Washington, DC – Just a month after the European Union’s (EU) General Data Protection Regulation (GDPR) came into effect, the California State Assembly and Senate unanimously passed a data privacy legislation that provides individuals with more control over how companies collect and process their personal data. The California Consumer Privacy Act of 2018 was signed into law by Governor Jerry Brown on Thursday June 28.
Under this law, starting in 2020, companies with data on more than 50,000 people would be required to let individuals see the data that has been collected on them, request the data to be deleted, and also opt out of having the data sold to third parties. This law applies to users in California, and although not as stringent as GDPR, this is the strongest regulatory measure so far on data collection practices by companies in America.
This legislation has huge ramifications, especially on major technology companies such as Facebook and Google which are headquartered in California. The Internet Association, a lobbying group which represents Facebook, Google, Uber, Amazon and Microsoft, reacted to the passage of the bill, saying, “Data regulation policy is complex and impacts every sector of the economy, including the internet industry.” Expressing concern on this point, the association continued, “That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning. The circumstances of this bill are specific to California.” Without mincing words, the association called for attention to details as the law is set to provide measures to safeguard personal privacy and freedom of ordinary consumers. “It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike,” the association noted.
Every since Facebook’s data breach scandal broke, companies have been taking a long, hard look at customer data privacy. Twitter had updated its data privacy policy which came into effect on May 25th, 2018, the date of GDPR rollout. Both Apple and Twitter had also said that user privacy protections will apply globally. Instagram and WhatsApp, which are owned by Facebook, had announced a personal data download feature to users in an effort to comply with GDPR.
Although the law applies to California, it could potentially snowball into increased data privacy across the United States. It is likely to ruffle feathers across the US and beyond, adding ammunition to European efforts to uphold consumers’ privacy concerns.
“California’s law will raise the bar significantly, and this won’t be the last time it’s raised as states seek to emulate the EU’s new General Data Protection Regulation (GDPR), said Robert Cattanach, a partner at the international law firm Dorsey & Whitney, and a data privacy and cybersecurity expert.
Additionally, US lawmakers would definitely face questions on the subject as they approach their constituents before the midterm elections. “Congress will feel pressure from both pro-privacy advocates to endorse the rights created by California, and businesses to try to bring uniformity to what is increasingly a dynamically evolving policy area,” added Cattanach, concluding, “The bottom line is that this leverages on the concepts contained in GDPR and is certain to be picked up as the standard by other states.”