Last year, California was at the forefront of the movement to increase consumer privacy online. The state legislature updated its data breach notification law, bringing it in line with some of the most strict notification laws in the country by requiring, for example, companies that send notices of a data breach to more than 500 California residents to also give notice to the Attorney General.
This year, California lawmakers continue efforts to enhance consumer privacy, particularly online. AG Harris published a report in early January outlining recommendations to protect privacy in a society that increasingly uses mobile devices for business and personal purposes. In the legislature, two privacy-focused proposals are already on the legislative agenda:
- AB 257: AB 257 also would expand CalOPPA, requiring that entities that collect personal information enact certain safeguards to protect it. Currently, CalOPPA applies to operators of “commercial websites” or “online services.” AB 257 would amend the current CalOPPA definitions of “online market” and “mobile application” to include apps intended for download onto a device, ensuring that app developers are also required to follow the strictures of CalOPPA. Finally, the bill governs advertisements on mobile apps, such as requiring the ad to identify the sponsor and requiring consumer consent before displaying the ad.
The California Legislature is not alone in considering updates to enhance citizens’ privacy protections. On the other side of the country, for example, Maryland AG Doug Gansler appealed to the Maryland Legislature to enact legislation that would allow him to bring federal COPPA claims in state courts as a violation of the state’s Unfair and Deceptive Trade Practices Act.
Legislation increasing consumer protection is often spurred by AG activity in that area. The California and Maryland legislative proposals were both introduced following a year in which both states’ AGs received significant publicity related to their efforts in the area of consumer and data privacy. Legislative proposals can also foreshadow areas of law that may see increasing AG enforcement; the Maryland and California legislative proposals, if passed, will provide more tools with which those states’ AGs can target data-collecting practices that harm consumers. As legislative sessions continue in 2013, expect to see more legislation addressing Internet and data privacy in California, Maryland, and other states.