To prevent an even stronger privacy proposition from appearing on the ballot in the fall, the California legislators rushed through a bill providing strong privacy rights for all California citizens. Companies making lots of money from the ‘net dislike the bill but supported it in order to derail the proposition.
Since the law doesn’t go into effect until 2020, there is plenty of time for the legislators to agree with the inevitable demands from tech companies to water down the bill. Pending the expected vast dilution, the bill provides a few landmark protections for consumers, including:
- The right to instruct data gatherers to stop selling personally identifiable information.
- Right to opt out completely from letting companies share any personally identifiably information
- Right to obtain a copy of all data a company has gathered about an individual
- Right to request a company to delete all personal information obtained from an individual
- Expanded definition of what constitutes personally identifiable information.
The expanded definition of personally identifiable information includes:
- Geolocation (where you were at a point in time and when you were there)
- Browsing history
- Psychometric data (I think that means data about your personality, character traits, and personal interests that drive your buying decisions and inferences that can be drawn from that data)
Should much of the law survive long enough to go into effect, it will be a big deal.
I didn’t keep a link to one article which described the cutoffs at which point the law would apply to a particular company, but recall the thresholds are quite high in relation to a small company. I’ll guess the law won’t apply to practically all of the readers of this blog.
On the other hand the thresholds are low enough that the new law would apply to essentially any name you see in any media discussion, including probably every free app and each of the software programs used by large numbers of people.
One of the things to ponder is the ripple effect across the US. Unless a company wants to essentially set up a separate, compliant website for California citizens, the new rule would wind up applying to everyone in the US.
Might be worth paying attention to this issue.
Some articles of interest:
- 6/28/18 – Frankfurt Kurnit Klein + Selz – Focus on the Data – California, Privacy, and the New Normal – CA AB 375 Signed Into Law
- 6/28/18 – Wall Street Journal – California Passes Data-Privacy Bill
- 7/1/18 – Wall Street Journal – Businesses Blast California’s New Data-Privacy Law
- 7/11/18 – Harvard Business Review – What You Need to Know About California’s New Data Privacy Law