The California Consumer Privacy Act of 2018 (AB 375) bill will apply only to California consumers. However, internet users in other states will likely see changes.
The bill gives consumers the right to have their personal data deleted; the right to know the commercial purpose for collecting their data; and the categories of sources from which the data are collected. It also prohibits a business from selling the personal data of anybody under the age of 16 unless that child agrees.
The bill gives companies the ability to offer discounts to customers who allow their data to be sold and charge those who opt out a reasonable amount based on how much the company makes selling the information.
Lawmakers say they will likely make alterations to improve the policy before it takes effect. Some privacy advocates are worried that lobbyists for business and technology groups will use that time to water it down.
TechNet, a technology lobbying group, urged lawmakers to improve the law before it takes effect “so it provides meaningful privacy protections for Californians while also allowing all the benefits and opportunities consumers expect from U.S. technology to continue.”
Policymakers around the country looking at what California has done on this issue should understand that the California Legislature’s work is far from finished and that this law remains a work in progress.
The California law is not as expansive as Europe’s General Data Protection Regulation, or G.D.P.R., a new set of laws restricting how tech companies collect, store and use personal data.
Google, Facebook, Verizon, Comcast and AT&T each contributed $200,000 to a committee opposing the proposed ballot measure, and lobbyists had estimated that businesses would spend $100 million to campaign against it before the November election.