By Mike Montgomery
Sometimes a good idea can come with unintended consequences. Take. for example, Assembly Bill 375, which is working its way through the California Legislature in the last few weeks of the session.
The bill, introduced by Assemblymember Ed Chau, D-Monterey Park, is well intentioned. It aims to limit how internet service providers (also known as ISPs) can use people’s personal data. Consumers would have to give opt-in consent before the ISPs could anonymize their data and then use it to learn about trends in the marketplace or TV viewing patterns.
But here’s the problem. If the Chau bill passes, it sets different standards in California than it does in other states. And implementing a different set of rules for Californians won’t create better online privacy for consumers. If anything, it will give residents in California a false sense of security.
The rules the state Legislature is proposing only apply to ISPs. This piecemeal approach means a website or app that you use frequently or only once can still collect, share and sell your data. Those ads you see after searching for a pair of shoes or a vacation destination online? Well that information is still being tracked by sites and vendors that would not be impacted by this bill.
A patchwork of regulations creates confusion for consumers, 94 percent of whom say they want their online data subject to a consistent set of privacy rules that apply to all reaches of the internet, according to data submitted to the Federal Communications Commission (FCC).
Inconsistent rules create confusion for consumers as well as entrepreneurs building internet companies in California and elsewhere. The startup community, which provides immense value to our state, would prefer to focus on consistent regulations when building and growing their platforms, not whether or not they are abiding by regulations that change from state to state.
That’s why CALinnovates continues to call for a single, federal policy to protect internet privacy across the country with one set of rules for innovators to follow and consumers to understand.
There is some good news, though. Not only does the Federal Trade Commission (FTC) still have oversight of privacy rules, but Californians are already protected by our “Little FTC Act,” which allows California’s attorney general to enforce federal privacy regulations. Additionally, there are numerous federal laws protecting sensitive consumer information around things like children’s data as well as financial and health-care information.
By enacting this legislation, California also risks its position as a progressive policy leader by setting restrictions on internet companies that don’t exist in other states. The law sends a message that our state is more interested in passing laws opposing the current presidential administration than in passing laws that protect consumers and create conditions for an ongoing virtuous cycle of investment, competition and job creation.
Privacy is essential. That’s why it needs to be tackled in a comprehensive manner by Congress. We need consistent regulations around privacy that apply to everyone, and across the entire internet ecosystem, no matter what state they live in or what their business model says about data collection and use.
Mike Montgomery is executive director of CALinnovates, a non-partisan technology advocacy coalition of tech companies, founders, funders and nonprofits.
This piece was originally published in LA Daily News.