The California Privacy Protection Agency will conduct an investigative sweep of data broker registration compliance under the state’s Delete Act, the CPPA said Wednesday. The law requires data brokers to register with the CPPA and pay an annual fee. Starting in 2026, data brokers must honor consumer requests to delete all their personal information.
The FCC will coordinate with the California Privacy Protection Agency (CPPA) on privacy efforts, the federal agency said Tuesday. The FCC’s privacy and data protection task force signed a memorandum of understanding with the CPPA, which is charged with rulemaking and enforcement related to California privacy laws, including the California Consumer Privacy Act. Under the pact, the two agencies will “share close and common legal interests in working cooperatively to investigate and, where appropriate, prosecute or otherwise take enforcement action in relation to privacy, data protection, or cybersecurity issues.” FCC Chairwoman Jessica Rosenworcel said, “Coordinated state and federal partnerships like this are essential to our privacy work.” CPPA Executive Director Ashkan Soltani said the partnership will “help increase trust and security in the digital marketplace.” CPPA Enforcement Head Michael Macko added, “collaboration is key to vigorous enforcement.” Also Tuesday, the CPPA released an agenda for its Nov. 8 board meeting. The agency may vote to advance draft rules, including on automated decision-making technology, risk assessments, and cybersecurity audits, to a formal rulemaking, it said. The board also has plans for considering possible changes to data broker registration requirements.
California Gov. Gavin Newsom (D) vetoed a privacy bill the same day that he signed a measure aimed at protecting children on social media websites. On Monday, the Computer & Communications Industry Association (CCIA) applauded Newsom’s veto of a privacy bill on Friday that would have required global opt-outs in web browsers and mobile operating systems. But Consumer Reports slammed the decision to kill the bill that was sought by the California Privacy Protection Agency (CPPA). Meanwhile, CCIA slammed his signing of legislation meant to reign in algorithms on social platforms.
Fewer than 1% of Californians exercised opt-out rights with the largest data brokers last year, a Consumer Watchdog report released Thursday found. The consumer group said it analyzed opt-out numbers for Experian, Acxiom and LiveRamp. People probably aren’t exercising their rights under the California Consumer Privacy Act (CCPA) in higher numbers “because these rights aren’t user friendly, as opting out has to be done website by website, and that takes forever,” said Justin Kloczko, Consumer Watchdog tech and privacy advocate. That could soon change, he said. Under the 2023 Delete Act, Californians will be able to delete all data that a data broker collects in one step starting in 2026, said Kloczko. In addition, if Gov. Gavin Newsom (D) signs AB-3048, which passed the legislature last month (see 2408290005), consumers will be able to opt out from the sale of and sharing data on all websites through a required option in web browsers, he said.
The California Privacy Protection Agency sought feedback on proposed data broker registration rules, the CPPA said Friday. Comments are due Aug. 20. The CPPA will also hold a virtual hearing that day at 1 p.m. PDT. California’s 2023 Delete Act authorized the agency to make registration rules. “The proposed regulations address common questions and obstacles that surfaced for data brokers in the initial registration period,” including about registration fees, statutory definitions and requirements for registration, registry updates and website disclosures, the CPPA said.
The Vermont legislature passed bills on privacy and kids’ online safety Friday. After back-and-forth on amendments, the House and Senate agreed to a comprehensive data privacy bill (H-121). While final text wasn’t available Monday, “reports indicate that it has a narrow private right of action focused on data brokers and larger data holders and limited to the bill’s sensitive data and consumer health data provisions,” Husch Blackwell attorney David Stauss blogged. That might be a first among states (see 2403220040). The legislature also agreed to an age-appropriate design code bill (S-289) like the California law. Pouncing immediately, tech industry group NetChoice urged Vermont Gov. Phil Scott (R) to veto S-289. The bill “would chill lawful speech online and negatively impact Vermont’s vibrant small business community,” wrote NetChoice General Counsel Carl Szabo: “Similar requirements … have already been challenged and are currently enjoined.” Design It For Us, a youth advocacy group that originally campaigned to pass California’s kids code law, applauds the legislature “for working to protect young people from online harms and passing much needed Kids Code legislation despite industry efforts to defeat it,” said co-Chair Zamaan Qureshi in a statement. Accountable Tech, another supporter of such laws, also lauded passage of S-289. “It’s clear that momentum is on the side of young people fighting for safer online spaces as Vermont becomes the third state to pass age-appropriate design code legislation with the Vermont Kids Code,” said Executive Director Nicole Gill.
