Each month, Adstra chief privacy officer Jason Bier compiles a roundup of the latest developments on privacy regulation in the US and abroad. For this latest article, Jason provides analysis for one of the more under-the-radar stories he’s been tracking. Backed by anonymous entities, a pending privacy bill in the Florida legislature could empower tech giants and harm small businesses.
May 4, 2021
Of particular focus this month is a privacy bill developing in the Florida legislature, which is unique in that, as written, it would open up the possibility of tortious litigation through private rights of action – a level of liability that we’ve not seen yet in US privacy legislation. . The House Commerce Committee in Florida recently advanced an amended version of data privacy legislation (HB969) to the full House. William Large, president of the Florida Justice Reform Institute, said the bill opens up five new areas of consumer liability concerns for businesses, regarding potential data breeches, claims that a company failed to delete data, claims a company failed to correct data, the sale of data to other companies, and the sharing of data with other companies, Florida Politics reported. “All of those could lead to rights of action,” Large said. “This is a very costly bill,” Associated Industries of Florida said.
ANA’s Dan Jaffe outlined the flaws of Florida’s privacy legislation in an op-ed for the Tallahassee Democrat. “The bills’ sponsors claim they are targeting “big tech” companies, but the impacts will be felt most deeply by Florida businesses — including small businesses — which will face significantly higher costs and a flood of new lawsuits that could destroy companies and jobs. These costs are certain to be passed on to consumers while affording them little privacy protection. No other privacy law in the country is more threatening to businesses or a greater bonanza to trial lawyers,” he wrote.
The bill is also unique in that nobody knows who is responsible for writing it (was it…Florida Man?). Politico reported on Propel Florida, the group backing data privacy legislation in the state, the lack of disclosure of its donors. The legislative sponsors said they were unaware of the group’s funders. The article notes that the National Federation of Independent Businesses and Associated Industries of Florida oppose the bill. The Florida Justice Reform Institute called the bill “a litigation magnet.” Oracle supports the bill but said it has no idea who is behind Propel Florida.
The outcomes will be costly. Florida TaxWatch released a briefing on the Florida Privacy Protection Act. “Florida TaxWatch applied the same methodology the California Department of Finance used when they evaluated similar legislation filed there, and we found that initial costs of compliance, should this legislation pass, will average around $36.5 billion in aggregate costs across Florida’s economy, mostly on the backs of small and mid-sized businesses. The cost of ongoing compliance will add additional expenses, which could range from $301.2 million to as much as $9.7 billion over the next decade. Additionally, since Florida’s proposed legislation is more expansive than California’s law, the economic exposure to companies could be much higher given that Florida’s proposed changes are more inclusive and complicated than those in the California law. Accordingly, the possibility for civil liability action is also increased,” the group’s president and CEO said.
The pending legislation in Florida is representative of a bigger strategic misfire that underlies a great deal of the privacy legislation today. That strategy aims, essentially, to introduce laws that punish anyone (largely mid-market and small businesses) who does not collect first-party data directly. We’ve already seen how this approach benefits the large tech platforms and makes it easier for them to centralize data, consolidate power, and harm competition.
To learn more, visit adstradata.com.