Skip to main content

CNBC: California’s costly and complex privacy law highlights need for a national framework


WASHINGTON, DC – Energy and Commerce Republican Leader Greg Walden (R-OR) continues to push for a strong federal privacy bill. According to a Berkeley Economic Advising and Research, LLC report, California’s new privacy law could cost companies up to $55 billion in compliance costs.

In the absence of one national standard, states are coming up with their own privacy legislation. The patchwork of state laws will be costly and complex; and for those small companies, this will move important resources from research and development budgets into compliance costs. The internet does not stop at state lines, this report is yet further evidence of the need for a strong federal privacy bill.

Walden’s biggest concern – how any privacy law will harm the small businesses:

“I also want to make sure these laws, regulations, the federal standards, are not too onerous on small companies. I am an old small market broadcaster and I worry a lot about the high cost of federal mandates on small entrepreneurs and the effect that has on innovation,” Walden said at the Bloomberg Law Leadership Forum last month.

From the report:

“…Small firms are likely to face a disproportionately higher share of compliance costs relative to larger enterprises. Conventional wisdom may suggest that stronger privacy regulations will adversely impact large technology firms that derive the majority of their revenue from personal data, however evidence from the EU suggests the opposite may be true.”

Below is the CNBC article on the report:

California’s new privacy law could cost companies a total of $55 billion to get in compliance
October 5, 2019
By Lauren Feiner

California’s new privacy law could cost companies a total of up to $55 billion in initial compliance costs, according to an economic impact assessment prepared for the state attorney general’s office by an independent research firm.

The review, released publicly by California’s Department of Finance, provided a broad range for the potential costs companies could face to become and stay compliant with the California Consumer Privacy Act (CCPA) if signed into law by Democratic Governor Gavin Newsom.

On the low end, the researchers estimated that firms with fewer than 20 employees might have to pay around $50,000 at the outset to become compliant. On the high end, firms with more than 500 employees would pay an average of $2 million in initial costs, the researchers estimated. The $55 billion researchers estimated companies will initially pay to become compliant is equivalent to about 1.8% of California’s Gross State Product in 2018, according to the report.

Inspired by GDPR

Over a year after the introduction of the GDPR, concerns regarding its impact on larger firms appear to have been overstated, while many smaller firms have struggled to meet compliance costs. Resources explain this dichotomy as large technology companies are often several steps ahead of both competitors and regulators,” the researchers wrote.

Valuing personal data

The researchers point out that the law could contribute to inequity between socio-economic groups, since people with higher incomes can afford to pay for more expensive services that don’t profit from user data. Hayley Tsukayama, a legislative activist at the Electronic Frontier Foundation, said this is a valid concern, but that the issue that predates the CCPA itself. The EFF has supported the introduction of the CCPA.

“I don’t necessarily think the CCPA necessarily creates a system of two tiers, but I do think a system of two tiers does exist right now,” Tsukayama said.

Click here to read the full article.

In the News