A new California data privacy law will give consumers far more control over the data collected on them by companies such as Facebook and Google.
Under Assembly Bill 375, which establishes the California Consumer Privacy Act, starting in 2020 companies possessing data on more than 50,000 Californians must show individuals the information collected on them, delete their data on request and agree to not sell it to third parties, if asked by the consumer. Children under age 16 will have to opt in to agree to the sale of their data.
In addition, data collecting companies will not be allowed to limit the services offered to consumers who choose to have greater control over their data under the law. Violating companies will be fined $7,500 for each instance, a figure that, in truth, might not phase a multi-billion dollar firm at all, but will still somewhat make the point.
Gov. Jerry Brown approved the new legislation after a week of backroom negotiations and a compromise deal between IT heavyweights -- some of whose lifeblood is collecting and selling consumer data -- and privacy rights proponents, the Sacramento Bee reported. Thirty-seven state senators and 69 state assembly members voted for the bill.
San Francisco real estate developer Alastair Mactaggart had pushed to place a more expansive measure on the November ballot, spending more than $3 million in the process. The bill signed by Brown is a pared down version of Mactaggart’s initiative but still convincing enough for him to pull it from consideration for the ballot.
"I feel like it's the first step, and the country's going to follow," Mactaggart told the Bee. "Everybody is finally waking up to the importance of digital privacy." He called the bill a “landmark accomplishment, which is the strictest privacy bill ever achieved in this country.”
Tech companies faced with the most to lose from the bill’s impact in California opposed it but in some cases didn’t specify exactly why, reports said.
“We think there’s a set of ramifications that’s really difficult to understand,” Google senior vice president Sridhar Ramaswamy said earlier this week, Reuters reported. “User privacy needs to be thoughtfully balanced against legitimate business needs.”
The behind-the-scenes haggling to get the bill through must have been something to see considering some big-time outfits (via Reuters and the Bee) opposed the bill:
- The California Chamber of Commerce.
- The National Retail Federation.
- The Association of National Advertisers.
- The Internet Association, which represents Facebook and Amazon: "It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike," said Robert Callahan, vice president of state government affairs for the association.
- The ACLU: The new law "utterly fails to provide the privacy protections the public has demanded and deserves."
- CTIA, a wireless industry trade group: “State-specific laws will stifle American innovation and confuse consumers,” the group said, calling on Congress to pass legislation instead of individual states.
- State Sen. Jim Nielsen, R-Gerber, feared it would empower lawyers to file frivolous lawsuits against major companies and criticized how it was crafted. "Here are just a handful of people negotiating something that the majority of legislators will know nothing about," he said. He still voted for the bill.
Here’s some anecdotes from some who lined up with the bill:
- State Sen. Bob Hertzberg, D-Los Angeles, a primary bill sponsor called the new law "the most comprehensive privacy law in the country."
- Common Sense Kids Action: "The California Consumer Privacy Act will allow consumers to make informed choices about what happens with their own data — control that fosters a healthy relationship to technology and overall digital well-being," said Elizabeth Galicia, vice president of the group.