Last week, I had the distinct privilege of being invited to Washington D.C. to engage directly with Senator Bennet's office from Colorado regarding the draft of the American Privacy Rights Act currently before Congress. It was an honor to share my perspective and discuss the potential unintended consequences of this legislation on small to medium-sized businesses. Senator Bennet and his team were incredibly welcoming and genuinely interested to hear my perspective. I expressed significant concerns about the current draft of the bill. Here are a few reasons why the bill in its current form is bad for small business. Vagueness in Language: The bill's ambiguous terms could lead to interpretative challenges that complicate compliance. Marketing Restrictions: As written, the bill severely limits the ability of businesses to target and retarget their audience—essential practices for growth and customer relationship management. Misjudged Exemptions: The exemption for businesses handling less than 200,000 data points fails to recognize that today's small businesses can have a vast digital reach, well beyond what their size might suggest. Legal Vulnerabilities: The provision allowing any individual to sue a company for violations, regardless of its size, sets a precarious legal precedent that could inundate small businesses with lawsuits. Financial and Time Impacts: The compliance and potential legal costs could drain resources, stifling innovation and growth. While I fully support the initiative for a federal privacy law, the current form of the American Privacy Rights Act is not conducive to the realities of modern small businesses. We need legislation that protects privacy without undermining the operational capabilities of America’s business backbone. I am so grateful for the opportunity to represent the voice of small to medium-sized businesses. We all agree on the necessity of digital privacy but let’s ensure we understand the ramifications before hastily writing something into law. #DigitalPrivacy #Legislation #BusinessImpact #CapitolHill
Trevor Plaza’s Post
More Relevant Posts
-
Thank you shoutout to Matt Schwartz of Consumer Reports for featuring Vermont in his piece: Consumer Reports praises Vermont legislature for passing groundbreaking privacy bill. Excerpt: 'The Vermont state legislature advanced a privacy bill supported by Consumer Reports that marks a significant development in state privacy law. If the bill is approved by Governor Phil Scott, Vermont would become the eighteenth state to extend baseline privacy rights to consumers, including the right to access, delete, and stop the sale of their personal information. CR worked with lawmakers throughout the session to improve the legislation, including by requiring data minimization standards and a private right of action that will allow consumers to sue large companies when they violate the law. It is scheduled to go into effect on July 1, 2025. The Vermont bill, H. 121, has several novel provisions that make it much stronger than most state privacy bills... “We commend Vermont lawmakers for standing strong in the face of Big Tech lobbying and enacting truly meaningful privacy legislation that will protect the personal information of their constituents,” said Matt Schwartz, policy analyst at Consumer Reports... If H. 121 is signed by Governor Scott, Vermont would become the sixth state to pass a comprehensive privacy law this year, following New Jersey, New Hampshire, Kentucky, Nebraska, and Maryland.' [ Read the full article: https://bit.ly/consumer121 ] #dataprivacy #consumerprotection #techpolicy FYI Jason Gibbs Kendal Smith
To view or add a comment, sign in
-
From Kramer Levin Naftalis & Frankel LLP: On April 7, 2024, Sen. Maria Cantwell, chair of the Senate Commerce Committee, and Rep. Cathy McMorris Rodgers, chair of the House Energy and Commerce Committee, advanced a new federal privacy bill to the House floor titled the American Privacy Rights Act (APRA). Although it is not yet law, many observers are optimistic that the APRA will move forward due to its bipartisan support and the compromises it reaches on the issues of preemption and private rights of action, which have stalled prior federal privacy bills. #dataprivacy #congress #apra #dataholders #stateprivacylaws
Federal Privacy Bill Aims To Consolidate US Privacy Law Patchwork
https://www.jdsupra.com/
To view or add a comment, sign in
-
American Privacy Rights Act of 2024: What to Know and Where It Stands | Texas Lawyer: In April, Chair Cathy McMorris Rodgers and Chair Maria Cantwell introduced the American Privacy Rights Act of 2024 (APRA), a bipartisan federal privacy bill aimed at expanding enforcement mechanisms for privacy rights. The bill would provide enforcement powers to the Federal Trade Commission and state attorneys general, as well as a private right of action for certain breaches of defined privacy rights. The APRA would have broad coverage, applying to entities that determine the purpose and means of collecting, processing, retaining, or transferring covered data and are subject to the FTC's authority. It also outlines requirements for large data holders, data brokers, and covered high-impact social-media companies. The bill includes exemptions for small businesses, governments, and entities collecting data on behalf of a government entity, as well as fraud-fighting nonprofits.
American Privacy Rights Act of 2024: What to Know and Where It Stands | Texas Lawyer
law.com
To view or add a comment, sign in
-
Prop. 24 expressly provides that “[e]nforcement of provisions of law contained in the California Consumer Privacy Act of 2018 amended by this act shall remain in effect and shall be enforceable until the same provisions of this act become enforceable.” (§ 1798.185, subd. (d).) The superior court order reaffirms the same, stating that “regulations previously passed pursuant to the CCPA will remain in full force and effect until superseding regulations passed by the Agency become enforceable in accordance with the Court’s Order.” (Vol. 8, Tab 12, p. 2222.) However, because the recently enacted Prop. 24 regulations superseded the prior regulations in many respects, it is not clear whether the prior regulations are still effective and enforceable, notwithstanding the superior court’s order. The superior court’s order essentially creates two competing standards that are in place at the same time: the standards under the 2018 CCPA and its implementing regulations, and the standards under Prop. 24 and its implementing regulations. The Prop. 24 regulations went into effect as of March 29, 2023, and superseded the 2018 regulations. While the superior court’s order enjoined enforcement of the Prop. 24 regulations, it did not purport to render them legally ineffective. However, the superior court’s order also provides, consistent with what the voters intended, that “regulations previously passed pursuant to the CCPA will remain in full force and effect until superseding regulations passed by the Agency become enforceable in accordance with the Court’s Order.” (Vol. 8, Tab 12, p. 2222; see also § 1798.185, subd. (d).) This leaves businesses in a state of uncertainty as to which regulations they should be complying with: the 2018 regulations, which were ostensibly superseded but are still enforceable under the court’s order, or the Prop. 24 regulations, which are technically in effect, but are not enforceable under the court’s order to the extent they were a required regulation under Prop. 24. Similarly, this leaves consumers in a state of uncertainty as to what rights and protections they currently have under the law.
