Today the California Chamber of Commerce submitted comments in response to the California Privacy Protection Agency’s (CPPA) request for public input on draft regulations regarding automated decision-making technologies, cybersecurity audits, and privacy risk assessments.
Although the CalChamber supports the stated goal of the CPPA’s draft regulations to protect consumer privacy and security while advancing innovation, the CalChamber pointed out that the draft regulations fall short of its goal and require significant revisions to avoid both overreaching the limits of the statute and detrimental consumer impacts.
Among its recommendations, the CalChamber urged the CPPA to implement revisions to address concerns that the draft regulations and the Standardized Regulatory Impact Assessment (SRIA):
- Overreach the CPPA’s statutory authority and encroach on the California Legislature and Governor’s ongoing efforts to strike a balance in regulating automated decision-making technologies (ADMT);
- Conflict with existing statutory rights and exemptions;
- Depart from established global privacy frameworks and standards;
- Undercut foundational constitutional protections; and
- Drastically underestimate the costs that the draft regulations will impose on businesses and the state.
The CalChamber also urged the agency to allow for a full 24 months to come into compliance with the updated regulations and the new articles.
“The cybersecurity audit and risk assessment timelines already recognize a 24-month time frame. Accordingly, the ADMT requirements and the modifications to the existing regulations should also be afforded a 24-month time frame for compliance,” the CalChamber said.
The CalChamber also requested that the CPPA make clear that the regulations apply only to processing activities that occur after the regulations enter into effect.
To read the CalChamber’s submitted comments, click here.
Economists’ Report on Cost Assessment of New Regulations Indicate that the Agency has Drastically Underestimated the Cost to Businesses and Overestimated the Savings to the State
A report released last November by the CalChamber concluded that businesses, consumers, and governments in California will suffer net economic losses, translating into reduced jobs and tax revenues, from the CPPA’s proposed rules.
The report, prepared by Capitol Matrix Consulting (CMC), analyzes anticipated savings detailed in the CPPA Standardized Regulatory Impact Assessment of proposed regulations that would add and change existing rules related to the California Consumer Privacy Act (CCPA) of 2018 as amended by the California Privacy Rights Act (CPRA) of 2020.
The SRIA concludes that the regulations would result in direct costs to California businesses of $3.5 billion in the first full year and average annual costs to businesses over the first 10 years of $1.08 billion and will result in employment losses peaking at 126,000 in 2030. Similarly, it estimates annual state revenue losses reaching $2.8 billion in 2028.
While the SRIA claims long term benefits will exceed these costs, the report reveals that the purported benefits are based on an arithmetical error and speculative assumptions.
Specifically, the CMC report details errors in the SRIA that include:
- Underestimating external auditor and employee compensation rates paid by businesses;
- Excluding from its economic analysis out-of-state businesses that sell into California markets; and
- Ignoring the massive ongoing costs and business productivity losses resulting from behavioral changes by businesses and consumers following adoption of the regulations.
In addition, the SRIA overstates the savings from the proposed regulations by:
- Grossly overestimating baseline cybercrime losses due to an arithmetical error and other factors, including a flawed approach to estimating future cybercrime losses; and
- Overestimating savings from audits and risk assessments based on assumptions not supported by the literature, including articles listed in the SRIA.
The CMC analysis warns that there are major implications for California jobs and state budget revenues from the privacy agency’s underestimate of costs and overestimate of benefits of the proposed regulations.
A full copy of the analysis is available here.
About CalChamber
The California Chamber of Commerce (CalChamber) is the largest broad-based business advocate to government in California. Membership represents one-quarter of the private sector jobs in California and includes firms of all sizes and companies from every industry within the state. Leveraging our front-line knowledge of laws and regulations, we provide products and services to help businesses comply with both federal and state law. CalChamber, a not-for-profit organization with roots dating to 1890, promotes international trade and investment in order to stimulate California’s economy and create jobs. Please visit our website at www.calchamber.com.
