Will California’s new privacy law set the standard for data protection?
California last week passed what’s believed to be the nation’s toughest data privacy law, a measure the National Retail Federation (NRF) has described as “deeply flawed.”
Under the new law, California consumers will have the right to:
- Know what information companies are collecting about them, why they are collecting that data and with whom they are sharing it or selling it to. Those opting out can’t be charged more or treated differently than those who don’t;
- Tell companies to delete, stop collecting and stop selling or sharing their data;
- Be informed of what categories of data will be collected before it’s collected and to be informed of any changes to that;
- Require businesses get permission before selling any information about children under the age of 16;
- More easily sue companies for a data breach.
The legislation also gives the state’s attorney general more authority to fine companies that don’t adhere to the new regulations.
The act takes effect Jan. 1, 2020.
The bill was rushed through California’s State Legislature last Thursday without opposition, just hours before a deadline arrived for withdrawing a stricter ballot measure that was set to arrive for November elections. Tech companies and legislators preferred the bill to the ballot measure because it provides more flexibility and time to make revisions.
A string of data breaches and scandals led by Cambridge Analytica have resulted in calls for greater protections. The legislation is not as strict as Europe’s GDPR, which calls for tighter deadlines around data breaches and potentially heavier fines.
But tech company lobbyists have argued that there wasn’t enough public debate on the California’s law and are expected to seek to relax the guidelines before they become law.
In a statement, NRF SVP for government relations David French asserted the legislation “will expose businesses to unwarranted lawsuits” and potentially take away the access to data that supports loyalty programs, personalized offerings and other special services that consumers have come to expect.
Mr. French said, “Retailers strive to protect their customers’ data, but data is the backbone of any good retail business.”
- California’s new data privacy law the toughest in the US – CNET
- Statement on the Enactment of California Privacy Legislation – Internet Association
- Retailers Say Customer Service Will Suffer Under ‘Deeply Flawed’ California Privacy Law – National Retail Federation
- Retailers Say Customer Service Will Suffer Under ‘Deeply Flawed’ California Privacy Law – The New York Times
- California passes strictest online privacy law in the country – CNN
DISCUSSION QUESTIONS: What do you expect will be the practical effects of California’s new data privacy law on consumers and retailers? Do you expect other states to enact similar legislation? Will business interests lobby federal legislators to pass a national data privacy law that would be less restrictive than California’s new law?