Reader mail: California Online Privacy Protection Act of 2003

Last week I wrote about the upcoming California Online Privacy Protection Act of 2003 and why I think it's such a dangerous precedent and bad for small business. Yesterday, I got an e-mail from a reader who had a lot to say about it. He agrees it's a dangerous precedent, but thinks it's unenforceable.

I don’t know if it is that big a thing. Sounds like one of those laws that nobody can enforce, so nobody will, at least by the state of California. Now there are other concerns, but California isn’t one of them.

For one thing, the California state AG office will have how many millions of complaints, and we all know that CA is about broke. How many billions of dollars would it cost to prosecute website owners in their own state, much less take this show on the road?

If they want to start lawsuits all over this country and try to prosecute some small businesses in other states, they are going to have to get some serious local cooperation. Most courts don’t like other states creating laws for them to enforce on citizens of their own state. This is not only seen as unmanageable and silly, but a violation of state sovereignty over its own citizens. Neither can any judge enforce the laws of all 50 states on it’s own citizens. It’s not practical.

For the most part, I think if small business people abide by their own state’s laws, they will be fine. I’m not an attorney though I do have a fair background in business law. Yet within seconds, I can think of about 2 dozen defenses to any action based on this law.

Let’s just start with the state sovereignty issue. There are a bunch of arguments against it here. The CA law attempts to regulate the business procedures of citizens and companies from every other state, based on the idea that someone from California can see their site. Nonsense! Every person in California can do business with any company from anywhere in the world. That doesn’t give CA or any state, the right to govern the business practices of every company everywhere in the world. In effect, CA attempts to create and impose Federal law, and it attempts to regulate interstate commerce, something reserved Constitutionally for the Federal government alone.

Consider taking it one step farther. Can anyone in France do business with a company in the States? Sure. But does it give France the right to determine the business policies or the language on the U.S. company’s website? Obviously not! California has no more jurisdiction over businesses in New York than France does. That poses yet one more legal issue. A state must have jurisdiction over those whom it intends to impose regulation and seek remedy. California seeks to extend its jurisdiction every where by Internet proxy. What’s next, every business in the U.S. collecting California state sales tax? Wouldn’t you just love to run a business and have to keep up with the sales tax for 50 states and every time they make a change?

Someone from CA can also call you on your phone and give you personal information. Since (presumably) CA residents do this, the same theory would apply to anyone in business with a phone number. The fact of owning a phone number anywhere in the U.S. does not make you subject to the laws of any state where one of the residents might call you.

Second, if the CA law were to be successful, what happens if other states create similar but contradictory laws? Whose laws does the website owner abide by? You are damned no matter what you do and no matter what your intent is.

Third, it is long been established that to become civilly liable, you must have intentionally done harm or at least have been negligent in a way that cause harm to someone. This CA law does not attempt to address or prevent any harmful action. It does not even address how you store or how you use information that is voluntarily given to you. It only addresses the exact language you put on your site about data you get, if you ever get any. And of course they don’t tell you exactly what to say. You just pretty much have to hope you get it to their liking and if you don’t, you will be getting papers from your friendly local sheriff. Of course you not only must say it in the right way, you must put it where they tell you to. Wow! That even sounds like there might be a first Amendment issue in there too, doesn’t it?

There are laws against you using personal information to harm someone. These laws are already on the books and enforced every day. Violate the law? Then you are liable. But not based on the fact that you COULD violate the law.

Where did we suddenly decide that we could punish people for what they could do, rather than what they have done? What happened to having to commit a crime/offense before you are charged with one? If we are to hold people liable for what they could do, perhaps we should make everyone sign a pledge to not hurt anyone before we sell them a kitchen paring knife. That should stop the murders, don’t you think?

Fourth, every business that does business with any consumer (and most that do business with other businesses), retains personal information. This applies to businesses with and without websites. Doctors, lawyers, phone and utility companies, credit card companies, banks, and even your ISP has personal information on you. What about companies that retain personal information, but they didn’t obtain it online? It’s the same information and it could be misused as well. Yet because the business didn’t collect it online, it doesn’t count? To say that this law should only affect online companies is discriminatory, and this law violates fair trade practices.

