PERSONAL PRIVACY DATA ACT S.B. 659 (S-2):
SUMMARY OF BILL
REPORTED FROM COMMITTEE
Senate Bill 659 (Substitute S-2 as reported)
Sponsor: Senator Rosemary Bayer
Committee: Finance, Insurance, and Consumer Protection
CONTENT
The bill would establish consumers' rights related to the collection and use of personal data. It also would establish requirements of collectors and processors of personal data. Among other requirements, a collector would have to obtain consent from a consumer before processing the consumer's personal data and provide a privacy notice concerning the purpose of that data processing. The bill prescribes the scope of its provisions, specifying that its requirements would not apply to State agencies or collectors of medical data governed by the Health Insurance Portability and Accountability Act (HIPAA), or to other specified data. The bill would allow the Attorney General and consumers to initiate civil actions for violations and would create the Data Broker Registry and two funds for administration of the bill's provisions.
BRIEF RATIONALE
According to testimony, data collection is one of the biggest industries in the world. Reportedly, personal data is bought, sold, and aggregated without the knowledge or permission of the people referenced in the data, and inaccuracies and data leaks can have harmful impacts on these people. Some have argued that the entities collecting personal data should be legally required to obtain consent to collect the data and legally responsible for keeping the data safe, and so the bill has been suggested.
Legislative Analyst: Nathan Leaman
FISCAL IMPACT
The bill would have an indeterminate fiscal impact on the Department of Attorney General and a minor, negative fiscal impact on State circuit courts. The Attorney General would incur expenses to create and post an online registry for data brokers; however, the bill would allow the Attorney General the discretion to adjust the registration fees to cover this expense. The fees would go into the Data Broker Registry Fund and could be used by the Attorney General to maintain the registry. The Fund would not lapse into the General Fund at the end of the fiscal year. Maintenance of the online registry is likely to cost less than its initial setup, so it could be possible that such fees for data brokers could be adjusted down in subsequent years after initial setup. The fees also would depend on the number of data brokers that registered. It is not known how many data brokers currently operate in Michigan. For comparison, Vermont and California created similar registries in 2018 and 2019, respectively, and as of July 2021, there were 348 registry entries in Vermont and 444 in California. Vermont charges a $100 annual registry fee.
The Attorney General also would incur investigation and litigation costs under the bill to the degree the Attorney General pursues violators of the bill. Similar to the regulatory structure for registration fees, civil fines of $5,000 for a failure to cooperate with an Attorney General investigation and civil fines of $7,500 for a violation of the bill would be deposited into the proposed Consumer Privacy Fund. The Attorney General would use the Fund to offset the costs to enforce the bill. Lastly, civil action filing fees for the Attorney General would be waived
under the bill. This would save some minor litigation costs for the Attorney General, but circuit courts would not collect those fees.
The bill likely would not have a significant fiscal impact on the Department of Treasury. It is unlikely that the average balance of the Consumer Privacy Fund or the Data Broker Registry Fund would exceed $1.0 million during a fiscal year. Associated costs with managing funds would be relatively low and current appropriations likely would be sufficient.
Date Completed: 12-13-24 Fiscal Analyst: Elizabeth Raczkowski
Michael Siracuse
This analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official statement of legislative intent.