Skip to content

Menu

ChannelsPublishersSubscribe
LexBlog, Inc. logo
LexBlog, Inc. logo
ProductsSub-MenuBlogsPortalsTwentySyndicationMicrositesResource Center
Join
Search
Close
Join the Movement. Blog 4 Good

2019: Is This The Year of Consumer Privacy (or, Elephants, Elephants Everywhere)

By John Tomaszewski & Edward "Ted" Murphree on May 9, 2019
EmailTweetLikeLinkedIn

In prior posts, we’ve commented on the California Consumer Privacy Act (“CCPA”), likening it, and its Texas ‘flavored’ variant(s), to ‘elephants in the room’. Here, we’ve opted to expand our coverage and talk about what we’re seeing other states do (or, let’s expand the elephant metaphor to: elephants, elephants everywhere.)

It seems that all of a sudden, consumer privacy is THE hot topic and everyone’s jumping on the CCPA bandwagon! Consumers have woken up to what is happening with their personal information and are demanding government protective action! These are sensationalist statements, to be true, but are they accurate statements? Well, as is usually the case it is a bit more nuanced and it is important to set some things straight.

First, while it is true that other state (and federal) legislators are submitting consumer privacy bills, consumer privacy isn’t exactly sweeping the country, at least not yet. Since the passage of the CCPA, we’ve seen proliferation of similar (and not so similar) consumer privacy bills introduced in the 31 state and federal legislatures. Now, you may be thinking: “isn’t this what “sweeping the country’ means”? It is important to note that only 9 of these states are emulating the CCPA ‘whole-cloth’ – meaning that the text of the CCPA is used, nearly verbatim, in drafting that state’s bill.

Second, for any of these bills (and any bills, for that matter), it’s important to recognize that they are not laws yet. For consumer privacy to sweep the nation, these bills have to pass. There is no guarantee that they will all become law (or for that matter, any will become law). Here’s a case in point: ‘hot on the heels’ of the CCPA, legislators for the state of Washington introduced what was hailed as an even stronger state response to consumer privacy protection than the CCPA because it borrowed more heavily from the GDPR. Privacy pundits predicted its passage, further spurring a U.S. consumer privacy legal revolution. This bill, SB 5376 has now stalled in committee, meaning it won’t be considered further this legislative session. Another example is Texas HB 4390‘s quick demise (under the guise of an amendment), and Mississippi’s DOA bill.

Third, there’s the specter of the federal consumer privacy initiative. Passage of a federal omnibus consumer privacy law could make state by state efforts moot, provided such a federal law preempts the field.

Fourth, while it doesn’t directly relate to the other state bills, the CCPA itself has been amended in September weeks after its initial passage and there are multiple amendments on the horizon, pending in the CA legislature. Also, let’s not forget the Attorney General’s legislative charge to draft and finalize regulatory rules and procedures. One could say that consumer privacy, rather than sweeping the nation, is currently sweeping the state of California.

What are the Takeaways?  We advise to take ‘sky is falling rhetoric’ with a grain of salt. Where consumer privacy is a hot topic today, and will not go away; realistically, laws have to be passed for compliance to be immediately concerning. This isn’t to say that businesses shouldn’t watch and participate in the discussions (or regulatory drafting process for your jurisdiction). Businesses should monitor these bills (and any new ones) and keep an eye on the CCPA rules the California Attorney General generates, due in Fall 2019. Monitoring events as they occur in this space is smart, allowing your business the flexibility to act proactively and tactically. As we continue to emphasize, privacy as an issue isn’t going away – and at some point, privacy laws will impact your business in ways it isn’t right now.

Photo of John Tomaszewski John Tomaszewski

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the “Information Age”, management needs to have good advice and counsel on how…

John Tomaszewski specializes in emerging technology and its application to business. His primary focus has been developing trust models to enable new and disruptive technologies and businesses to thrive. In the “Information Age”, management needs to have good advice and counsel on how to protect the capital asset which heretofore has been left to the IT specialists – its data.

John’s expertise in the understanding of a company’s data protection and management needs provide a specialized point of view which allows for holistic solutions. A good answer should always solve at least three problems.

John has been a co-author of several information security and privacy publications, including the PKI Assessment Guidelines and Privacy, Security and Information Management: An Overview; as well as publishing scholarly works of his own on the topic. He has also provided input to the drafting of various security and privacy laws around the world; including the APEC Cross-Border Privacy Rules system. He is a frequent speaker globally on the topics of cloud computing, Self Regulatory Organizations (“SROs”), cross-border privacy schemes, and secure e-commerce.

Read more about John TomaszewskiEmail John's Linkedin ProfileJohn's Twitter ProfileJohn's Facebook Profile
Show more Show less
  • Posted in:
    Privacy & Data Security
  • Blog:
    The Global Privacy Watch
  • Organization:
    Seyfarth Shaw LLP
  • Article: View Original Source

Stay Connected

Facebook LinkedIn Twitter RSS
Real Lawyers

Company

  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service

Products

  • Products
  • Blogs
  • Portals
  • Twenty
  • Syndication
  • Microsites

Support

  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • The Capital Commitment
  • Delaware Intellectual Property Litigation
  • Restrictive Covenant Report
  • PFAS and Emerging Contaminants
  • Privacy Law Blog
Copyright © 2021, LexBlog, Inc. All Rights Reserved.
Powered By LexBlog