I could go on and on with this and I doubt that even the best arguments have yet to be made.

What I suspect is that this law has far more nefarious intentions, and consumer protection is only a guise for its real intent. The very fact that the ACLU is backing this law is in itself a reason to suspect mal-intent. The only purpose of the ACLU in this world is to legally harass those with whom they disagree, and they state that they intend to prosecute those who do not abide by this law.

Call me paranoid, but I just don’t see them going after People For The American Way. Their privacy policy doesn’t have any information on how you can opt-out or change your information. You won’t see them going after PETA. Their site homepage doesn’t even link to a privacy policy. How about the American Atheists… again, no privacy policy.

No, the ACLU won’t use this to hammer like-minded groups. They will use it to hammer organizations that hold views that are contrary to their own agenda. Whether you agree or disagree that the ACLU will use this new found weapon to crush those with whom they disagree, the fact is that they have pushed for this law, they state that they intend to use it, and they almost never go after secularists or left of center organizations. They could use this, they could do it “legally”, and they want it. These are hard facts and not disputable. It’s not hard to envision why they want it. Even if you don’t THINK they would use it this way, do you really want to hand that kind of power over to any organization and TRUST them to not abuse it?

I believe this law has one purpose alone and that is to create an artificial and “legal” way to censor and eradicate the web presence, and go after organizations that certain organizations and individuals would like to eliminate.

Does such a tool necessarily force any organization out of business? No, not if they can afford to hire an attorney to write acceptable language and review it every time any state passes a new law that governs this topic. And as long as they can afford the web changes. A thousand or two might not sound like much to larger companies, but to a small church or civic organization, to a youth camp, a Meals-on-Wheels organization, to a small business starting out or struggling to stay afloat, it can be a lot. It can also be the difference between keeping the website up and having to take it down to avoid prosecution and civil liability. So your organization may not be shut down, but they could surely be bullied right off the web under threat of prosecution from the ACLU or any other organization. That, in effect, drives a stake right in the heart of the First Amendment. When you cannot afford your site because of the legal costs of developing language that is required by a state that you don’t even live in, that is just plain wrong and I believe, unconstitutional.

This isn’t just a potential tool of one organization that is far left either. By the terms of this law, any group, right or left, religious or anti-religious, political groups, candidates, or anyone else with an agenda can use it to cause problems and in some cases, effectively censor their competition by forcing them to either spend time and money they may not have, or shut down. Regardless of your own opinions and viewpoints, it is a scary thing when we pass laws that give a tool to any group to civilly go after other groups that they disagree with when they have done no wrong whatsoever. By all definitions, a small church that allowed you their own members to sign up for a newsletter could be blackmailed into pulling down their site. Forget about whether it WOULD happen. With this new California law, it could happen. The power is there and it is just a matter of time before someone decides to use it.

There are many reasons to be against this law, but I would be less opposed to it if it only mandated the actions and policies of people in California. They voted for these politicians and the punishment for that is that you should have to live under whom you voted for. And only CA residents have the power to vote them out. The rest of us had and have no say-so. I guess that would also add a representation argument to the equation, wouldn’t it?

There is however, a very effective method for sucking the life out of any such law. Make it work TOO WELL. How about a million people filing online complaints against 10 random sites every day until they repeal it? Report everyone! Report the state AG office, every CA senator and congressman all the way down to local school board officials… anyone with a site. Report everything from Wal-Mart down to BobsGiftShop.com. Flood the ACLU and the California Attorney General’s office with complaints.

So you don’t fight the thing you dislike, you use it better than they ever hoped and therefore, use it against them.

I hope, but do not anticipate that CA will revisit this much ill-advised law and that other states will start to think this through. California is not exactly a great place to start to model your legislation after.

Steve Hardman
SeniorMag.com
MealCall.org