California AG Backs Bill Giving Consumers Power to Sue for Data Privacy Violations
The bill would expand the law's private right of action beyond data breaches to cover other corporate missteps, such as ignoring consumers' requests to delete their personal information.
February 26, 2019 at 03:00 AM
4 minute read
The original version of this story was published on The Recorder
Newly introduced state legislation would give Attorney General Xavier Becerra the changes he's been seeking in the California Consumer Privacy Act, including the right for consumers to sue businesses that violate the sweeping new data-protection law.
Senate Bill 561 by Sen. Hannah-Beth Jackson, D-Santa Barbara, would expand the law's private right of action beyond data breaches to cover other corporate missteps, such as ignoring consumers' requests to delete their personal information. The law, as written now, only allows the attorney general's office to pursue most violations.
“I don't think the Legislature wants only the attorney general's office to be able to protect people's rights,” Becerra said Monday at a press conference with Jackson in Sacramento. “We need to have some help. And that's why giving [consumers] their own private right to defend themselves in court if the Department of Justice decides it's not acting—for whatever number of good reasons—that's important to be able to truly say … you have rights.”
The proposed changes are expected to open a new front in the battle between consumer and privacy groups supporting the law and technology and telecommunications trade groups seeking to restrict the regulations' reach.
The proposed changes would cover most of the items in a wish list Becerra submitted to lawmakers in August, when he called the law “unworkable” without amendments and additional funding. Becerra and Jackson acknowledged Monday that the new legislation could open the door to class actions over alleged privacy violations.
The legislation would strip language requiring the attorney general's staff to provide compliance guidance to companies. And the bill would eliminate a 30-day grace period for targeted companies to fix any violations before facing sanctions.
“In other words 'Catch me if you can and, if you do, I'll comply with the law,'” said Jackson, who chairs the Senate Judiciary Committee and is expected to block any attempts to weaken the law's provisions. “Once the horses have left the stable you can't get them back. And it is indeed a get-out-of-jail-free card for these bad actors.”
The California Chamber of Commerce assailed Jackson's new bill, saying the goal “appears to be lawsuits and attorney's fees.” The Chamber's statement added: “Punishment may be an incentive to increase compliance, but—especially where a law is new and vague—eliminating a right to cure does not promote compliance. SB 561 … will not only hurt and possibly bankrupt small businesses in the state, it will kill jobs and innovation.”
More than a dozen bills that could serve as vehicles for amending the California Consumer Privacy Act, or CCPA, were introduced by the Feb. 22 legislative deadline. Some seek to broaden the bill's reach, including one that would cover breaches of biometric and passport information. Others have no language yet but are expected to carry changes sought by business interests.
The Privacy Act was adopted last year by bipartisan legislative votes as an alternative to what would have been a lengthy and expensive November ballot initiative fight. Kevin McKinley, California government affairs director for the Internet Association, said in an email that the new bill's private right of action “would unwind a key piece of the deal that was struck last year to pass CCPA and to make the law workable for companies both big and small.”
“We strongly oppose the proposed changes to the enforcement mechanism,” McKinley said.
Becerra's office has launched a rule-making process that will help shape how the law is enforced. The next and last public forum on the rulemaking will be March 5 at Stanford Law School.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250