California AG says privacy law enforcement to be guided by willingness to comply

WASHINGTON (Reuters) - California’s attorney general is not planning an extension of a Jan. 1 deadline to comply with the state’s new digital privacy law but said enforcement efforts by his office will be guided by companies showing a willingness to comply.

FILE PHOTO: The logos of mobile apps, Google, Amazon, Facebook, Apple and Netflix, are displayed on a screen in this illustration picture taken December 3, 2019. REUTERS/Regis Duvignau

The California Consumer Privacy Act (CCPA), is a landmark digital privacy law that allows Americans to request their data be deleted from e-commerce websites and social media, and opt out of having data sold to third parties.

The law is likely to impact a broad swath of companies from Facebook Inc and Alphabet Inc’s Google, to retailers like Walmart and Inc, beginning next year.

Indications of how the state will handle enforcement is being tracked closely as companies scramble to invest in compliance.

“We will look kindly, given that we are an agency with limited resources, and we will look kindly on those that ... demonstrate an effort to comply,” California Attorney General Xavier Becerra told Reuters in an interview on Tuesday.

“If they are not (operating properly) ... I will descend on them and make an example of them, to show that if you don’t do it the right way, this is what is going to happen to you.”

The privacy bill was passed in June 2018 with a compliance deadline of Jan. 1, 2020. The state proposed draft regulations around CCPA in October 2019 and opened them to public comment until Dec. 6. It will be enforced by July 1, 2020.

Companies have asked the attorney general to give them a seal of approval, which would allow consumers to know if a company’s privacy program meets state standards, but Becerra dismissed the idea.

“Within such an evolving field, how do you make sure that everyone is conforming to what the seal represents,” Becerra said.

An economic impact assessment prepared for the AG’s office by an independent research firm found compliance with the regulations will cost businesses between $467 million and $16.5 billion between 2020 and 2030.

Federal lawmakers are looking at California as a guide, as they consider a federal privacy law. Reuters reported in September that a federal privacy bill is not likely to come before Congress this year, as lawmakers disagree over several issues including preemption of state laws.

Becerra said California will make every effort to stop any attempt to overrule state laws.

Last week, a draft consumer privacy bill from Republican U.S. Senator Roger Wicker, who chairs the Commerce Committee, proposed nationwide rules for handling of personal information online and elsewhere that would override state laws.

That followed a privacy bill introduced by the top Democrat on the committee, Maria Cantwell.

Reporting by Nandita Bose in Washington