Washington – The Computer & Communications Industry Association will testify today before the Delaware Senate Committee on Banking, Business, Insurance and Technology in opposition to HB 380, legislation that would establish new standards and regulatory requirements for user privacy.
CCIA supports comprehensive privacy legislation that ensures consumers’ personal information is handled responsibly. However, the proposed modifications in HB 380 create additional hurdles for covered businesses to serve their customers without meaningfully improving user privacy.
In testimony to the committee, CCIA will note the following concerns with HB 380:
- All other comprehensive state privacy laws define “sale of personal data” to exclude personal data disclosed to third parties to provide products or services the consumer expressly requests. HB 380, however, deviates from this standard in crucial respects, which make compliance far more difficult to objectively evaluate.
- Designating national origin as “sensitive data” presents operational challenges. Businesses routinely collect data regarding consumers’ national origin in contexts unrelated to immigration enforcement. For example, companies may need customers’ country of origin for tax compliance, shipping receipts, or compliance with foreign and domestic trade laws. The bill treats this routine commercial data the same as sensitive immigration enforcement information.
- Businesses would be required to compile and submit data protection assessments. The U.S. Court of Appeals for the Ninth Circuit has ruled multiple times that such mandatory disclosures constitute compelled speech in violation of the First Amendment.
- Creates unnecessary compliance burdens that do not improve transparency or privacy. Specifically, HB 380 requires controllers responding to consumer requests to list each individual third party with whom they share personal data, rather than categories of third parties. It would also require controllers to make and share such lists before obtaining consent to transfer sensitive data.
- Puts Delaware at a competitive disadvantage and discourages out-of-state businesses from expanding into Delaware by creating a privacy law that does not align with other state laws.
The following statement can be attributed to Kyle Sepe, State Policy Manager, Northeast Region at CCIA:
“HB 380 creates substantial new hurdles for businesses to serve their customers without meaningfully improving user privacy. The bill raises First Amendment free speech concerns while putting Delaware at a competitive disadvantage by creating compliance standards that do not align with other state laws. Delaware policymakers should focus on practical perspectives to ensure a balanced approach that protects consumers while fostering digital innovation.”
