Emily Rusch
Vice President and Senior Director of State Offices, The Public Interest Network
CALPIRG Letter on California Consumer Privacy Act
Media Contacts
CALPIRG
The California Consumer Privacy Act, a bill moving quickly through the legislature would incentivize companies to protect our data from privacy thieves and give consumers additional tools to increase our online privacy. CALPIRG is urging the legislature to pass the bill this week, while flagging concerns that we hope the legislature will revisit in the near future.
Here’s the text of our letter:
June 26, 2018
California State Legislature
California State Capitol
Sacramento, CA 95814
Re: AB 375 – California Consumer Privacy Act (Chau, Hertzberg, Dodd) – SUPPORT IF AMENDED
Dear members of the California State Legislature,
We write with regards to AB 375, as amended on June 25th, to incentivize companies to keep our personal information safe from data breaches and improve consumers’ ability to control their privacy online.
We support the sections in the bill, as amended on June 25th, to hold companies accountable for data breaches that occur as the result of negligence. The Equifax breach affected 145.5 million U.S. consumers – nearly half of the U.S. population – making it the largest theft of Social Security numbers in history. In response media reports that Equifax failed to install simple security patches, CALPIRG agreed to co-sponsor SB 1121, authored by Senator Bill Dodd, to hold big businesses accountable when they fail to take reasonable security measures to keep our information safe. We believe that clear, effective consumer recourse is necessary to help prevent data breaches in the first place and keep our personal information safe. Unfortunately, under current law it is difficult to prove that a case of identity theft is the direct result of a specific data breach. Like SB 1121, this bill would compel companies to pay damages to consumers if they fail to encrypt or redact data, fail to take reasonable security measures to protect our information, and a breach occurs. Should this bill pass, consumers are more likely to be compensated for the loss of their personal information in a breach.
We believe the online privacy sections of AB 375 are a modest improvement to the tools we currently have to protect our information online. AB 375, like the ballot initiative that qualified for the November ballot, would require companies to place a prominent “Do Not Sell My Personal Information” button on the homepage of their website to allow consumers to opt out of the sale of their information. We’d note that because the bill still allows the “sharing” of consumer data, consumers may not have as much control as they’d like over keeping their personal information private. The bill also requires companies to tell consumers, upon verified request, the categories and specific pieces of personal information the business has collected.
Unfortunately, we have serious concerns about the language in the bill that allows companies to engage in price discrimination based on whether Californians opt out of selling their personal information. Californians have a constitutional right to privacy, and we believe this would be the first time California would be affirming in statute that it is permissible for companies to charge consumers more or to provide a lower quality of service if consumers exercise their right to privacy. Under ordinary circumstances we would strongly recommend that the sections of the bill that explicitly allow “pay for privacy” be deleted. Given the timeline of this bill, we would instead recommend that the legislature commit to revisiting this issue in the future. The idea that consumers could be compelled to pay for privacy deserves a robust public debate separate from the numerous other issues and extremely fast timeline of this bill.
We are also concerned that the bill includes substantially weaker enforcement mechanisms than the initiative to protect consumers’ right to privacy. To that end, we hope that the Attorney General will work closely with consumer and privacy advocates to ensure that the intent of the privacy rights given to consumers under this bill are enforced to the fullest extent allowed by the law, and that the legislature supports him in robust enforcement efforts.
Thank you,
Emily Rusch
Executive Director
CALPIRG