Jul 09 2018

The California Privacy Bill – why is it important?

The TL; DR – The governor of California, Jerry Brown, signed “The California Privacy Bill” on short-notice at the end of June. Similar to the General Data Protection Regulation (“GDPR”) in the EU, the Bill is a large leap forward in safeguarding consumer information by regulating what information businesses store and by providing the ability for individuals to prevent companies from selling their personal information to third-parties. This could reduce consumers’ risk of having their information leaked and used for fraud, misuse, or other forms of information threats.

The California Privacy Bill, or “The California Consumer Privacy Act of 2018” (AB-375), was signed on June 28, 2018 by California Governor Jerry Brown and is set to go into effect on January 1, 2020. This legislation intends to address personal data being misused and abused by private companies. To do so, the Bill regulates the ability of businesses to collect and sell the personal information of consumers. Additionally, it aims to provide policies to monitor companies that may collect information and use it to sell to third-party vendors.

Here are some takeaways from the Bill:

  • Consumers can ask businesses what they have collected, compel them to delete personal information collected upon request
  • Businesses are required to maintain better security for individuals’ private information.
  • Businesses are cannot discriminate users wishing to opt-out of granting information and prohibits the gathering of information on individuals 16 years or less, unless granted permission by a parent or guardian
  • The Bill also includes a framework to allow businesses to offer compensation in exchange for the collection of a customer’s personal information

Considering the Bill’s contents, it will likely have huge implications on the way businesses use consumer information and may lead other states to pass similar legislation. The Bill could lead to wide-ranging effects across the country – businesses will likely begin adjusting their policies to address the Bill, instead of creating a separate group of policies specifically for California. Note that many of the US-based technology giants are headquartered in California – the Bill would primarily target these larger companies who gather information on 50,000 individuals and more (as indicated in the text).

Larger technology companies, however, are speaking out against the severity of the Bill’s implications. Google’s Senior Vice President, Sridhar Ramaswamy, told reporters, “We think there’s a set of ramifications that’s really difficult to understand.” He added, “User privacy needs to be thoughtfully balanced against legitimate business needs.” (https://www.reuters.com/article/us-california-privacy/california-lawmakers-approve-data-privacy-bill-opposed-by-silicon-valley-idUSKBN1JO35Y)