Today, the CPPA and @AGRobBonta filed a petition to overturn a recent trial court decision that imposed a 12-month delay on enforcement of the Agency’s privacy regulations. Urgent intervention by this Court is necessary and appropriate. There is no clear, express command in Prop. 24 supporting the superior court’s writ of mandate. Rather, the superior court based its order entirely on a shaky inference drawn from a single provision in Prop. 24, and granted relief that is contrary to express language in the measure, ignores the broader statutory scheme, and frustrates the voters’ unmistakable objective of strengthening the protections for consumers’ privacy. Moreover, in granting the equitable remedy of a writ of mandate—which functions here as a statewide injunction barring the Agency and the Attorney General from enforcing the required regulations—the superior court failed to weigh the competing harms or consider the public interest. Indeed, it held such considerations were irrelevant. Thus, without requiring any evidence of harm, the superior court effectively enjoined the enforcement of an entire set of regulations against all violators, regardless of whether they were a party to the lawsuit, or whether they would actually be unfairly prejudiced, as the Chamber baldly asserted. The superior court’s order is also unworkable in many respects, and inadvertently undermines existing consumer privacy protections that were not subject to the underlying writ, insofar as it prohibits the enforcement of recently enacted regulations which amended and superseded prior regulations.
To view or add a comment, sign in
-
-
In our latest #FMG blog, we explore Vermont's 2024 proposed Data Privacy Act (VDPA), which grants residents the right to sue large data holders. This sets Vermont apart from California's Consumer Privacy Act (CCPA) and highlights the evolution of state privacy laws in the U.S. Click the link below to learn more. FMG authors: Justin Boron, Matt Delfino, and Danielle Ocampo. #FMGLaw #CyberPrivacyandSecurity #Vermont #California https://bit.ly/4cfNWDA
The private right of action in privacy laws: Comparing Vermont to California
https://www.fmglaw.com
To view or add a comment, sign in
-
Client Alert: On September 11, 2023, Delaware became the latest state to enact comprehensive privacy legislation, following the recent enactments of data privacy laws in Iowa, Indiana, Florida, Montana, Tennessee, Texas, and Oregon. Currently, other states with data privacy laws include California, Colorado, Connecticut, Utah, and Virginia. Click below to read more from Slaven Jesic and Keith Moulsdale.
Whiteford, Taylor & Preston LLP | Client Alert: Delaware Becomes the Latest State to Enact a Data Privacy Law
whitefordlaw.com
To view or add a comment, sign in
-
On Bloomberg today, my Goodwin colleague Federica De Santis and I write about New Jersey’s new privacy law. Just like my home state itself, this new law has its quirks and unique attributes. Learn more here: https://lnkd.in/e945_SPC #privacylaw
New Jersey Privacy Law Helps Expand US Consumer Privacy System
news.bloomberglaw.com
To view or add a comment, sign in
-
A U.S. District Court judge temporarily halted California's Age-Appropriate Design Code Act (CAADCA) from taking effect. This groundbreaking legislation aimed to regulate online products and services to ensure they were suitable for children. It was scheduled to take effect on July 1, 2024. This ruling could serve as a road map for challenging other expansive state privacy laws that impose compelled speech obligations. For more details, read Fenwick’s Tyler Newby and Heba Tawadross’ latest client alert for a full breakdown of the decision: https://ow.ly/17Nr50PPryz #CAADCA #PrivacyLaw #PrivacyCompliance
Enforcement of California’s Age-Appropriate Design Code Act Is Put on…
fenwick.com
To view or add a comment, sign in
-
What does the Colorado Privacy Act mean for consumers and businesses? Learn about the CPA’s applicability, consumer rights, and compliance in this deep dive article from FW privacy attorney Chris Spurr, Esq., CIPP/US, CIPM. #ColoradoPrivacyAct #DataSecurity
A Deep Dive Into The Colorado Privacy Act
fwlaw.com
To view or add a comment, sign in
-
Did you know that the California legislature just introduced the first bill to amend the CCPA (California Children’s Data Privacy Act (AB 1949)? In short, the proposed amendments would: 1) Increase the age for affirmative consent to “share” or “sell” (as defined in the CCPA) personal information of children from 16 years old up to 18. 2) Expand requirement to obtain affirmative consent for children under 18 to the collection and use of sensitive personal information for purposes not explicitly enumerated under the CCPA. 3) The California Privacy Protection Agency (CPPA) will need to adopt regulations to establish technical specifications for opt-out signals for children. This bill would require an extension of GPC signal or a similar signal to specify the age group of the user. The modifications proposed by the bill would only affect organizations that are subject to the CCPA. The bill is meant to protect children’s privacy online considering the Children’s Age-Appropriate Design Code Act (CAADCA) is on ice. https://lnkd.in/epFVrsMX
California AB1949 | 2023-2024 | Regular Session
legiscan.com
To view or add a comment, sign in