Republish
The impending fallout from various new data privacy policies
We love that you want to share our stories with your readers. Hundreds of publications republish our work on a regular basis.
All of the articles at CalMatters are available to republish for free, under the following conditions:
-
- Give prominent credit to our journalists: Credit our authors at the top of the article and any other byline areas of your publication. In the byline, we prefer “By Author Name, CalMatters.” If you’re republishing guest commentary (example) from CalMatters, in the byline, use “By Author Name, Special for CalMatters.”
-
- Credit CalMatters at the top of the story: At the top of the story’s text, include this copy: “This story was originally published by CalMatters. Sign up for their newsletters.” If you are republishing commentary, include this copy instead: “This commentary was originally published by CalMatters. Sign up for their newsletters.” If you’re republishing in print, omit the second sentence on newsletter signups.
-
- Do not edit the article, including the headline, except to reflect relative changes in time, location and editorial style. For example, “yesterday” can be changed to “last week,” and “Alameda County” to “Alameda County, California” or “here.”
-
- If you add reporting that would help localize the article, include this copy in your story: “Additional reporting by [Your Publication]” and let us know at republish@calmatters.org.
-
- If you wish to translate the article, please contact us for approval at republish@calmatters.org.
-
- Photos and illustrations by CalMatters staff or shown as “for CalMatters” may only be republished alongside the stories in which they originally appeared. For any other uses, please contact us for approval at visuals@calmatters.org.
-
- Photos and illustrations from wire services like the Associated Press, Reuters, iStock are not free to republish.
-
- Do not sell our stories, and do not sell ads specifically against our stories. Feel free, however, to publish it on a page surrounded by ads you’ve already sold.
-
- Sharing a CalMatters story on social media? Please mention @CalMatters. We’re on X, Facebook, Instagram, TikTok and BlueSky.
If you’d like to regularly republish our stories, we have some other options available. Contact us at republish@calmatters.org if you’re interested.
Have other questions or special requests? Or do you have a great story to share about the impact of one of our stories on your audience? We’d love to hear from you. Contact us at republish@calmatters.org.
The impending fallout from various new data privacy policies
Share this:
By Pat Fong Kushida, Special to CalMatters
Pat Fong Kushida is president and CEO of the California Asian Chamber of Commerce.
The road of best intentions can be unintentionally fraught with setbacks and unexpected dead ends when too many “cooks in the kitchen,” get their hands on the recipe. This is a problem we are seeing borne out with the confusing and disjointed implementation of various new data privacy policies.
Good laws make good sense. But until more is understood about the challenges of complying with existing data privacy statutes, the Legislature and regulators need to put the brakes on adding new requirements that harm California business while they are trying to recover from significant pandemic-related impacts. For our Asian American-owned businesses, nearly one-third had reported that their operating capacity decreased by more than 50% in 2021, according to a UCLA survey. Additional mandates will make business recovery even harder.
The California Consumer Privacy Act, which governs the collection, use and disclosure of consumers’ “personal information,” was enacted in 2018 and took effect Jan. 1, 2020. In September of 2019 – months before the new law even took effect – the Legislature passed and Gov. Gavin Newsom signed into law five major amendments to the privacy act, one day after then-Attorney General Xavier Becerra released proposed new implementing regulations. In 2020, the Legislature imposed multiple additional requirements via at least four new laws, and in November of that year, voters approved the California Privacy Rights Act, which significantly amended and expanded the California Consumer Privacy Act.
Additionally, the California Privacy Protection Agency, the governing agency created by the California Privacy Rights Act, has proposed implementing new regulations. The Department of Justice announced its intent to begin an “investigative sweep” of businesses operating in alleged noncompliance with provisions of the California Consumer Privacy Act. This is very worrisome, especially for those of us representing minority-owned small businesses who historically are unaware of new government mandates and changes.
The chaotic, rapid-fire onslaught of privacy laws and regulations threatens to eclipse a sincere and well-intentioned effort to protect California consumers.
It is highly likely businesses will be paying higher costs. According to an economic analysis report prepared for the attorney general, the original California Consumer Privacy Act presented operational and compliance costs which could total $55 billion.
The new privacy laws and regulations will impact most California businesses. Many businesses are under the impression that the data privacy rules and regulations only apply to big tech and large corporations, but in reality, it is our small- and medium-sized businesses that will be impacted the hardest, either directly by having to develop a comprehensive and expensive privacy infrastructure or indirectly when free products and services are eliminated or moved to a subscription model.
The laws are so confusing, complex and ever-changing that many companies are simply not complying. A recent study by technology security firm CYTRIO found that 89% of affected companies in the U.S. are not compliant or only partially compliant. Only 11% overall have automated Data Subject Access Requests, a key element that gives consumers the right to access their own data; almost half (45%) utilize expensive, time-consuming and archaic processes like email and web forms to comply with requests, and 44% lack any mechanism whatsoever.
It’s not that they don’t want to comply; after years of changes and new requirements, they don’t know how to comply.
But the worst damage is to everyday Californians. Consumers, likely confused from the start, have no idea of the potential loss of free services and introduction of paywalls that may result from a landslide of mandates and limitations on the operations of the internet.
Before more damage is done, the California Legislature and California Privacy Protection Agency need to commit to a redemptive and measured approach to data privacy issues.
Lawmakers must stop making changes to the existing laws and work in concert with affected stakeholders, as well as review existing laws and analyze the positive and negative impacts of current regulations. And only then should the Legislature and the California Privacy Protection Agency consider whether additional policies are necessary.
_____
Pat Fong Kushida has also written about why California lawmakers must commit to small, minority-owned businesses and why an Asian American Pacific Islander should replace Kamala Harris in the U.S. Senate.
_____
related commentary
New Privacy Protection Agency needs more time to develop regulations