Version 1.1: Florida Attempts a Privacy Law, Again

Lowndes
Contact
LinkedIn
Facebook
X
Send
Embed

Last year, I wrote about the Florida Legislature’s, ultimately failed, attempt to pass a consumer privacy law. The law was generally patterned after California’s Consumer Privacy Protection Act (CCPA). Negotiations over the Florida version broke down over the inclusion of a private right of action, which would allow consumers to sue a company for data privacy violations.

While not the only proposed privacy bill currently winding its way through the Florida legislature, the same Florida legislator has now proposed version 1.1 of last year’s failed bill. The new bill is Florida SB 1864.

You will recall that the original proposed bill enjoyed some bi-partisan support. Waggishly, this was because Democratic politicians liked the consumer protection provisions, and Republican politicians liked that it took aim at social media companies.

Version 1.1 of the new bill makes a notable change in how it defines a “controller.” The term, lifted from the European General Data Protection Regulation, is the nomenclature used to indicate the companies that must comply with the new law, if passed. The new Florida proposal now defines a “controller” as a company doing business in Florida for profit and that either has the right to determine how consumer data of 100,000 or more consumers is processed, or, controls or processes consumer data of 25,000 or more and derives 50 percent or more of its global annual revenue from selling such data.

This new definition of controller is interesting because California’s CCPA law includes pure-revenue triggers (revenue greater than $25 million) that do not require a data processing minimum. The net effect in California is that a company could be required to comply with the CCPA even though it does not deal in a volume of consumer data. Obviously, this leads to a broader application of the California law.

By contrast, the Florida proposal, by speaking only in terms of personal data volume as a trigger, reduces the overall application of the proposed law. Presumably this Florida trigger more squarely targets technology companies or large consumer companies.

Depending on your point of view, this is “good” for smaller and medium-sized business, “bad” for companies dealing any meaningful volume of consumers, and “bad” for consumers who would (should?) appreciate enhanced privacy protections.

I intend to write a series of these reviews as the various bills progress. The next will discuss the proposed protections of the bill and some of its burdens on business swept into its coverage.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Lowndes | Attorney Advertising

Written by:

Lowndes
Lowndes
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Lowndes on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide