What you need to know about California’s tough new data privacy law

29 Jun 2018

Golden Gate Bridge, San Francisco. Image: ZG/Shutterstock

An unprecedented data privacy bill in the US has been passed by California lawmakers.

GDPR has been in force for a little over a month now and, while companies will still be grappling with the EU regulation for the foreseeable future, eyes have now turned to California where a new privacy bill has given state residents more control over the data collected on them by businesses.

The California privacy law is not without its detractors. The first law of its kind in the US, it was introduced by state assembly member Ed Chau and state senator Robert Hertzberg late last week. Dubbed the California Consumer Privacy Act of 2018 (AB 375), it was brought forward to defeat a tougher privacy-focused ballot that had gained more than 600,000 signatures from California residents. The law is set to come into force in 2020, but negotiations are really just beginning.

California is the most populated state in the US, so the law will be affecting a bulk of the country’s residents. The bill passed both chambers unanimously and was later signed by Governor Jerry Brown.

The bill passing into law will concern off many of the California-based tech firms who objected to elements of the bill. Companies like Amazon, Microsoft, Facebook and Uber had made contributions to a group campaigning against the bill, which now appear to have been fruitless.

What will the California privacy law mean?

  • In basic terms, a company must disclose what data it collects, for what purpose and any third parties it shares that information with.
  • Consumer requests to delete data coming from official channels would need to be honoured.
  • Businesses can offer financial ‘incentives’ for permission to collect consumer information.
  • Companies will not be able to retaliate financially when people opt out of their information being sold.
  • Perhaps the point most companies are nervous about, is the prospect of being fined by Californian authorities.

Chair of the Californians for Consumer Privacy group and real estate developer Alastair Mactaggart spearheaded the original initiative, but withdrew it once the California legislature passed AB 375.

He stated: “As the effort to empower Californians with critical privacy protections continues, we are heartened by and appreciative of the participation of many stakeholders and privacy advocates in this process, and look forward to their continued involvement as the vision for greater consumer privacy becomes reality.”

Mactaggarte added: “It’s my strong belief that these new California rights will soon extend to the rest of the United States.”

There are still a couple of years for big tech firms to fight the law, or at least create a strategy to comply with the incoming rules.

Golden Gate Bridge, San Francisco. Image: ZG/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects