Nonprofits are concerned about negative effects that could come from a new California law regulating how organizations collect and use personal data. The Nonprofit Alliance is looking to amend the law and pressing for “carefully crafted” federal privacy legislation.
As calls for a national data privacy law gain force, an alliance of nonprofit organizations is working with lawmakers in California to amend state legislation that will go into effect next year to clarify that it does not apply to nonprofit organizations.
The measure, set to take effect January 1, requires companies to show users what data is collected on them and what the data will be used for, and to identify any third parties who have been given access to the data. The new law will be enforced by the California attorney general and allows internet users to bring lawsuits if companies fail to adequately protect their data.
The law has sparked concern from trade groups that say they had no opportunity to give input before the bill was passed last summer. They add that California lawmakers didn’t adequately understand how nonprofits use data when they wrote the legislation intending to exclude the community and that the language in the bill limiting their use of consumer data will have a negative impact on nonprofits.
“The nonprofit community supports responsible data use,” said Shannon McCracken, CEO of The Nonprofit Alliance. “We also are keenly aware of the effect that over-reaching legislation can have on our ability to reach beneficiaries, assess need, create awareness, and measure the impact of our work and our donors’ dollars. To that end, The Nonprofit Alliance is working to amend the California privacy statute, as well as seeking enactment of carefully crafted federal privacy legislation, which will serve the interests of both consumers and nonprofits.”
Pressure for a national privacy law has been building after some high-profile missteps last year, including Facebook’s Cambridge Analytica scandal, and the enactment of the General Data Protection Regulation in Europe. Among other things, GDPR requires companies with customers in the European Union to obtain permission before collecting personal data from users.
Calls for comprehensive federal privacy legislation are coming from consumer advocates, members of Congress, and even companies like Apple, whose CEO Tim Cook said in a Time magazine op-ed last week that the Federal Trade Commission (FTC) should form a “data-broker clearinghouse” that lets people track and delete personal information on demand.
There has already been a lot of action on data privacy in the Senate. Last fall, Senate Finance Committee Ranking Member Ron Wyden (D-OR) released a working copy of the Consumer Data Protection Act, which allows consumers to control the sale and sharing of their data and empowers the FTC to police companies that recklessly use and share personal data. Wyden’s bill would also create a national Do Not Track system that lets consumers stop third-party data brokers from tracking them online.
Sen. Marco Rubio (R-FL) and Sen. Brian Schatz (D-HI) have also introduced privacy legislation. The Democratic-controlled House is likely to work with Wyden and other Senate Democrats to introduce companion privacy legislation that would likely pass in that chamber.
“We believe federal legislation is needed so the association community is not burdened by various compliance issues across the country,” said ASAE President and CEO John H. Graham IV, FASAE, CAE. “With 19 states considering privacy legislation, this is a top-of-mind issue for many of our members.”