Last week, the State of California unanimously passed a bill through the House and Senate — which was signed the following day by Governor Jerry Brown. This bill follows a ballot initiative proposed to regulate data privacy for residents of California.
Here’s a breakdown of the crucial details that you need to know.
The California Consumer Privacy Act
Arriving only months after the EU released their data privacy update, GDPR, California passed a bill providing similar protection to its residents regarding their personal data. Due to privacy leaks, scandals, and big data trends in recent years, privacy has emerged as a focal point in the world of tech, as consumers are becoming increasingly aware of the use and trade of their data.
After the GDPR was passed in the EU, companies worldwide were hit with new privacy guidelines and faced penalties if they failed to comply. With data being transferred across borders, privacy is a multinational issue — and regardless of whether countries choose to create laws, their businesses will be affected.
The California Consumer Privacy Act is the newest law created in privacy and if it proves to be effective, federal regulation in the U.S. may be imposed shortly after in a similar manner to protect citizens countrywide.
The bill features two large privacy rights for California residents — both of which share close similarities to rights granted by GDPR in the EU:
Right to request:
1798.100. – A consumer shall have the right to request that a business that collects a consumer’s personal information disclose it to that consumer.
Right to deletion:
1798.105. (a) – A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.
These rights will allow for California residents to have greater control over how their data is handled in the future. For companies, data privacy compliance will prove to be of greater importance, mandating that all companies that control data must be capable of efficiently responding to access and deletion requests from users.
Beyond these rights for data subjects, users will also be protected by the law in case of cybersecurity threats, with the option to sue corporations over data breaches.
Ballot to Bill in a Month
The CCPA was finalized only a month after a similar ballot measure created by Alastair Mactaggart was approved for voting in November. After the CCPA passed, Mactaggart removed the ballot measure — which was designed with the same goals as the bill.
Some differences exist between the ballot and the bill, including that the bill can be amended by legislators until 2020 and beyond. In contrast, ballot measures once passed can only be changed with a vote from the entire state. Additionally, the ballot allowed for consumers to sue corporations over any part of the privacy law — while the bill allows for individuals to sue over data breaches, with the Attorney General enforcing all other provisions.
What’s Coming for Companies
The new legislation in California will be effective January 1st, 2020, and companies will have 30 days to comply with all regulations before facing consequences. Between the present and 2020, large technology firms with a stake in California are expected to lobby the government to concede certain portions of the legislation to their benefit.
If businesses fail to comply with the regulation, fines of up to $7,500 will be imposed on each case. Eighty percent of this will go to the affected data subject while the remaining 20 percent will contribute to a new Consumer Privacy Fund. While this differs from 4% of global revenue or €20 million that GDPR enforces, consumers will be motivated to track and report instances of firms violating the California law. With this incentive, companies will be hard pressed to comply and ensure that customers are satisfied with their privacy.
Enjoy this piece? Check out our next piece: Sweet Sixteen Privacy Policies: Part 1