Governor Jerry Brown signed the California Consumer Privacy Act into law this week, scheduled to take effect January 2020.
The law is a diluted version of the ballot initiative put forth by privacy advocate Alastair Mactaggart designed to closely resemble the European Union’s GDPR. The popularity of the ballot initiative played a major part in the speed and unanimous passage of the bill, which while unpopular with technology companies such as Facebook and Google, was viewed as the lesser of two evils (the greater evil being increased consumer control over personal data).
The bill includes:
- The right to be forgotten, i.e., for members of the public to have businesses delete information on them
- A requirement for businesses that sell consumer data to disclose the categories of information they collect.
- The ability for victims of data breaches (personal information in a non-encrypted format) to be able to sue for up to $750.
- A requirement for businesses to provide the same level of service to consumers who opt out of data collection.
Henry Clay’s once said that a good compromise is when both parties walk away unhappy, and by this standard the CCPA is a great one.
The Internet Association, which lobbies on behalf of technology companies issued a statement: “Data regulation policy …impacts every sector of the economy, [t]hat makes the lack of public discussion and process surrounding this far-reaching bill even more concerning.”
On the other end of the spectrum, the ACLU was equally unenthused, saying the bill “utterly fails to provide the privacy protections the public has demanded and deserves.”
State Senator Bob Hertzberg was more upbeat about the passage of the act, calling it “the most comprehensive privacy law in the country.”
Read more about the act here.