For the second time in a week, the California Senate has voted down “The Social Networking Privacy Act” (S.B. 242), a bill that would have required social networking services to, among other things, restrict the sharing of information by default, establish a process for new users to configure privacy settings during registration, and remove all of a user’s personal information from the service within 96 hours of the user’s request for removal.
The bill had been vigorously opposed by leading Internet companies who argued that the bill would harm California’s economy and violate the U.S. Constitution.
S.B. 242, which would have been the first law to specifically target the privacy practices of social networking services, is not the only controversial privacy bill to have been recently introduced in the California Senate. S.B. 761, which would establish a “do not track” requirement to be implemented by the California attorney general, has also raised constitutional concerns. As we noted in this previous post, S.B. 761 would prohibit any covered entity (a term that is broadly defined) from selling, sharing or transferring a consumer’s information. This provision has been amended since our post to provide a limited exception allowing a covered entity to share information when necessary to complete a transaction. Some have argued that even with this exception, the restriction on sharing would violate the Dormant Commerce Clause and the First Amendment.