By DEVEN McGRAW and VINCE KURAITIS
This post is part of the series “The Health Data Goldilocks Dilemma: Privacy? Sharing? Both?”
In our initial blog post of February 20th, “For Your Radar – Huge Implications for Healthcare in Pending Privacy Legislation,” we broadly discussed six key issues for healthcare stakeholders in the potential federal privacy and data protection legislation. We committed to future posts comparing and contrasting specific legislative proposals.
What’s happened since then?
Additional bills have been introduced and hearings have been held in both the House and the Senate. The Federal Trade Commission (FTC) also hosted two days of hearings on the FTC’s Approach to Consumer Privacy.
The buzz around federal privacy legislation continues, but as of yet there appear to be no proposals or bills that have emerged as the lead bills.
In the meantime, the clock is ticking. As we mentioned in our February 20th post, a significant catalyst for federal privacy legislation is the desire of companies covered by the California Consumer Privacy Act (CCPA) to have that broadly-applicable, stringent state law preempted by a more company-friendly federal law. The CCPA, which sets stringent consent and other requirements for large companies, or companies collecting or monetizing large amounts of consumer data from California residents, goes into effect January 1, 2020 – less than six months from today.
Is it possible for a legislative body to move quickly on such a controversial topic? Again, California’s experience may be instructive. The CCPA was passed into law and signed on June 28, 2018, about a week after it was introduced. Lawmakers were in a rush in order to keep a popular and even stricter consumer privacy ballot initiative from being put before the California voters. (The sponsors of the ballot initiative agreed to withdraw it if the CCPA were enacted by the June 28th deadline.).
Tech companies held their noses and supported the legislation because changing legislation is easier than changing a ballot initiative adopted by the voters. However, this strategy is not fool-proof. Although the CCPA has been successfully modified once to address some company concerns and to clarify confusing language, more recent attempts to amend it have failed (modification bills are still pending). With the deadline fast approaching, and the prospect for further significant modifications to the CCPA looking less likely, the pressure on Congress is reaching a fever pitch.