Communications Litigation Today was a Warren News publication.
House Panel OK

Del. Privacy Bill Sponsor Seeks Harmony With Other States

A Delaware House panel advanced a privacy bill based on Connecticut’s comprehensive law. The Technology and Telecommunications Committee at Tuesday's livestreamed hearing voted 6-0, with two members absent, to send HB-154 by Chair Krista Griffith (D) to the Appropriations Committee. While supporting parts of the bill, industry and consumer groups recommended some changes.

The bill strikes a balance between consumer and business interests and harmonizes with existing state laws, said Griffith, who introduced HB-154 Friday: "Consumers are decades behind where companies are in terms of management of their personal information." Griffith worked with the Delaware Department of Justice on the bill. HB-154 puts some control back in consumers' hands, said Owen Lefkon, the department’s Fraud and Consumer Protection Division director.

Vice Chair Cyndie Romer (D) praised Delaware’s bill for aligning with other states. Giving consumers the ability to correct and delete personal data will be helpful for combating identity theft, she added. While supporting the measure, Rep. Sean Matthews (D) said he “would prefer if Delaware would be one of 40 states rather than one of 10 states” with similar privacy laws. The goal wasn’t to “reinvent the wheel,” said Griffith. “We would all love a federal approach on this, but it doesn’t seem to be coming anytime soon.”

Rep. Shannon Morris (R) asked how much it would cost the state attorney general to be the bill’s exclusive enforcer. HB-154 doesn’t have a private right of action. After consulting with DOJ officials at the hearing, Griffith estimated it would cost about $450,000 yearly to pay for four additional employees and public education costs.

Microsoft supported Delaware’s bill at the hearing. But TechNet Mid-Atlantic Executive Director Margaret Durkan dialed in to recommend a higher threshold for whom the proposed law would apply. Currently, the bill applies to businesses that process personal data of at least 35,000 consumers, or at least 10,000 if they get more than 20% of gross revenue from selling data. TechNet wants to increase the first part to 200,000 and the second to 25,000 and 50%.

TechNet’s suggested threshold is too high, said Griffith, noting 200,000 is nearly one-fifth of Delaware’s population. The current proposed thresholds line up with Connecticut’s law on a per-capita basis, the chair said. As the bill moves through the process, Griffith said she will consider amendments including to address business concerns with a provision allowing consumers to request a list of third parties to which a business sold data.

Consumer Reports likes the bill's support for global opt-out controls, so users don’t have to individually communicate their preference with every company, said policy analyst Matt Schwartz. But state legislators should amend the bill so consumers can opt out of all data sharing with third parties, not just data sales, he said. Also, CR opposes the bill’s 60 days' right to cure. At least add a sunset to businesses’ right to fix violations without penalty, like Connecticut did, said Schwartz.

The bill may hurt small businesses, said Tyler Micik, Delaware Chamber of Commerce director-public policy. Also, local and state governments shouldn’t get exemptions, he said.

Tennessee became the eighth state with a consumer privacy law last week (see 2305120043). Indiana and Iowa governors also signed business-friendly laws this year. California, Colorado, Connecticut, Utah and Virginia previously made laws. Montana and Florida legislatures passed bills this year, but they still need gubernatorial approval.