Insights & Analyses

Big tech seeks to modify California’s rushed 2020 privacy law, dubbed ‘GDPR Lite’ – One World Identity

July 5, 2018

After California’s new stringent privacy law was put together and passed by the state legislature in less than a week, major technology firms caught off guard by the measure are now preparing to fight back, in a race to modify the law before it takes effect in 2020.

Lawmakers in the Golden State hastened to pass the California Consumer Privacy Act in an attempt to head off a ballot proposal that voters will see this November. By passing the act, the person behind the ballot initiative agreed to withdraw it.

The new law, which is seen as more favorable for tech companies than the ballot measure would have been, will require those operating in California to disclose the kinds of data they collect about customers, and to be transparent about who that data is shared with.

Under the law, which has been dubbed “GDPR Lite” by some, users will also be able to opt out of data collection, and the state’s attorney general can levy penalties against companies that do not comply.

California-based tech companies like Google and Facebook opposed the law, but considering it came together and was signed by Gov. Jerry Brown in under a week, those corporations didn’t have ample time to fight or debate it. However, since the act doesn’t take effect until Jan. 1, 2020, lobbyists for the tech industry are now gearing up to change it before it becomes the law of the land.

Lobbying groups including the Internet Association, TechNet, and the Interactive Advertising Bureau haven’t said what changes they will push for, but they intend to negotiate with lawmakers over the coming months to modify the law, according to The Washington Post.

“The bill was written in a hurried and ill-considered process, and received very little input from those affected by the legislation,” said Robert Callahan, vice president of state government affairs for the Internet Association, which represents both Google and Amazon. “Changes will be necessary as businesses of all types look at implementation.”

The initial ballot initiative, pushed by real estate developer Alastair Mactaggart, received more than twice the signatures needed to end up on the ballot this fall. He pulled it just before the ballot deadline after the 11th hour signing of the California Consumer Privacy Act.

Legislators have conceded that California’s new privacy law will likely be modified before it takes effect in 2020. But Democratic State Sen. Bob Hertzberg told the Post that “the goals of the bill won’t change.”

“The value of keeping these discussions in the Legislature is that as technology evolves, we will be able to have thoughtful conversations about how to balance innovation with the ability of consumers to control their private information, know if it’s being sold, and delete it if necessary,” Hertzberg said.

OWI Insight: Given that the California Consumer Privacy Act doesn’t take effect for another year and a half, major changes will likely be coming to the law as it is currently written. Still, the state of California is home to the fifth-largest economy in the world, and any privacy regulations passed there will influence companies and affect users who do not live in the state. In addition, other states — or even the federal government — could look to California’s legislation to pass their own policies protecting user data.