Businesses feel the financial burden for protecting consumers’ data. Meanwhile consumer advocates argue customers would be shocked to know what information businesses have on them.
That was the crux Wednesday of public discussion and debate over Republican Rep. Fiona McFarland‘s consumer data privacy bill (HB 969) in the House Commerce Committee.
Business interests united in opposition, saying the measure would create untold operational and legal expenses. McFarland, of Sarasota, and others, contended businesses just don’t want to be forced to disclose what data they have on their customers.
Companies are collecting, compiling, selling, and sharing consumers’ personal information on everything from biometrics to DNA, to product preferences and buying histories, she warned. Some of the data might be gathered through surreptitious means, she warned.
“If the government had a fraction of the information that private companies have about us, and our thoughts, and our feelings, we would run for the hills screaming,” McFarland said. “And I think we’ve just become so enamored by the convenience that we’ve traded our privacy for that.”
The Commerce Committee concurred Wednesday, approving her measure unanimously, and sending it to the House floor.
The bill would give consumers the right to find out what personal information a company has on them, how the company got it, and what the company does with it. It gives consumers rights to ask that data be deleted or corrected, and to opt-out of having their personal data sold to or shared with other companies. It gives the Attorney General ability to go after companies for civil penalties for violations, perhaps the most alarming provision to business interests.
“Without this bill, there is no way a customer can know what information a company has about them, and how they got it,” McFarland said.
Wednesday’s approval came after McFarland offered a strike-all amendment she said represents efforts to address a number of business concerns. Among other things, the amendment raises the ceiling of minimum size qualifications on companies before being covered under the law. It also delayed implementation until July 2022, to give businesses time to adjust.
“We have taken extreme care to understand any unintended consequences to businesses,” she said.
But that wasn’t enough, based on the unanimity of opposition Florida’s business community offered Wednesday.
Most frequently, opponents warned that the bill’s private right of action provision would open Florida businesses to a whole new level of lawsuits, for consumers’ claims of damages and infringements caused by information collection, use, and sale. California, which has a weaker law than McFarland’s proposal, already has seen 76 class-action lawsuits filed.
William Large, president of the Florida Justice Reform Institute, said the bill opens up five new areas of consumer liability concerns for businesses, regarding potential data breeches, claims that a company failed to delete data, claims a company failed to correct data, the sale of data to other companies, and the sharing of data with other companies.
“All of those could lead to rights of action,” Large said.
There also was a concern about businesses having to set up massive compliance systems to respond to consumers’ demands for personal information.
Brewster Bevis of Associated Industries of Florida said a Florida TaxWatch report showed the bill could cost Florida businesses $36 billion.
“This is a very costly bill to Florida businesses,” Bevis said.
McFarland called the estimated costs “exaggerated” and dismissed some of the criticism as “knee-jerk.”
The boom in collection and dissemination of consumers’ personal data, much of it developed through e-commerce, has gotten out of hand, to the point where most consumers would be shocked to know what companies know about them, and how they learned it, she argued.
“I had one CEO actually tell me, he said, ‘Fiona, you simply must give me a carve-out, me and my business a carve-out, because if I had to tell my customers what information I had about them, they would be so creeped out they would all leave me tomorrow,'” she said.
And there are risks to consumers’ because of that, particularly through data hacking breaches that have become too commonplace, she argued.
“We need to set some basic levels of expectations of privacy. Perhaps it’s innocuous that someone knows what color suits I buy, but in the past, in order to get that information, you would either have to follow me to the mall or look inside my closet. Which I think before we were lulled into complacency with the convenience of e-commerce, that would have completely creeped us out,” she said.
The Senate companion is SB 1734 from Sen. Jennifer Bradley of Orange Park.