By Joyce E.
Dec. 13 --California's privacy laws have created
opportunities for industries to flourish while consumer and company confusion
can subvert the intention of the laws, privacy practitioners told California
lawmakers Dec. 12.
During a California legislative informational hearing
at Santa Clara University in Santa Clara, Calif., law professors and privacy
attorneys said the state can improve privacy by requiring warrants for
electronic communications and cleaning up old statutes that impede compliance
and consumer protection.
“Privacy rules don't necessarily erode
innovation. Sometimes they're the fabric of it,” said Deirdre Mulligan,
co-director of the University of California Berkeley School of Law Center for
Bright-line rules and the clarity they provide
allow leaner startups to operate without devoting resources to “trying to
figure out what their obligations are,” Mulligan told the California Assembly
Judiciary Committee, the Business, Professions& Consumer Protection
Committee and the Select Committee on Privacy.
technological innovation are not mutually exclusive goals,” said David Lieber,
when companies compete on the basis of privacy,” Lieber said on a panel
Michael Beckerman, president
and chief executive officer of the trade group the Internet Association, whose
members include companies such as eBay Inc., Yahoo! Inc., Salesforce.com Inc.,
Facebook Inc. and LinkedIn Inc., said a “strong Internet sector means a
stronger California economy.”
Consumers are protected by existing laws
that prohibit deceiving or acting in ways that cause harm regardless of
technology, Beckerman said on a separate panel.
“So before taking steps
to add additional burdens on the industry that is the driving force of
California's economic growth, the question we should ask is: does the
collection of consumer information create concrete consumer harms that can't be
addressed under existing law?,” Beckerman said. “And in the absence of the real
demonstrable harm, why should we go forward with additional laws and
regulations that risk slowing down the strongest growth sector of California's
economy?” he said.
Assembly Member Donald Wagner (R) said his
constituents “are not coming to me and saying you've got to protect me against
Google or Amazon’’ and are seeing protection from identity theft and government
“California has a profound
effect on how the rest of the country and even the world addresses policy
issues,” said Assembly Member Ed Chau (D), the chairman of the Select Committee
The “California Effect” is how what California does ripples
across the nation and the world, said Paul Schwartz, special adviser at Paul Hastings LLP
and co-director of Berkeley Law's Center for Law & Technology.
2002 California breach notification law was adopted by 45 other states and to a
limited extent the federal government in the Health Information Technology for
Economic and Clinical Health Act, Schwartz said. “Now the EU has looked to
California as a model for privacy notification,” with the European Union
adopting breach notification requirements for Internet service and
telecommunication providers, he said.
“The thing to note, though, the
California Effect is typically the first stage. It would be followed by action
in D.C.,” which Schwartz said has been lacking. “The question becomes in
absence of action in D.C., what should we do?” he asked. The question is
whether “to act or not to act” in the world's ninth largest economy, he
Given European regulators are concerned about the vigor and
strength of U.S. privacy safeguards, he said, “efficient and effective
California privacy law has the potential to make a significant contribution to
the international dialogue here.”
Schwartz suggested that California lawmakers consolidate and amend existing
law, including the Song-Beverly Credit Card Act, Cal. Civ. Code §§
1747-1748.95, a 1970s consumer protection act that seeks to balance privacy
with the need to bolster security and stop identity theft.
“is almost like a ship that has collected various kinds of barnacles over
time,” with amendments that give retailers no overall ability to request
reasonable additional information to prevent fraud and identity theft while
reducing unwarranted marketing pitches, Schwartz said. Legislative “help here
would save everybody a lot of time,” he said.
Other areas for
streamlining are the state Confidentiality of Medical Information Act, Cal.
Civ. Code §§ 56-56.37, which has been followed by much federal action, and a
centralized digital resource of California legislation, Schwartz said.
One area the Legislature can act is in
the area of warrants, Google's Lieber said.
Recent revelations about the
National Security Agency's surveillance program have cast a cloud around
Internet services, many of which are based in California, “but they sparked a
serious and overdue debates,” Lieber said. “So we can start by fixing our
domestic surveillance laws,” Lieber said.
Google supports amendments to
the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2522, to require a
warrant when the government wants users' electronic communications, Lieber
In April, the Senate Judiciary Committee approved an ECPA reform
bill (S. 607) introduced by Sen. Patrick Leahy (D-Vt.), the
panel's chairman . In May, Rep. Kevin Yoder (R-Kan.) introduced similar
legislation (H.R. 1852), which is now pending before the House
Judiciary Subcommittee on Crime, Terrorism, Homeland Security, and
In July, the House Appropriations Committee reported
approved a bill (H.R. 2786) that would bar federal agencies from using
appropriated funds to approach Internet service providers without a warrant
seeking access to emails and other private electronic communications .
California Gov. Jerry Brown (D) in October vetoed legislation (S.B. 467) that would have required government agencies to
obtain a warrant to access electronic communications from ISPs and others,
saying the bill would impede ongoing criminal investigations .
encourage legislators to continue to press for changes that would ensure that
the law does comport with users' reasonable expectations of privacy,” Lieber
Eric Goldman, director of the Santa Clara
Law High Tech Law Institute, cautioned that California's enactment of laws
affecting the Internet exceeds state lines can implicate the dormant Commerce
California lawmakers take pride in knowing “we who are not
elected by the world can change the world and make a difference to people who
are constituents and to those who are not,” Goldman said.
California is a large economic market that has power to change company
practices, “this line of thinking about the California effect is very damaging
when it comes to Internet regulation,” Goldman said.
environment, Goldman said, “we don't have the same kind of local conditions
that require local solutions.” The Internet's architecture “doesn't understand
geographic borders,” so websites don't have a cost effective and reliable
mechanism to determine the state in which a user is located, Goldman said.
Aleecia McDonald, director of privacy at
the Stanford Law School Center for Internet and Society, said the notice and
choice concept failed. McDonald said her research showed 98 of the top 100
websites tracked consumers, “so there's not much choice there unless unplugging
“And there's also a tremendous user burden in asking
users to read the privacy policies of every site they visit,” McDonald said. A
separate study she conducted found it would take as much time to read privacy
policies as to spend time on websites.
“This is just not a supportable
Apple Inc. is 56 pages on an iPhone screen, McDonald said.
“But let me
point out that right now we are putting the cost of this Wild West of privacy
on citizens while most of the benefits are accruing to companies,” McDonald
said. More than two thirds of Americans “think their privacy is protected by
laws that don't exist,” she said.
Chris Conley, a technology and civil
liberties fellow at the American Civil Liberties Union of Northern California,
said the “problem with voluntary transparency is you get something that looks a
little like an online dating profile. Companies can pick and choose what they
think looks best about them.”
“I would like to have a privacy framework
in which even the most paranoid people are feeling really comfortable about the
use of technology,” Mulligan said.
To contact the reporter
on this story: Joyce E. Cutler in San Francisco at email@example.com
To contact the editor responsible
for this story: Katie W. Johnson at firstname.lastname@example.org
Full text of Schwartz's written testimony is available at http://op.bna.com/pl.nsf/r?Open=kjon-9eclws.
To view additional stories from Privacy & Data Security Law
Resource Center™ register for a free trial now