Scrutinize 'Arbitary' Carve-Outs in State Privacy Laws, Urge UCLA Students
Reducing the number of exemptions in states’ comprehensive privacy laws, “particularly where they may seem arbitrary and carve out protections for large industries, may serve as low-hanging fruit for regulators,” said University of California-Los Angeles law students Nicola Haubold and J.Y. Khoo in a Monday op-ed for TechPolicy.press.
Sign up for a free preview to unlock the rest of this article
The students gave the example of an exemption for ski area operators in the Colorado Privacy Act as a seemingly arbitrary carve-out. However, they also flagged many other types of exemptions, including for financial data, that make many states' privacy laws less than comprehensive in their view.
“While consumers may be misled to believe that ‘comprehensive’ state data privacy laws offer more protection than they actually do, technology companies may benefit from this misdirection,” they wrote.
“With this in mind, privacy advocates should continue to push for stronger data privacy laws … and continue to challenge the country’s current patchwork of ‘comprehensive’ state data privacy laws -- paying special attention to the ways that numerous exemptions may weaken consumers’ privacy rights, especially across state borders in the absence of a federal data privacy law.”