Two Separate California Privacy Measures Are Causing a Chain Reaction Throughout U.S.

January 29, 2021—A chain reaction of state-led data privacy initiatives has ignited across the country as states consider consumer data protection polices similar to those recently passed in California.

“The state of Washington’s proposed data privacy act, although not yet passed, has been heavily influenced by the California Consumer Privacy Act,” said Covington & Burling’s Libbie Canter during the second annual Covington Technology Forum on Thursday.

In turn, Washington’s Privacy Act has influenced a similarly-proposed law in Virginia, Canter added.

Although no federal data legislation currently exists, California in 2018 recently enacted the state’s Consumer Privacy Act. It went into effect on January 1, 2020, and sought to give consumers more control over the personal information that businesses collect about them. It also requires businesses to give consumers certain notices explaining their privacy practices.

California voters also recently passed the Consumer Privacy Rights Act—not to be confused with the CPA—through a referendum vote on Election Day 2020. The Privacy Right Act expands provisions from the Consumer Privacy Act in several ways. The Privacy Right Act will not go into effect until 2023.

As there is such growing concern about the collection and use of online data that the U.S. government is slowly moving towards drafting new regulations for the tech sector.

Congress, federal agencies, and states alike now appear to believe that leaving big tech companies unregulated will result in the misuse and exploitation of consumer data.

Canter said that data privacy legislation is a bipartisan. Sometimes, a national security component emerges in the debate through concern about American data collected through popular Chinese-owned apps, like TikTok and WeChat.

Donald Trump’s cited national security concerns, which led the former president to fight towards restricting TikTok throughout 2020, are shared by the new White House administration, Canter said, but may see less action to avoid executive overreach.

Data privacy legislation is being discussed in Congress on both sides of the political aisle, but no laws have passed yet, Canter said. Democrats and Republicans broadly support the same facets to be included in the legislation, but disagreement over how data legislation should be enforced, said Canter. Deciding whether state or federal laws should take priority, has caused the process to be drawn out.

Questions about CCPA and CPRA? The CommLaw Group offers Privacy Awareness Training programs to telecommunications and cloud communications service providers across the globe. Unlike high-level “cookie cutter” approach to employee privacy training available to businesses through online courses, tutorials, and webinars, The CommLaw Group delivers in-depth training that is customized and tailored to your Company. Please contact Linda McReynolds at lgm@CommLawGroup.com or 703-714-1318.