On the heels of the EU’s General Data Protection Regulation (GDPR), California has just passed one of the most stringent data privacy laws in the country. The California Consumer Privacy Act of 2018 moved quickly and unanimously through the legislature, and was signed by Governor Jerry Brown yesterday.
As a leader of the tech industry, California’s transition to tougher privacy standards may mark a fundamental shift for the U.S. privacy laws, and initiate the beginning of sweeping changes to regulations across the U.S.
Specifically, the law expands the definition of “Personal Information” and grants significant additional protections for consumers. The bill provides for:
- The right to be informed of all data being collected about you
- The right to prevent companies from selling your personal information
- The right to delete your data
- The right to opt-out (and mandated opt-in for children under 16 yo)
- The right to know when your data is shared
Further, the law establishes an enforcement procedure, allowing the Attorney General to fine companies that do not act to align their data policies with the new law.
These regulations look a lot like the GDPR and we may find ourselves in the same data craze that Europe has been experiencing for the past few years leading to the GDPR’s May release. This level of data protection rights is unprecedented in the U.S., and California’s adoption of this data standard is a significant moment in our history.
The law is not set to go into effect until 2020, so there will undoubtedly be a flurry of push back from major tech leaders and lobbyists in the meantime. Tech giants like Amazon, Microsoft, and Uber have already contributed significant amounts to kill the initiative. The tech industry is highly reliant on the collection of user data, so there will be growing pains in getting U.S. companies in compliance with this level of data protection.
We are in the height of the tech era – and like it or not, consumers are becoming increasingly sophisticated in their demands, and expect higher levels of protection of their data. U.S. companies will need to learn how to change their data collection policies, and catch up to the higher standard of privacy, before it catches up with them.