California Signs Strict Consumer Privacy Act of 2018 Into Law

On Thursday, California Governor Jerry Brown past the strictest data privacy law in the nation. 

The bill was passed unanimously in both the state’s Senate and Assembly.

The new law will take effect in 2020 and gives consumers control over what personal data is collected from companies that make at least an annual gross revenue of $25 million, like Facebook and Google. 

Users can learn what information is being collected, why, and who the companies are sharing it with, and can delete their data. Users in the state will also be able to opt-in and opt-out of letting the companies sell their data. 

“Californians will be able to opt-out of having their data sold, and companies will not be able to penalize them— by limiting their use of the service, for example — for choosing to do so. Users under 16 will need to opt-in to having their data sold,” writes Futurism. 

The law also holds the companies accountable when it comes to cyber breaches.

“The law also grants California’s attorney general the power to fine companies that don’t do enough to protect consumers’ personal information from cyber attacks,” writes Futurism. 

For data breaches, consumers can now sue up to $750 per violation and the state attorney general can sue for $7,500 for intentional violations of privacy. 

These fees are much less than what was included in another measure on the table by the San Francisco real estate developer Alastair Mactaggart that would allow consumers to sue companies up to $3,000. 

Following Facebook’s Cambridge Analytica scandal that came to light in mid-March, there has been more of a focus on regulating privacy in the digital world. California is leading the way with stricter privacy legislation. 

Privacy advocates praised the new law. 

“The state that pioneered the tech revolution is now, rightly, a pioneer in consumer privacy safeguards, and we expect many additional states to follow suit,” said James P. Steyer, CEO and founder of Common Sense Media. “Today was a huge win and gives consumer privacy advocates a blueprint for success. We look forward to working together with lawmakers across the nation to ensure robust data privacy protections for all Americans.”

“This is a milestone moment for privacy law in the United States,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center. “The California Privacy Act sends a powerful message that people care about privacy and that lawmakers will act.”

“I think it’s going to set the standard across the country that legislatures… will look to adopt in their own states,” said Sen. Bob Hertzberg (D) to The Washington Post. 

Although lawmakers were quick to celebrate the passing of the bill, some privacy advocates believe that it’s still too lenient.

“For the first time California is explicitly allowing ‘pay for privacy’ deals that are in direct contradiction to our privacy rights,” said Emily Rusch, executive director of the nonprofit California Public Interest Research Group, who points out that the law allows companies to sell data of those who opt out  for higher prices. 

There are still loopholes. Tech companies can still “share” a person’s data even if a user chooses to opt-out of letting their data be sold.

But the law isn’t final just yet. 

Over the next two years, lawmakers and companies will be working together to revise and discuss the specifics in detail. It’s likely that the law signed Thursday won’t be the same one that goes into effect on January 1, 2020. 

Author’s note: Only time will tell if California actually did something right this time…