"Already struggling to navigate a few states’ privacy laws,” the expansion of the California Consumer Privacy Act (CCPA) could force businesses “to navigate a patchwork of competing, and possibly conflicting, state privacy laws,” according to a taxpayer advocacy group.

Andrew Wilford of the National Taxpayers Union Foundation granted in a recent op-ed that “protecting consumer privacy is a laudable goal,” but “the CCPA places significant compliance burdens on businesses, many of which are located outside of California or don’t fit the traditional notion of a big tech company.”

A report from the California Attorney General “warned that compliance with the law would cost California businesses $55 billion upfront, and another $16.5 billion over the next decade. The report also found that businesses with under 20 employees would have to spend $50,000 on compliance on average, while businesses with 20-100 employees would be forced to spend double that. And that’s just for California-based businesses. Companies that do any significant business in California are likely to get tied up in the need to comply with the law, meaning that the CCPA effectively applies to most businesses with a national footprint.”

Wilford urged Congress to “consider a single, uniform standard that reduces the compliance burden of protecting consumers from privacy breaches as much as possible,” a goal shared by the Insights Association that we support via our Privacy for America initiative’s new model for privacy regulation favoring positive consumer outcomes instead of privacy processes. “As the national legislative body tasked with maintaining the free flow of commerce between the states, it is Congress’s duty to smooth out growing rifts between states that could harm innovation and economic growth.”