California Unanimously Passes Historic Privacy Bill
California lawmakers unanimously passed a new privacy bill on Thursday that would give residents of the state more control over the information businesses collect on them and impose new penalties on businesses that don’t comply. It is the first law of its kind in the United States. The so-called California Consumer Privacy Act of 2018 (AB 375) was introduced late last week by state assemblymember Ed Chau and state senator Robert Hertzberg, in a rush to defeat a stricter privacy-focused ballot initiative that had garnered more than 600,000 signatures from Californians.
The group behind that initiative, Californians for Consumer Privacy, said it would withdraw it if the bill passed. The deadline to withdraw was Thursday, forcing the state legislature to fast-track the bill through the State Senate and Assembly and get it to Governor Jerry Brown’s desk by the end of the day. The law takes effect in 2020, but in some ways, Thursday’s vote is only the beginning, as business interest groups work to tinker with the legislation’s details before then.
The new legislation gives Californians the right to see what information businesses collect on them, request that it be deleted, get access to information on the types of companies their data has been sold to, and direct businesses to stop selling that information to third parties. It’s similar to the General Data Protection Regulation that went into effect in the European Union last month, but adds to it in crucial ways. Under the GDPR, businesses are required to get users’ permission before collecting and storing their data.
But the way most companies have designed those opt-in pop-ups, ‘you really don’t have a choice,’ says Ashkan Soltani, former chief technology officer of the Federal Trade Commission who helped author the ballot initiative.