No one disputes the importance of guarding the privacy of consumer information. But the recently enacted California Consumer Privacy Act (CCPA) threatens businesses with potentially crippling liabilities, while also harming consumers who benefit from innovation (including new ways to use data to offer personalized services and product recommendations) and enjoy free services made possible by data collection, processing and usage.
California’s Attorney General and legislature are currently proposing amendments to the law. Their proposals, however, may do little to aid businesses in knowing how to comply with CCPA, and may instead dramatically increase liability risks for non-compliance. Indeed, the amendments currently under consideration appear calculated to please the plaintiff class action bar above all others. The proposed amendments would incentivize private enforcers to sue defendants for annihilating penalties, even where the alleged violations are morally blameless and do not cause actual harm, while also removing the limited mechanisms currently available by which companies can obtain guidance on how to comply.
California’s privacy law should be clarified to promote understanding and compliance, and to limit private remedies by narrowly tailoring them to the culpability of a defendant’s conduct, while also taking into account whether non-compliance has caused any actual monetary loss or data breach.