- May 4, 2011
- Posted by: Seth Heyman
- Categories: Business Law, Featured, Internet Law
As Congress debates the merits of two proposed pieces of Internet privacy legislation, a California senator recently introduced SB 761 in the State Legislature, which would require Internet companies to notify California residents about their data collection practices and to provide an opt out option. If passed, the law would forbid companies from collecting or using covered information if a California consumer exercises his right to opt out.
Under the Bill, the California Office of Privacy Protection and the attorney general would adopt regulations to establish a required method to be adopted by Internet companies through which consumers can opt out of online collection and use of their personal information, which the bill defines as a consumer’s name, address, telephone number, e-mail address, IP address, preferences, and tracking data.
The introduction of a bill like SB 761 is not a first for California, which was the first state to adopt a data breach notification law and a do-not-call list. SB 761 applies to all “connected devices,” including personal computers, tablets, smartphones, and Internet TVs, and would require covered entities to disclose to consumers their practices on collecting, using, and storing information.
Several consumer groups support the bill, including Consumer Watchdog, Privacy Rights Clearing House, Common Sense Media, and the California Consumer Federation.
But what about the Federal legislation? Under the Supremacy clause of the U.S. Constitution, the power to regulate interstate commerce lies solely with Congress, and not the states, and no medium reaches across state lines more significantly than the Internet. Thus, there is a substantial likelihood that the proposed California legislation would be pre-empted (and nullified) by the Federal law, once it is enacted. In the meantime, however, should California and other states adopt their own state-specific privacy laws, it would likely result in a tangled web of potentially conflicting regulations, and the burdens imposed on Internet companies would be daunting, to say the least.
Significantly, the California law includes a private right of action, specifies damages of up to $1,000 per violation, and permits the possibility of punitive damages. Class action lawyers are already salivating.