California recently passed a data privacy bill with similarities to the European Union’s General Data Protection Regulation (GDPR). This state-wide legislation could serve as a template for the federal government. After all, it is seeking solutions in the wake of several data breaches, including the Facebook-Cambridge Analytica scandal.
The bill, which was signed by California Gov. Jerry Brown on June 28, “broadens the definition of what constitutes personal information,” according to the Wall Street Journal. In addition, it “gives California consumers the right to prohibit the sale of personal data to third parties and opt out of sharing it altogether.”
GDPR and California Privacy Bill
Much like GDPR, this bill applies to behemoths, such as Google, LinkedIn and Facebook, and small internet companies alike. Consumers will have more options for opting out of data sharing practices. Also, they will be able to ask for deletion of their personal information and request companies refrain from selling it. This law grants the right for consumers to know the commercial purpose for collecting data and the categories of sources from which it is collected.
Companies won’t be able to charge a premium to those who don’t want to share their data. Most importantly, perhaps, is the state attorney general’s ability to fine businesses that fail to protect the sensitive data of consumers from cyber threats. The data of children under 16 will be prohibited from sale without consent.
Since GDPR took effect in May 2018, all companies who control or process EU citizens data have been focused on consent, which means getting permission from users in Europe to collect, store and share their personally identifiable data. Making this one of the most onerous and costly regulations for businesses all over the world. Is the GDPR coming onshore to California? This new California legislation puts the responsibility on users to opt out of having their data used, said Quyen Truong, an attorney at Stroock & Stroock & Lavan LLP and as reported by WSJ.
Reaction to the Legislation
Already, the firms of Silicon Valley are reacting to the news. Facebook has said it supported the bill. But many expect the big companies to seek concessions. The bill will not take effect until 2020, and it can be amended in the meantime.
In fact, lawmakers have suggested it could use some enhancement, according to an article in Time. Republican Assemblyman Jay Obernolte of Hesperia said the parts of the bill allowing consumers to sue companies over a breach require narrowing.
Other critics mentioned in the Time article are concerned the bill could have influence over industries other than technology. For example, newspapers worry the bill could give permission to the subjects of negative investigative reports to block publication of stories. Lawmakers reportedly said that was not the intention.
Data Privacy Is Here to Stay
Data breaches are making the public fearful of sharing personal information with internet companies. Legislation is one way to regulate the use and dissemination of personal data. Effective regulation can also help re-build trust between tech companies and their users.
Whether you are reading this from Europe or the United States, you must educate yourself about your rights as a citizen. Then, if necessary, take action to protect your privacy. If this California law, which Time is calling the toughest data privacy regulation in the United States to date, ends up being effective, other states will likely follow. And even the federal government might get in on the act. Clearly, this is just the beginning.