Goal & Issue Summaries
Proactively develop and promote privacy principles and policies that protect consumers without stifling innovation and that avoid costly and unnecessary legal liability and compliance burdens on businesses.
Position: CalChamber supports reinstating the employee and business-to-business exemptions permanently. To the extent the State wishes to address the subject of employee privacy or employee data, that issue should be addressed through a separate statutory framework. Permitting the exemptions to expire could have serious unintended negative consequences that would harm both workers and employers.
Position: The CalChamber strongly supports greater legislative oversight over the current rulemaking process and would support legislation that is both privacy protective (by ensuring regulations are not rushed which will inevitably lead to unintended consequences) and realistic in setting compliance expectations that consumers and businesses can rely upon (by adjusting compliance and enforcement deadlines such that businesses can operationalize the law correctly). The CalChamber also supports legislative or executive efforts that will help avoid any potential unintended harms of allowing the employee and business-to-business sunsets to lapse.
The CalChamber opposes regulations that conflict or otherwise go beyond the scope of the California Privacy Protection Agency’s statutory authority, including on topics such as the optional global opt-out preference signal. The CalChamber also opposes regulations that either would create compliance issues or undermine consumer privacy when operationalized; implement vague standards that add to confusion/lack of clarity; or otherwise conflict with other important public policy goals.
To reduce compliance burdens, the CalChamber generally supports regulations that reduce operational challenges or which harmonize with other states’ laws and regulations.
Position: The CalChamber opposes any new privacy legislation that creates carve-outs or special/disparate rules that would layer on top of the CPRA for only certain types of personal information, industries, or technologies used to collect the personal information. We also oppose any efforts to add a private right of action to either the CPRA, or to separate statutes that would apply to information that is otherwise protected under the CPRA.
Position: The California Chamber of Commerce has significant concerns regarding new proposals that would be overly restrictive or punitive toward businesses that fall victim to cyberattacks, despite taking reasonable efforts, and which would create less flexibility in developing future technologies. Although businesses can and must do their part, cybersecurity is a multi-faceted issue that requires action from many different fronts. The CalChamber would support new proposals that would better equip California and its workforce to meet the challenges ahead.
Cleaned up onerous consumer privacy law in 2018 by working with members and other affected parties to negotiate clean-up language to consumer privacy law passed in 2018, including delayed enforcement and provisions clarifying that the private right of action applies only to additional liability for businesses after a data breach (SB 1121).
Led coalition in 2017 that negotiated amendments to protect the ability of business to offer free gifts or trials while allowing consumers who signed up online to cancel online (SB 313).
Stopped onerous, duplicative mandates in 2017 on manufacturers/retailers of devices that connect to the internet (SB 327); drastic restrictions on internet providers (AB 375); and a bill that risks stunting growth of unmanned aircraft systems (SB 347).
Maintaining Balance Between Privacy, Innovation
- Secured amendments in 2016 to remove problematic aspects of two bills (AB 83, AB 2623) and prevented passage of bills creating overly prescriptive mandates (AB 2688), interfering with businesses’ ability to interact with consumers (AB 2867), and potentially exposing proprietary information (SB 949).
- Stopped proposals in 2016 that would have stifled drone innovation and use (SB 868, AB 2724).
- Secured amendments in 2015 to make data breach legislation more workable for businesses (SB 570, AB 964).
- Supported modernization of digital surveillance laws in 2015 to provide clarity to business about when and how government can gain access to electronically stored consumer information (SB 178).
Protecting Victims of Identity Theft. Backed urgency bill to authorize restitution for expenses for three years to monitor an identity theft victim’s credit report and for the costs to repair the victim’s credit (SB 208 of 2011).
Combating Costly Identity Theft. Supported enactment of a law making it easier to prosecute identity theft offenses by expanding the jurisdiction to include any place where an offense occurred (SB 226 of 2009).
Neutralizing Overly Expansive Privacy Proposals. Secured amendments in 2009 to proposals (ultimately vetoed) potentially exposing businesses to further data breaches by expanding the content of required breach notifications (SB 20) and requiring social networking sites to prohibit and prevent photos posted to a site from being copied (AB 632).