Data: Condidential: California wields a 'stick' with tough new privacy regulations. Ohio takes a 'carrot' approach.
Author | Ehisen, Rich |
Position | DATA PRIVACY |
Taking a cue from the European Union's expansive new General Data Protection Regulation, California lawmakers in June adopted the toughest and most complex data privacy regulations in the United States. Given the state's history of driving national policy, the logical question is whether the California Consumer Privacy Act will inspire other states or even the federal government to impose strict new data privacy regulations of their own.
According to experts we spoke to, the answer is a definite maybe.
"Over the years several California privacy statutes have been copied by other states. But they were mostly simple and straightforward," says Kristen Mathews, a partner in the New York City law firm Proskauer Rose LLP and the head of its global privacy and cybersecurity group. "This new California law is not simple. I don't think it would be my first contender for a law that other states will copy."
She'll get no argument from David Zetoony, a partner with Bryan Cave Leighton Paisner LLP, based in St. Louis. Zetoony, head of the firm's global data privacy and security practice, calls the law "misguided, dubious in value and not well-thought-out at all."
To be sure, not everyone sees it that way. In a blog post shortly after the bill was signed on June 28, Alan Friel and Nilou Massachi, privacy attorneys for Cleveland-based Baker Hostetler LLP, called it "a win for both industry and consumers."
Meanwhile, in a statement released that same day, California Senator Bill Dodd (D), one of the measure's three authors, noted his hope that "other states will follow, ensuring privacy and safeguarding personal information in a way the federal government has so far been unwilling to do."
That remains to be seen, but Zetoony says it really doesn't matter if states follow suit or not, noting that California was the first state to adopt online privacy requirements for companies doing business there. Even though other states didn't copy them, he says most large companies adopted those policies themselves, essentially spreading the power of the law across the country.
"This law may not get emulated quickly, but it doesn't need to be to have a national impact," he says.
As noted, the California Consumer Privacy Act borrows heavily from the European Union's statute--"80 or 90 percent," Zetoony says. Whether you think that's good or bad likely depends on whether you are a consumer advocate or a big tech company that currently collects consumer data with almost...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.