Washington, DC – Just a month after the European Union’s General Data Protection Regulation (GDPR) came into effect, the California State Assembly and Senate unanimously passed a data privacy legislation that provides individuals with more control over how companies collect and process their personal data. The California Consumer Privacy Act of 2018 was signed into law by Governor Jerry Brown on June 28.
Under this law, starting in 2020, companies with data on more than 50,000 people would be required to let individuals see the data collected on them, request the data to be deleted, and opt out of having the data sold to third parties. This law applies to users in California, and although not as stringent as GDPR, this is the most robust regulatory measure so far on data collection practices by companies in America.
This legislation has huge ramifications, especially for major technology companies such as Facebook and Google, which are headquartered in California. The Internet Association, a lobbying group representing Facebook, Google, Uber, Amazon, and Microsoft, reacted to the bill’s passage, saying, “Data regulation policy is complex and impacts every sector of the economy, including the internet industry.” Expressing concern on this point, the association continued, “That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning. The circumstances of this bill are specific to California.” Without mincing words, the association called for attention to details as the law is set to provide measures to safeguard ordinary consumers’ personal privacy and freedom. “It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike,” the association noted.
Ever since Facebook’s data breach scandal broke, companies have been taking a long, hard look at customer data privacy. Twitter had updated its data privacy policy which came into effect on May 25, 2018, the date of the GDPR rollout. Both Apple and Twitter had also said that user privacy protections will apply globally. Instagram and WhatsApp, which Facebook owns, had announced a personal data download feature to users in an effort to comply with GDPR.
Although the law applies to California, it could potentially snowball into increased data privacy across the United States. It is likely to ruffle feathers across the US and beyond, adding ammunition to European efforts to uphold consumers’ privacy concerns.
“California’s law will raise the bar significantly, and this won’t be the last time it’s raised as states seek to emulate the EU’s new General Data Protection Regulation (GDPR), said Robert Cattanach, a partner at the international law firm Dorsey & Whitney, and a data privacy and cybersecurity expert.
Additionally, US lawmakers would definitely face questions on the subject as they approach their constituents before the midterm elections. “Congress will feel pressure from both pro-privacy advocates to endorse the rights created by California, and businesses to try to bring uniformity to what is increasingly a dynamically evolving policy area,” added Cattanach, concluding, “The bottom line is that this leverages on the concepts contained in GDPR and is certain to be picked up as the standard by other states.”
Poonam Sharma
Poonam is a multi-media journalist, and Founder and Editor of Global Strat View. She was the Managing Editor of India America Today (IAT) for seven years, and launched its print edition in 2019 with IAT's Founder and Editor, the late Tejinder Singh.
