By a vote of 29-11, the Florida Senate passed its version of HB 969 and sent the bill back to the House for consideration of the rewritten version. At this point, there are only two legislative options remaining: (1) the House passes it without any changes, or (2) no privacy law is adopted in Florida during this legislative session. There is not enough time for the House to change the law again and have Senate reconsider/pass it by tomorrow. The odds are high that the House will pass HB 969 tomorrow and Governor DeSantis will sign it.

Assuming that’s the case, advocates on all sides of this law will have “won” and “lost” something, but the consequences of these last few months will have an enormous impact on privacy law moving forward for much more significant reasons than the bill itself. Continue Reading Florida Privacy Bill Passes Penultimate Legislative Hurdle; Significant Implications Follow

With only three days left in the legislative session, and on the morning when my Op-Ed was published by the Tallahassee Democrat, the Florida Senate weighed in on the House’s passage of HB 969.  There were two ways it could have done that: (1) take the House version sent to the Senate via messages and make changes to and vote on that version; or (2) ignore the version provided via messages and simply pass the pending version of SB 1734 in the Senate then send that version to the House via messages. It chose path #1. Moments ago, the  Senate passed a strike-all amendment that struck the entirety of HB 969 and replaced it with a modified version of SB 1734. A separate post will discuss the modified version of SB 1734 in greater detail, but this post briefly explains where things stand now and what to expect next.

Continue Reading What Just Happened With Florida Privacy Legislation?

Within the week, we will know whether Florida will adopt the most aggressive privacy law in the country, something more moderate, or nothing at all. But an issue that has not received enough attention is the reason HB 969 and SB 1734 have received more support in a “red” state than any other privacy law. It is a reason that will come full circle to adversely impact the contingency of supporters using privacy laws as a way to attack “Big Tech.” Continue Reading The Long Game: Why Parler Has Everything To Do With Florida’s Privacy Legislation

The Florida House of Representatives has officially passed HB 969, which would create the most aggressive privacy law in the United States. The bill would apply to companies that generate $50 million or more in annual gross revenue and collect a significant amount of personal information about Florida residents. In addition to imposing CCPA-like compliance obligations on companies, it creates the broadest private right of action ever seen in privacy law. The private right of action for $100 to $750 per consumer per incident would apply to: (1) data breaches of broadly-defined personal information; (2) a company’s failure to comply with a consumer’s request to delete personal information; (3) a company’s failure to comply with a consumer’s request to correct personal information; and (4) a company’s failure to comply with a consumer’s request to opt-out of the sale of their personal information. Further encouraging these lawsuits, the bill would allow for attorney’s fees and costs (for the consumer only, not a prevailing defendant).

House Rep. Ben Diamond (a Democrat and someone who is destined to run for Florida Governor and/or Attorney General at some point in the future) expressed concern on the House Floor about the impact of the law on Florida businesses. He implied that enforcement by the Florida Attorney General, instead of a private right of action, would be the better approach. Nevertheless, he ultimately voted in favor of the bill. The only representative to vote against HB 969 was Rep. Anthony Sabatini (R).

In short, if ever there were a question as to whether the Speaker of the House is fully aligned with the plaintiffs’ bar, the movement of HB 969 through the House provided certainty that he is.

Attention now turns to the Florida Senate, which is considering SB 1734, a more moderate privacy law that does NOT contain a private right of action, but allows the law to be enforced by the Florida Attorney General’s office (like Florida’s data breach notification law). The bill still needs to go through a second and third reading, which is not expected to be completed until early next week (if at all). If the Senate does not pass its version by the end of next week, there will be no change in Florida privacy law.  If the Senate passes SB 1734, a race will begin with many behind-the-scenes negotiations taking place to determine which version of the two versions (or perhaps a modified version of one of them) will become law before the legislative session ends next Friday. These negotiations may include the House Speaker and Senate President pushing for and prioritizing their favorite pieces of legislation (it’s clear from HB 969’s ability to soar relatively untouched through the House how important that law is to the House Speaker).

Next week we can expect “The Big Dog” to get more involved in this dispute and put his finger on the scale, likely pushing one version over the other. But as it stands right now, Team Open-The-Floodgates has scored a touchdown in the fourth quarter to take the lead, but Team Protect-Florida-Businesses has the ball and is driving.

 

DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP, or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site are for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.

Despite concerns expressed by House Democrat Ben Diamond about the private right of action, HB 969 passed second reading in the Florida House of Representatives today. The bill now moves to a 3rd reading, which is the last step to passage by the House.

HB 969 would be the most aggressive privacy law in the country, allowing for a private right of action for: (1) data breaches of personal information (broadly defined); (2) a company’s failure to comply with a consumer’s request to delete personal information; (3) a company’s failure to comply with a consumer’s request to correct personal information; and (4) a company’s failure to comply with a consumer’s request to opt out of the sale of their personal information.  Unlike the CCPA, which limits the data breach private right of action to breaches of sensitive information and provides a right to cure, HB 969’s private right of action would apply to a data breach of the broad definition of personal information and the bill contains no opportunity to cure.  It is possible an amendment to HB 969 could be introduced between now and the 3rd reading.

Meanwhile, the Senate version of its privacy law (SB 1734) awaits second reading. That bill would create a more moderate version of a privacy law that would not include a private right of action, would be limited to the sale of personal information, and would be limited in scope to companies that buy or sell a significant amount of personal information.  The Senate version has its own problems, like the fact it adds requirements for “sensitive data” but doesn’t define what that means, and the fact that it requires companies to comply with opt-out requests within two days.

Assuming both versions of the law pass their respective chamber, the Florida Legislature would then have until April 30th to pass a unified version.

In short, we have entered the “fourth quarter” and the score is tied.

 

DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP, or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site are for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.

Today, the Florida House of Representatives Commerce Committee voted unanimously to allow HB 969, which would be the most aggressive privacy law in the country, to move forward for a full House floor vote. This post explains what happened, what will happen next, and some of the unique political forces and considerations behind HB 969.     Continue Reading Have Privacy Advocates Found A New Path Forward in Red States?

The Florida Senate appears poised to hit the brakes on privacy legislation that has thus far soared through committees in both legislative chambers.  The House version (HB 969) and the Senate Version (SB 1734) would have not only created the same consumer privacy rights as the CCPA, the bills would have created massive private rights of action, far broader than any other privacy law in the United States.  

Today, a “strike all” Committee Amendment was offered to the Senate version.  TRANSLATION – the Senate Rules Committee, where SB 1734 is now pending, is proposing a “friendly amendment” that would strike the entirety of SB 1734 and replace it with a new version. Continue Reading Momentum Slows for Florida Privacy Law; What’s Next?

The Florida Senate’s version of a new comprehensive privacy law (a.k.a. the “Florida Privacy Protection Act” (FPPA)) passed unscathed out of the Senate’s Committee on Commerce and Tourism yesterday. The bill’s sponsor fought off two proposed amendments: one that would have eliminated the private right of action and a second that would have required more than just a revenue threshold for the law to apply. This post describes what makes the FPPA more aggressive than the CCPA, it provides a summary of the Senate Committee hearing, and it shares some late-breaking news about the House version (HB 969).

Continue Reading Senate Version of Florida Privacy Law Moves Forward; House Version Makes Class-Action Lawsuits Even Easier