Are California's New Data Privacy Controls Even Legal?

Data privacy hardliners are pretty jazzed about the California Consumer Protection Act , which is slated to take effect on the first of the next year.

While many outside of the Golden State may not have heard of this bold foray into computing regulation, activists hope that it will soon effectively control how much of the country is allowed to process data.If they can't have an European Union-level General Data Protection Regulation , then at least this state law can kind of regulate through the back door without the pesky need to go through Congress.

Most technology companies are based there, and even those in other states would be fools to lock themselves out of California's population of almost 40 million.

That's easy to say if you drafted the state law that will rule over the rest of the country, but non-Californians who object to such controls will obviously feel differently.

Imposing rules that make it harder for out-of-state companies to transact with state consumers and businesses violates the dormant commerce clause and will likely be struck down.

Legislation like the Graham-Leah-Bliley Act, the Health Insurance Portability and Accountability Act , and the Children's Online Privacy Protection Act already govern data practices relating to financial, health, and children's data. Where broad state laws come into conflict with existing specific federal data law they may be trumped by the federal law rendering them less comprehensive than they initially seemed.

Far from being a slam dunk for bringing GDPR-style privacy controls to the US, state laws like the CCPA may actually fail to pass constitutional muster.

The greatest threat to protections for our freedom may be people's fear that people who disagree with them are exercising their rights.

Original article