Most of the proposed legislation in a data privacy protection omnibus previewed Jan. 28 remains to be formally introduced, but collectively it aims to give California the strongest such laws in the nation — and, in the process, refine a key bill on the topic passed last year.
Five state Assembly members — Philip Chen, R-Diamond Bar; Jordan Cunningham, R-San Luis Obispo; James Gallagher, R-Nicolaus; Tom Lackey, R-Palmdale; and Chad Mayes, R-Yucca Valley — came together on National Data Privacy Day to introduce the “Your Data, Your Way” package of what will likely be four bills and a resolution.
Only one has been introduced ahead of the Legislature’s Feb. 22 deadline: Assembly Bill 288, authored by Cunningham, the “Own Your Own Data Act.” Its goal, like that of the package, he told Techwire, is to strengthen citizen safeguards without penalizing business — and, more broadly, to guide and refine AB 375, the California Consumer Privacy Act (CCPA), which former Gov. Jerry Brown signed into law in June 2018. Starting in 2020, the CCPA would empower residents to know what personal information about them is being collected; whether it’s being sold, disclosed and to whom; and give them the right to access that information — and to say no to its sale.
“Your Data, Your Way” will include five pieces of legislation:
• AB 288, introduced Jan. 28, would require social media companies to give users who close their accounts the option to have their personally identifiable information (PII) removed permanently and excluded from sale. It would also require companies to honor those requests with “a reasonable time” and would authorize “specified relief” for consumers in the event of a violation.
Cunningham said the definition of a “social media company” is still being crafted but indicated that the CCPA definitions “left a little to be desired.”
• The Future of Eavesdropping Act, also by Cunningham, remains to be introduced but would prohibit companies from storing voice data from so-called “smart speakers” and using it for marketing.
“We use these technologies as tools. I use them every single day for everything I do," Cunningham said. "But if there isn’t that basis of privacy and basic confidence, and trust that citizens and consumers can have, that conversations that are meant to be personal and private are not being recorded without consent, then we’re going to have a lot of problems in our future.”
• The “Family Green Light” bill, on which Chen is taking lead, would require social media companies to get a parent's or guardian's permission before children under age 16 can use their platforms. It’s aimed, Cunningham said, at stimulating “a conversation between parents and kids” and giving the former more control over their offspring’s social media consumption.
• A bill on 72-hour data breach notification would require companies that lose customer data in a breach to notify victims within 72 hours after they discover the loss. A member of Mayes' staff indicated to Techwire that the bill is still being drafted.
• A resolution in the works on "21st Century Monopolies" would call on Congress and the Federal Trade Commission to consider updating federal anti-trust legislation to maximize effectiveness in the 21st century.
Cunningham has worked with fellow Republicans like Mayes on legislation like the “infamous” cap-and-trade extension, he said — but noted this is probably the first time Republican legislators have debuted a package of bills with different members. They may all be minority party members, but the second-term central Californian said data privacy protection crosses party lines.
“Privacy is and should be a totally nonpartisan issue," Cunningham said. "These issues that we’re attempting to address affect every one of our constituents of the 40 million Californians. And then by extension, people all over the country and the world.”