Business representatives told California regulators on Tuesday that they want more from the state's new consumer privacy law—more specific definitions and more flexibility in compliance.

Speaking at a Sacramento hearing convened by the office of Attorney General Xavier Becerra, officials representing software developers, retailers, advertisers and other industries said that, without refining, the California Consumer Privacy Act, or CCPA, threatens the basic online operations their clients expect.

“A 16-year-old California student may have the right to delete all of their grades without the knowledge of their parents or public school,” said Sara Kloek, director of education policy for the Software and Information Industry Association. “CCPA makes compliance with [existing] student privacy laws more confusing.” She added: “The deletion rights under CCPA could cause major compliance confusion and should be clarified.”

The comments were recorded under a mandated rulemaking process that Becerra's office is conducting to craft regulations that spell out how the new consumer privacy law will be enforced next year. The public hearing in Sacramento, held in a state auditorium filled with suit-clad individuals tapping away on laptops, is the fifth of seven scheduled for locations around California.

The attorney general's office expects to have proposed rules available for review in the fall.

The Consumer Privacy Act gives Californians the right to find out what information businesses collect about them and to have companies delete that information if they choose. The law also bans companies from discriminating against customers who exercise those rights.

A broader version of the privacy law was initially proposed as a ballot initiative by San Francisco real estate developer Alastair Mactaggart. Legislators last year approved a compromise bill containing much of the proposed initiative to avoid a costly ballot fight pitting telecommunications and tech companies against consumer advocates.

Critics of the law said they want stricter definitions of what constitutes consumer and personal information. Restrictions on identifying consumers could make it tougher to track down online harassers or to confirm clients really want their information deleted, they said Tuesday. They also want more leeway on what it means for a customer to opt out of a company's data-collection practices—for example, can a consumer approve just some data-sharing in exchange for rewards or rebates?—and to offer ad-free platforms at a price.

James Harrison, a partner at Remcho Johansen & Purcell, the San Leandro firm that helped draft Mactaggart's initiative, said Tuesday that any rules developed by the attorney general must give consumers a “clear and easy” way to opt out company data sales on a broad basis.

“Financial incentives and discounts offered by businesses should be tied to the average value to the business of consumers' data,” Harrison said. “We think that's a way to ensure that loyalty programs can continue while also preventing businesses from charging consumers unjust or unreasonable rates and fees for exercising their privacy rights.”

The next public forum on potential Privacy Act rules is set to take place Feb. 13 in Fresno. Comments can also be submitted online.

|