Four bills in a five-piece legislation package aimed at tightening regulations around resident data and privacy were introduced by the Feb. 22 statehouse deadline, and could set in place at least one important online definition and bolster last year’s California Consumer Privacy Act (CCPA) if they survive the legislative process.
Republican legislators announced the “Your Data, Your Way” initiative in late January with the introduction of just one of its five proposed laws; but as predicted by the author of two bills, Assemblyman Jordan Cunningham, R-San Luis Obispo, bipartisan support is beginning to emerge. The progress so far includes:
• AB 288, the “Own Your Own Data Act,” was first to be introduced on Jan. 28. It would mandate that social media companies allow users who close accounts the option to have their personally identifiable information (PII) permanently removed and excluded from sale. The bill would require the companies to honor those requests within “a reasonable time” and would authorize “specified relief” for consumers in the event of a violation.
As introduced, the bill would define a social media company as one that “provides electronic services or accounts, or electronic content,” including but not limited to “videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online services or accounts, or internet website profiles or locations.”
Nicholas Mirman, chief of staff for Cunningham, said the definition could be narrowed — but in any case, would likely be a first.
“The definition of a social media company does not exist anywhere under current law that we can find,” Mirman told Techwire.
• AB 1035, introduced Feb. 21 by Rancho Mirage GOP Assemblyman Chad Mayes, appears to be the first legislation in the package to attract support from across the aisle. Relating to 72-hour data breach notification, it would require companies that lose consumer data in a breach to notify them within that three-day timeframe. The legislation picked up a Democratic co-author in state Sen. Scott Wiener of San Francisco; he’s apparently the first Dem to join Republicans in lending official support to a piece of the package. A representative of Mayes’ office told Techwire the bill will likely be referred to the Committee on Privacy and Consumer Protection sometime during the next two weeks.
• AB 1138, the so-called Family Green Light Act, would bar a social media website or app from letting minors under 16 create accounts unless the site or app first gets consent from a parent or guardian; and would let the Department of Justice set guidelines on how that consent is obtained.
The legislation was initially slated to be carried by Assemblyman Phillip Chen, R-Diamond Bar, but was instead introduced Feb. 21 by Assemblyman James Gallagher, R-Nicolaus, who had joined the Jan. 28 presser announcing the package. Gallagher, a father of five, told Techwire that residents need protections in place for their children and to guard against issues including cyberbullying and data mining.
“I think the other objective is, it will give parents the opportunity to be having this conversation with their kids about social media and how to do this responsibly,” said Gallagher, who added he thought the package would supplant CCPA provisions.
“We’re thinking these can be good additions, an expansion of additions to the CCPA, which we all support,” he said.
The question of identity management has long been considered by e.Republic* Chief Innovation Officer Dustin Haisler. On Medium in 2014 and 2018, he and colleague Daniel Charboneau explored the possibility that in the future, we’ll utilize an Identity Data Provider (IDP), a third-party organization, to store our personal data and serve as an intermediary with online providers like Facebook.
• AB 1395, introduced Feb. 26, also by Cunningham and co-authored by legislators including Gallagher, would safeguard consumers against having private moments captured by digital assistants. Called the “Future of Eavesdropping Act,” it would prohibit a so-called smart speaker or its manufacturer from “saving or storing recordings of verbal commands or requests given to the device, or verbal conversations heard by the device,” regardless of whether a key term or phrase triggered the recording.
“If it’s a crime already for a human to record you without your consent then why is it okay for a passive electronic device to do it? My contention is that it shouldn’t be, and in order to enjoy the benefits of these technologies, we need to have safeguards in place to make sure they’re not abused and you’re not having your private conversations stored by a company and potentially used in all sorts of ways,” Cunningham told Techwire recently.
• A fifth piece of legislation, a resolution on "21st Century Monopolies" that would call on the feds — Congress and the Federal Trade Commission — to consider updating federal anti-trust legislation, hasn’t yet been introduced. Resolutions, however, may be introduced at any time during the legislative session.
