California Governor Jerry Brown signed a bill Thursday that will give residents of that state the highest level of data privacy protection in the nation. The California Consumer Privacy Act gives consumers an array of new rights, including the right to prevent businesses from selling or disclosing their personal information.
A similar initiative was intended to be on the ballot in November. But with the heightened awareness around data management in the wake of events such as the Facebook/Cambridge Analytica debacle, legislators took the matter into their own hands. Facebook itself seemed to see the writing on the wall when it dropped opposition to the law in April. The law levies steep penalties for companies that do not comply.
Proponents of the law say it gives consumers more control of their data, including the right to know how their data is being used, what categories of data are being collected and sold (e.g., name, IP address) and the right to stop companies from doing so.
Opponents say that its increased costs will cause a burden on state and local governments. The opposition also claimed it would kill jobs and somehow end up harming consumers.
Both sides had launched public information campaigns to sway voters. But despite the lack of public consensus, the bill easily passed both chambers of the California legislature and landed on the governor’s desk with no opposition.
The increased data subject rights echo those of the General Data Protection Regulation (GDPR), a European law that governs how entities handle European Union (EU) members’ data. GDPR went into effect at the end of May.
Because of California’s size and influence in the country, the law is likely to set the standard for states’ data privacy laws moving forward.
The California law goes into effect January 1, 2020. Lawmakers expect to make amendments to the legislation before the deadline for enforcement.