Do you think the US Congress will pass any major new legislation over the remainder of the year? There does seem to be a lot going on in Washington, after all, with Democrats and Republicans looking more divided by the day.
This is an important question for the Tech industry, because on the first day of 2020 the California Consumer Privacy Act goes into effect. Without a federal law that explicitly preempts state statutes, the CCPA will become the rulebook for how companies like Amazon, Facebook, Google, Apple and others must treat the personal data of California citizens. All 40 million of them…
Here are the basics of the California law:
- It applies to any company doing business in the state that has +$25 million in revenues OR has the personal information of more than 50,000 people OR earns more than 50% of its revenues from selling personal data.
- These companies must have a “Right to Say No to Sale of Personal Information” link on the home page of their website to allow for an opt-out.
- Businesses cannot request opt-ins for 12 months after an opt-out.
- Companies will have to implement a process to obtain parental/legal guardian consent for children under 13 and active consent for those between 13 – 16.
- They will also have to develop methods for users to request their personal information, including (at least) a toll-free phone number.
- Any violation will be subject to a $2,500 – $7,500 fine per infraction.
- Any company that has a data breach can be ordered to pay $100 – $750 per California resident affected.
A headline from Reuters today casts doubt on the possibility that DC can save tech companies from CA’s law: “US online privacy rules unlikely this year, hurting big tech”. The details:
- Three sources told the newswire that a national online privacy bill is “not likely to come before Congress this year” because “lawmakers disagree over issues like whether the bill should preempt state rules”.
- At best, Congress may have a “discussion draft” before the end of the year. The House may have such a document in the next few weeks, but the Senate version is coming along more slowly.
- Whole story here (worth a read): https://www.reuters.com/article/us-usa-congress-privacy/u-s-online-privacy-rules-unlikely-this-year-hurting-big-tech-idUSKBN1WF1B1
- As Jessica regularly reports, this is one reason why Big Tech has ramped up its DC lobbying efforts in recent years. In the absence of federal regulation, other states could draft their own legislation or copy California’s initiative with some tweaks of their own. All this would make compliance much more difficult and costly.
- California, home of Big Tech, is also its greatest US regulatory challenge. This tells you all you need to know about the arc of future legislation. The days of Big Tech exploiting regulatory arbitrage are over.
- DC’s slow pace in creating its own regulation is troubling. In one respect, this should be a no-brainer since it addresses a popular concern (data privacy) and costs taxpayers nothing. But 2020 is a big political year, and lawmakers must calibrate their actions in an uncertain landscape.
Bottom line: we see this problem as one more challenge for Big Tech, alongside California’s recent contractor/employee legislation and ongoing DOJ/FTC investigations. About the only good news is that these issues are known, and therefore reflected in asset prices. Big Tech has done a good job of innovating and growing even as regulatory pressure increases. We think that can continue, but the need for this industry to develop the next “big thing” rises in proportion to government scrutiny.