SACRAMENTO – A bill to expand liability under California's soon-to-take-effect consumer privacy law stalled in the state Senate this session, but a manufacturers advocate said recently that no one who is opposed to the legislation should let their guard down.
"It's basically dead for this year because it didn't meet the deadline to get done this year but that doesn't mean it can't come back next year," California Manufacturers and Technology Association (CMTA) Communications Vice President Gino DiCaro told the Northern California Record. "In fact, I think it (the proposal) likely will come back because it's a two-year bill now. It is certainly a priority bill for us to oppose the way it is written."
The CMTA would like the legislation, Senate Bill 561, to be more about helping businesses in the state comply with the upcoming California Consumer Privacy Act (CCPA) and be less about "lawsuits and attorneys fees at the back end," DiCaro said. "The goal of this bill needs to be more about compliance and not necessarily lawsuits and attorneys."
California Manufacturing and Technology Association Communications Vice President Gino DiCaro
| Linkedin.com/in/gino-dicaro-bb96604/
SB 561, introduced by state Sen. Hannah-Beth Jackson, D-Santa Barbara, in February, would amend the California Consumer Privacy Act by expanding consumer private right of action, allowing consumers to sue when they feel any of their CCPA rights have been violated.
Under the current act, signed by California Governor Jerry Brown in June 2018, consumers can sue only in the event of a data breach. The act is expected to take effect in January.
"The CCPA will impose new data collection, retention and sharing requirements on manufacturers that either (a) serve California residents and have at least $25 million in annual revenue, (b) has collected personal data on at least 50,000 people, or (c) collects more than half of their revenues from the sale of personal data," the CMTA said in a news release in January. "Companies do not have to be in the state to be subjected to the law."
The association has opposed SB 561 because it would place "a private right of action in the CCPA while removing manufacturers 'right to cure' potential violations, exacerbating existing problems in the CCPA that have yet to be fixed and creating significant liability for manufacturers creating and integrating connected devices."
The legislation stalled when the Senate Appropriations Committee placed a hold on the bill ahead of a deadline for all fiscal committees to hear and report on their bills.
Shortly after the bill stalled in committee, CMTA praised the mov, saying SB 561 has been "successfully shelved until next year," a news release at the time said.
The CCPA is already causing expenses for companies in California, DiCaro said.
"Companies will have to do things like data mapping, they'll have to amend contracts with all service providers, they'll certainly have to update their privacy policies," he said. "All of that will require legal counsel, and it's expensive."
The state is "doing some proper things" in the upcoming CCPA, such as providing the state attorney general's office with funding to ensure compliance, DiCaro said.
"We feel like that's the route to go, especially for the small-to-midsize manufacturers who can ill afford to pay for all the necessary compliance they're going to need to deal with over the coming years under this act," he said.
But providing greater avenues for frivolous lawsuits by expanding the CCPA's consumer private right of action, as would happen if SB 561 were to pass, is not the way to go, DiCaro said.
"The private right of action is the most difficult part, the most costly part for us to swallow," he said. "There are all sorts of compliance issues within the privacy act. Manufacturers and other employers in California are going to have to deal with that, both resource-wise and cost-wise. But once you put a private right of action in the bow, it's just going to create too many lawsuits, especially class action lawsuits, that really do nothing for compliance."