California Passes Tough New Law to Protect Online Privacy

The California State Legislature quickly passed a digital privacy law that gives consumers much more control over their online personal data. Governor Jerry Brown signed the law into effect, narrowly beating a deadline to remove another, tougher initiative headed for the November ballot. Consumers now have the right to know what information tech companies are collecting, and why they’re collecting it, as well as with whom they are sharing it. Consumers can also demand their data be deleted or not sold or shared.

The New York Times reports that the new law, which goes into effect January 2020, states that, “businesses must still give consumers who opt out the same quality of service … [and] also makes it more difficult to share or sell data on children younger than 16.” It also makes it easier “for consumers to sue companies after a data breach … [and] gives the state’s attorney general more authority to fine companies that don’t adhere to the new regulations.”


Some privacy advocates complain that, “the bill did not go as far as the ballot initiative in allowing individuals to sue for not complying.”

Although the California law isn’t as “expansive” as Europe’s General Data Protection Regulation (GDPR), Carnegie Mellon University incoming assistant professor Aleecia McDonald called it a “step forward,” adding that it is “one of the most comprehensive in the United States, since most existing laws — and there are not many — do little to limit what companies can do with consumer information.”

The new law is “modeled closely” on Alastair Mactaggart’s ballot initiative. The real estate developer “spent $3 million and secured more than 600,000 signatures” to put it on the ballot.

Because Mactaggart’s initiative, which polled at around 80 percent approval, was deemed “less flexible” by the state’s technology and business lobbies, they voted for the measure to avoid facing the initiative on the ballot. Lawmakers said they expect to “make any fixes to the law in the 18 months before it takes effect,” which some privacy advocates interpret to mean they plan to water down its effectiveness. Mactaggart, however, isn’t concerned.

“Having gotten this right, it’ll be very hard to take it away,” he said. “They can’t rewrite the law.”

What They’re Saying: The Mixed Reactions to California’s New Privacy Law, Axios, 6/29/18
New California Privacy Law Could Accelerate Retail Blockchain Adoption, Forbes, 6/28/18