Privacy agency taking shape, but much work remains

Last month has seen many developments in the privacy arena that should bring Californians great pride and pause.

Following the passage of Proposition 24 by a considerable margin, the new California Privacy Protection Agency Board members were finally appointed. The Assembly speaker, the Senate leader, the state attorney general, and the governor all choose a venerable group of five privacy minds to help shape and lead the new agency as it prepares for the law’s effective date of 2023.

Newly appointed Chair Jennifer Urban brings a valuable depth of knowledge with a career teaching privacy law at three of California’s premier law schools. The Assembly speaker’s appointee board member, Vinchcent Le, will also provide the agency a critical equity viewpoint as so many uses of personal information rely on insights and decisions based on what categories we all may fall into.

A real threat is posed by failing to lead our sister states towards uniform and consistent state laws.

But we cannot be content with giving ourselves a pat on the back for being the first in the nation to pass comprehensive privacy laws. Other states are quickly following suit.

Virginia signed into law their Consumer Data Protection Act on March 2., and this year nearly half of all states —  including Washington, New York, Texas, Florida, and Illinois —  have pending legislation that seeks to address the same concerns that gave us the California Consumer Privacy Act and the California Privacy Rights Act. But distressingly, Virginia’s law departs significantly from our law, and many of these legislative proposals have differing definitions and mechanisms to protect consumer privacy.

As co-chair of the National Conference of State Legislatures’ Privacy Working Group, I led a discussion last month with legislators from across the country to understand where we stand and resolved that we are in dire need of a common understanding of key terms.

This has motivated the Working Group to begin developing a Privacy Glossary, to help identify the preeminent definitions being selected by State Legislatures and provide the critical analysis of how the terms may result in an inconsistent patchwork of protections. This is critical as the splintering of states’ privacy efforts has invited Congress to more seriously consider federal privacy proposals that have the potential for preemption of state law.

As the California Privacy Protection Agency takes shape, and prepares to lead the country in privacy enforcement in 2023, the Board must realize the real threat that is posed by failing to lead our sister states towards uniform and consistent state laws.

We must provide a helping hand to our sister states and offer partnership and guidance in their own path towards comprehensive privacy laws, or our status as the trailblazer of privacy will be a short-lived one.
—
Editor’s Note: State Assemblymember Jacqui Irwin, D-Thousand Oaks, co-chairs the Task Force on Cybersecurity of the National Conference of State Legislatures and the NCSL’s Working Group on Privacy.