Policy Summary
At the end of June 2018, California passed Assembly Bill (AB) 375, which is known as the California Consumer Privacy Act of 2018. In May 2018 California voters filed the California Consumer Personal Information Disclosure and Sale Initiative (the “Initiative”) that sought to prevent businesses that do business in California from selling or disclosing a consumer’s personal info. The ballot initiative was signed by 600,000 residents and was scheduled to be on the ballot in California’s November 2018 election.
However, California state government officials decided to try and pass their own version of a data privacy law. The organizers of the Initiative agreed to remove their initiative from the ballot if California enacted a data privacy law. To ensure that the bill introduced by the legislators would not be superseded by the ballot initiative AB 375 would have had to be approved before June 28, 2018, which is the deadline to have the Initiative removed off the November 2018 ballot. The California Legislature approved the initiative which was then signed into law by Governor Jerry Brown. The ballot initiative was subsequently withdrawn. LEARN MORE, LEARN MORE
Analysis
The data privacy law passed by California is modeled on the European Union’s (EU) General Data Protection Regulation (GDPR). What this new law does is that it (1) requires notice be given to consumers on data companies collect and what they use it for (2) a “right to be forgotten” (3) new notice and opt – out provisions if personal data is sold to third parties and (4) protection for consumers from being excluded from services if they exercise any of these new privacy rights.
The notice required to be provided to users is unique because it narrows down how a company can use a consumer’s personal data. A company must inform consumers how their personal data will be used. If a company wants to use the same personal data for another business purpose, it must then give notice to the consumer again for the different use of the personal data. This should help restrain companies from acquiring a consumer’s personal data once and then using it for multiple purposes for years afterward.
The “right to be forgotten” requires that a business must delete the personal data of the person if the person requests it. This requirement has a similar component to the EU’s General Data Protection Regulation and is one of the most popular features of the new law because it affirmatively gives a consumer direct control over their personal data.
The notice and opt out provision is another provision that gives the consumer more direct control over their personal data. Most companies sell personal data to third parties but with this provision a company is prohibited from reselling personal data to a third company unless they give notice to the consumer and give her an opportunity to opt – out of the sale. Additionally, there are more restrictive requirements when the personal data is of minors under the age of 16.
And finally, the new California law prohibits a company from refusing to provide goods or services if a consumer chooses to exercise their privacy rights. A company can provide incentives for a consumer to provide their personal data but again the California law requires that the consumer must opt in and must have the option to opt out at anytime afterwards.
This new privacy law is easily the most stringent privacy law passed in the United States. There are still some flaws that have been discussed (if a person wants to sue a company for violation of the law, it must be done with a confusing process that might instead end up limiting an individual person’s options in court) but it appears that California has taken a huge step forward in protecting data privacy for their residents. It remains to be seen if these new regulations are what American citizens want and if other states and the Federal Government will follow suit by updating their own laws and regulations or by passing new and more relevant laws. LEARN MORE, LEARN MORE, LEARN MORE
Engagement Resources:
- California Consumer Privacy Act – webpage on the new California consumer privacy law.
- Electronic Frontier Foundation (EFF) – non – profit group’s webpage on how to improve California’s new consumer privacy law.
- Privacy Rights Clearinghouse – available services from group that seeks to empower individuals to protect their privacy.
This brief was compiled by Rod Maggay. If you have comments or want to add the name of your organization to this brief, please contact Rod@USResistnews.org
Photo by freestocks.org