IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Will California Chamber Secure Delay of Privacy Act Enforcement?

There's been no movement yet from high levels of state government, following a call from the California Chamber of Commerce to "suspend enforcement" of the California Consumer Privacy Act — but it's been clear for some time that the landmark law could create challenge and opportunity as it ramps up.

dataprivacy.jpg
A leading state advocate for California business is calling on the state’s chief executive and legislators to “suspend enforcement” of a landmark new consumer privacy law.

In a letter to Gov. Gavin Newsom, Assembly Speaker Anthony Rendon, D-Lakewood; Senate President Pro Tem Toni Atkins, D-San Diego; and the Legislature, the California Chamber of Commerce on Tuesday laid out eight detailed recommendations aimed at easing the state’s path away from a projected $54.3 billion budget shortfall and 25 percent unemployment to economic recovery.

Among these, the Chamber called for leaders to “postpone nonessential compliance and rule-making activities.” “Top of the list,” its Executive Vice President Jennifer Barrera wrote, “The Attorney General should suspend enforcement of the still-unfinished regulations for the California Consumer Privacy Act (CCPA).

“Businesses are consumed with getting back on their feet and complying with all the existing rules,” Barrera said in the letter. “The Governor should order state agencies to hit the pause button on all non-essential regulatory functions not urgently needed to protect human health and extend the time to implement rules that have not yet taken effect.” This follows calls from business groups for more time. Among the takeaways:

• The Office of the Attorney General (OAG) isn’t budging. The CCPA has been in effect since Jan. 1, 2020, Attorney General Xavier Becerra’s press office told Techwire via email, adding: “We’re committed to enforcing the law starting July 1. We encourage businesses to be particularly mindful of data security in this time of emergency.” 

• Assemblymember Ed Chau, D-Monterey Park, a member of the California Legislative Technology and Innovation Caucus and a leader in tech legislation, is similarly unmoved. The CCPA, along with state Senate Bill 1121, which created it, gave businesses two years to comply, “between when the law was passed in June of 2018 and when the Attorney General is required to enforce the law in July of 2020,” Chau said via email, noting its substance has been available since October — and deferring to Becerra on enforcement.

“While I am sympathetic to the significant commercial impact being felt globally as a result of COVID-19, we also have an obligation to protect the health, safety, and privacy interests of our constituents that are most at risk today,” Chau said.

• Could enforcement hobble government even as it gives residents a louder voice in what becomes of their personally identifiable information? Possibly. Potentially choking off some of the very data sources that government now uses could wind up costing more money if the state or locals need to revisit agreements with the private sector, or spend more to acquire data. It would also mean fines of up to $7,500 per violation for businesses — a prospect that fills entrepreneurs with dread, Rachel Michelin, president of the California Retailers Association, told the San Francisco Chronicle earlier this month, pointing out that Becerra’s office had yet to issue final regulations.

Chamber Policy Advocate Shoeb Mohammed said that while businesses, including those in the tech sector, are doing their best to comply with the CCPA, its unfinished regulations and the pandemic were key motivators behind the request that enforcement be delayed.

“While that’s ongoing, it’s really confusing for us to see something like regulations that are yet unfinished … coming down on businesses in this way,” Mohammed told Techwire.

• Could this be good news for the private sector? Perhaps. Government’s already considerable appetite for data and analysis has only been whetted by the novel coronavirus (COVID-19) pandemic — and rightfully so, as both are helping direct resources and effort where they’re most needed. Understanding the law has already been good business for attorneys who practice in that area. But going forward, the public and private sectors alike could need to fine-tune their existing tools to meet new privacy standards — and need help creating new solutions to do more with the information they collect.

Theo Douglas is Assistant Managing Editor of Industry Insider — California.