TikTok will challenge the newly approved “unconstitutional” law forcing ByteDance to sell the platform, it said in a statement Wednesday as President Joe Biden signed the measure.
Legislation forcing ByteDance to divest TikTok or face a U.S. ban will “trample” the rights of 170 million users, TikTok said in a statement. The House on Saturday approved a package of foreign aid bills, including the divestment legislation and a bill that would ban data brokers from transferring sensitive data of American users to adversarial foreign nations like China. The Protecting Americans’ Data from Foreign Adversaries Act (HR-7520) and the Protecting Americans from Foreign Adversary Controlled Applications Act (HR-7521) were attached to the 21st Century Peace Through Strength Act, which the House passed 360-58. TikTok said Monday: "It is unfortunate that the House of Representatives is using the cover of important foreign and humanitarian assistance to once again jam through a ban bill that would trample the free speech rights of 170 million Americans, devastate 7 million businesses, and shutter a platform that contributes $24 billion to the U.S. economy, annually." The foreign aid package will “bolster security and stability in the Indo-Pacific,” President Joe Biden said in a statement Saturday, urging the Senate to send it “quickly” to his desk. Senate Majority Leader Chuck Schumer, D-N.Y., said Democrats and Republicans “locked in an agreement enabling the Senate to finish work on the supplemental with the first vote on Tuesday afternoon.” The Senate is on a path to pass the “same bill soon,” he added. House Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., and ranking member Frank Pallone, D-N.J., welcomed the inclusion of HR-7520 and HR-7521: The House vote “is a clear victory for protecting Americans online and off.” Senate Intelligence Committee Chairman Mark Warner, D-Va., said he’s “very glad to see progress toward compelling a divestiture of TikTok from its parent company, Byte Dance, which is legally beholden to the Chinese Communist Party. This is a strong step forward to shore up our national security against malign influence, and it couldn’t come at a more important time.”
Speaker Mike Johnson, R-La., is expected to back legislation that would maintain the status quo for the intelligence community’s surveillance authorities, civil liberties advocates said Tuesday (see 2404050049). The House is expected to vote Thursday on the Reforming Intelligence and Securing America Act, which would reauthorize the Foreign Intelligence Surveillance Act and the controversial Section 702. The House Rules Committee was scheduled to hold a hearing Tuesday about the legislation and what provisions to consider on the floor. Johnson supports the House Intelligence Committee’s approach, which omits the House Judiciary Committee’s warrant requirement, New America Open Technology Institute Policy Director Prem Trivedi said in a statement Tuesday. Privacy advocates seek a warrant requirement when intelligence agencies search for American citizens' data in the FISA database. In addition, they want a warrant requirement when agencies purchase U.S. citizens’ information through data brokers. Johnson is backtracking on proposals he supported as a rank-and-file member, Demand Progress said. The House Intelligence Committee wants an expansion of FISA authorities and to subject additional network-connected businesses to gag orders that facilitate warrantless FISA surveillance, said Policy Director Sean Vitka. Johnson’s office didn’t comment Tuesday. House Republican leadership previously abandoned a proposal to consider FISA provisions from both committees on the floor (see 2312120073).
The House plans to vote this week on foreign surveillance legislation, an aide for House Speaker Mike Johnson, R-La., told us Friday.