CCPA Regulations Create a Gordian Knot: Either Comply with the Unconstitutional Restrictions or Risk Expensive Enforcement Actions, Says SIIA

SIIA CONTACT: Sharon Burk, (732) 586-6680

CCPA Regulations Create a Gordian Knot: Either Comply with the Unconstitutional Restrictions or Risk Expensive Enforcement Actions, Says SIIA

Washington, D.C. (June 3, 2020) – The Software & Information Industry Association (SIIA), the principal trade association for software, information, digital content, and education technology industries, today issued a statement regarding the California Attorney General submitting the final regulations implementing the California Consumer Privacy Act (CCPA) for approval to the California Office of Administrative Law.

SIIA President and CEO, Jeff Joseph, issued the following statement

“We appreciate the hard work and diligence the California Attorney General dedicated to drafting and consulting on the CCPA regulations. The final regulations, as submitted for approval to the Office of Administrative Law, include an important, common sense clarification to ensure the privacy of student data in the classroom by delineating which businesses qualify as service providers when under contract with a school district.

“We are disappointed, however, that the final regulations fail to clarify important compliance issues and fix the CCPA’s fatal First Amendment flaws with respect to information in the public domain.

“SIIA supports a national privacy standard that is robust, comprehensive, and flexible enough to balance innovation with privacy protections. But that value in privacy – whether state or federal – must be balanced against constitutional norms and requirements, including the First Amendment’s free speech guarantee. The CCPA and its final regulations fail this test.  As we brought to the attention of the California legislature and the Attorney General in multiple comments, the CCPA’s blanket regulation of non-governmentally sourced publicly available information unconstitutionally interferes with protected speech. Moreover, this regulatory overreach will suppress information for use in law enforcement investigations, investigative journalism, identity verification, scientific and medical research, corporate due diligence, finding missing persons, and the protection of our financial markets through ‘know your customer’ and anti-money laundering standards.

“The legislature failed to meet its constitutional and policy responsibilities when enacting the CCPA, but it gave the Attorney General the authority to remedy constitutional flaws through the rulemaking process. The failure to do so forces businesses to either comply with an unconstitutional regulatory requirement or risk expensive enforcement actions to vindicate their constitutional rights. This Gordian Knot is capricious, unfair, and unnecessary.

“The CCPA’s disregard for the First Amendment underscores the need for a preemptive federal solution to the data privacy question. SIIA will continue to work with policymakers on how we can ensure robust privacy protections without discarding our constitutional traditions.”

Comments are closed.