A recent report contends that the California Consumer Privacy Act (CCPA), the new comprehensive privacy law that came into effect on January 1, 2020, may “impinge on free speech” and “violate the dormant commerce clause” of the U.S. Constitution.
“Before policymakers can have an honest debate about the pros and cons of the particulars of state data privacy legislation, they must first confront the fundamental question of the constitutionality of their actions. These efforts are wasted if their actions are doomed to be struck down in the courts. It is not enough for policymakers to merely desire a particular solution; he or she must also take actions that will pass constitutional muster.”
While constitutional concerns come into play with federal legislation, say the researchers, state or local data privacy laws like CCPA "face additional concerns and scrutiny because… the internet requires a uniform system of regulation. The internet’s uniquely global nature inherently cannot be dealt with in a fractured manner and, for this very reason, presents constitutional concerns." Even in a scenario in which every state established the same standards for data privacy, “those subject to such laws might still struggle with different standards of enforcement, creating uncertainty for offering similar products across state borders.”
Restrictions in CCPA could “be found unconstitutional” on First Amendment grounds, “given the heavy preference for speech rights throughout First Amendment jurisprudence and such laws potential restrictions or distinctions based on the type or purpose of the data. While there are some cases where speech restrictions are necessary, these restrictions tend to be extremely limited.”
The researchers warn state policymakers to "exercise extreme caution when considering bespoke data privacy standards for their states and consider the potential constitutional issues as well as their desired policy outcomes."