’ emotional states to target them with ads, or a fitness company would be prevented from using information from an activity app to price membership to its health club, clothing line, or food offering.”
The advocacy groups also ask lawmakers to reject requests to narrow the definition of personal information.
“Historically, California has broadly defined protected personal information, and as technological advances make it easier to glean ever more insights from what might otherwise appear to be trivial data, now is not the time to take away longstanding protections,” they write.