Hey Alexa, California's New IoT Law Requires Data Protections
“The lack of basic security features on internet connected devices undermines the privacy and security of California's consumers," a California lawmaker says.
October 01, 2018 at 01:00 AM
3 minute read
The original version of this story was published on The Recorder
New mobile phones, refrigerators, children's toys and a range of other Internet-connected consumer products sold in California will have to contain “reasonable security features” starting in 2020, under legislation signed Friday by Gov. Jerry Brown.
Senate Bill 327 and Assembly Bill 1906 do not dictate specific steps manufacturers must take to block hackers or shield owners' personal information. Instead, the legislation says protections should be “appropriate to the nature and function of the device” and “appropriate to the information it may collect, contain, or transmit.”
The new law, which the authors say is the first in the nation, contains no private right of action and leaves enforcement in the hands of the attorney general, city and county counsel and district attorneys. There are no mandated penalties.
“The lack of basic security features on internet connected devices undermines the privacy and security of California's consumers, and allows hackers to turn everyday consumer electronics against us,” said Sen. Hannah-Beth Jackson, D-Santa Barbara, who authored the Senate bill. The Assembly bill, nearly identical, was enacted simultaneously.
The legislation “ensures that technology serves the people of California, and that security is not an afterthought but rather a key component of the design process,” Jackson said.
Jackson introduced connected-device privacy legislation in early 2017. The much broader terms of that bill would have mandated that manufacturers update owners about security patches and to design their products to alert consumers when their information was being collected.
The legislation drew immediate criticism from the tech industry's trade associations, including Technet and The Internet Association, as a potential roadblock to future product development.
Jackson scaled back her bill to focus on data security. Many tech groups dropped their opposition to the bill, easing its passage through the Legislature. The legislation was still opposed by the Entertainment Software Association and the National Electrical Manufacturers Association.
In a letter to the Senate, the Entertainment Software Association said the legislation wasn't needed. “Existing law already requires manufacturers to implement reasonable privacy protections appropriate to the nature of the information they collect,” the letter said.
The bill was backed by privacy rights organizations and consumer groups, including the Electronic Frontier Foundation and Privacy Rights Clearinghouse.
The new connected-device requirements are slated to take effect at the same time as the California Consumer Privacy Act. That legislation, derived from a would-be ballot initiative, requires companies to tell customers what information they gather about them and who they share it with. It also forces companies to delete that information upon a consumer's request.
Tech companies and their trade associations are expected to launch a major lobbying campaign in the next legislative sessions to weaken those provisions.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
JAMS Launches Initiative to Leverage AI Technology in Dispute Resolution
To Woo Law Firms, Legal Training Platforms Are Combining Hands-On and Online Learning
The American Arbitration Association Unveils Gen AI-Powered Panelist Search Tool
UnitedLex Appoints GC Renee Meisel as New CEO, Replacing James Schellhase After Short Tenure
Trending Stories
Who Got The Work
Clark Hill members Vincent Roskovensky and Kevin B. Watson have entered appearances for Architectural Steel and Associated Products in a pending environmental lawsuit. The complaint, filed Aug. 27 in Pennsylvania Eastern District Court by Brodsky & Smith on behalf of Hung Trinh, accuses the defendant of discharging polluted stormwater from its steel facility without a permit in violation of the Clean Water Act. The case, assigned to U.S. District Judge Gerald J. Pappert, is 2:24-cv-04490, Trinh v. Architectural Steel And Associated Products, Inc.
Who Got The Work
Michael R. Yellin of Cole Schotz has entered an appearance for S2 d/b/a the Shoe Surgeon, Dominic Chambrone a/k/a Dominic Ciambrone and other defendants in a pending trademark infringement lawsuit. The case, filed July 15 in New York Southern District Court by DLA Piper on behalf of Nike, seeks to enjoin Ciambrone and the other defendants in their attempts to build an 'entire multifaceted' retail empire through their unauthorized use of Nike’s trademark rights. The case, assigned to U.S. District Judge Naomi Reice Buchwald, is 1:24-cv-05307, Nike Inc. v. S2, Inc. et al.
Who Got The Work
Sullivan & Cromwell partner Adam S. Paris has entered an appearance for Orthofix Medical in a pending securities class action arising from a proposed acquisition of SeaSpine by Orthofix. The suit, filed Sept. 6 in California Southern District Court, by Girard Sharp and the Hall Firm, contends that the offering materials and related oral communications contained untrue statements of material fact. According to the complaint, the defendants made a series of misrepresentations about Orthofix’s disclosure controls and internal controls over financial reporting and ethical compliance. The case, assigned to U.S. District Judge Linda Lopez, is 3:24-cv-01593, O'Hara v. Orthofix Medical Inc. et al.
Who Got The Work
Attorneys from Cadwalader, Wickersham & Taft and Pryor Cashman have entered appearances for Diageo Americas Supply d/b/a Ciroc Distilling Co. and Sony Songs, a division of Sony Music Publishing, respectively, in a pending lawsuit. The case was filed Sept. 10 in New York Southern District Court by the Bloom Firm and IP Legal Studio on behalf of Dawn Angelique Richard. The plaintiff, who performed as a member of producer Sean 'Diddy' Combs girl group Danity Kane and later his band, Diddy - Dirty Money, claims that she was financially exploited by Combs and subjected to inhumane working conditions. Among other violations, Richard claims that Combs required group members to remain at his residences and studios, deprived them of adequate food and sleep and forced them to rehearse for 36 to 48 hours without breaks. The case, assigned to U.S. District Judge Katherine Polk Failla, is 1:24-cv-06848, Richard v. Combs et al.
Who Got The Work
Mathilda McGee-Tubb and Kevin M. McGinty of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, as well as Jesse W. Belcher-Timme of Doherty, Wallace, Pillsbury & Murphy, have stepped in to defend Peter Pan Bus Lines in a pending consumer class action. The suit, filed Sept. 4 in Massachusetts District Court by Hackett Feinberg PC and KalielGold PLLC, accuses the defendant of charging undisclosed 'junk fees' on top of ticket prices during checkout. The case, assigned to U.S. District Judge Mark G. Mastroianni, is 3:24-cv-12277, Mulani et al v. Peter Pan Bus Lines, Inc.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
