California passes digital privacy bill that could have impact across U.S.
California enacted the nation’s strongest data privacy law on Thursday that could presage national changes to how big tech companies, including Facebook, Google and Amazon, collect and use personal data.
The law, passed by the state legislature on Tuesday and signed by Gov. Jerry Brown, requires companies to disclose the types of data they collect about consumers and with whom they share that information. Companies will be forced to let consumers opt-out of having their data sold. The law will also prohibit companies from charging a consumer or treating them differently because they opted out of having their data sold.
Companies will also be required to secure customer data or risk being fined by California’s attorney general, according to the legislation.
The protections won’t take effect until 2020, meaning the fight between lawmakers, advocates and tech companies to further shape the regulations, or water them down, is still far from over.
Still, California’s new privacy protections have been heralded as the strongest consumer privacy measure in decades and are part of a growing movement to give people more control over their data. While the spirit of the law is similar to Europe’s General Data Protection Regulation, which went into effect last month, it doesn’t go as far as GDPR, which is now considered the strongest data privacy law in the world.
In response to GDPR, which took effect last month, many large tech companies, even those based in the U.S., revamped their privacy policies and created tools to give users more control over the types of data that is collected. James Steyer, founder and CEO of nonprofit tech watchdog Common Sense, said the passage of the bill is a “huge victory” but isn’t perfect.
“I would like to see even more aspects of privacy opt-in versus opt-out, but this is a huge improvement,” Steyer said.