- On January 1, 2020, the California Consumer Privacy Act is set to go into effect and will put larger restrictions around the ways tech companies may collect and use consumer data.
- One of the law’s harshest provisions requires companies to stop selling consumer’s data upon request.
- Nine additional states are considering their own versions of California’s privacy law including Hawaii and North Dakota.
In three months, California will make history as the first state to enact significant restrictions on the ways tech companies gather and use consumer data.
And with incredibly broad definitions of “personal data” and what it means to “sell” it, all eyes are on the Golden State to set a new standard for tech companies nationwide.
What does the California Consumer Privacy Act require?
This will be the most aggressive privacy law to date. It features sweeping restrictions and intends to pull back the curtain on what tech companies are doing with consumers’ information.
The law requires companies to disclose any data they collect and will limit the way that data is used for online ads. It also gives consumers the power to delete that data and prevent the sale to third parties.
When the law goes into effect, 40 million California residents will be able to make requests in a “clear and conspicuous” website entitled “Do Not Sell My Personal Information.” Businesses with annual gross revenue of $25 million or more or who have received personal data from 50,000 consumers will have to comply with the law.
So, what does the California Consumer Privacy Act mean for other U.S. tech companies?
Now that the country’s most populous state has made the move, others are already following suit. On June 6, 2019, Maine passed a similar law enacting restrictions on data collection and sale by internet service providers, effective July 1, 2020.
Nine other states have introduced laws of their own mirroring the California privacy law, including Hawaii, Maryland, Massachusetts, Mississippi and New Mexico. If California and others are able to successfully implement their restrictions and improve online privacy, more states may look to follow suit.
If tech companies are able to find loopholes in the law or the state can’t handle the demand of requests, the legislation may be a flop altogether.
“I don’t think you ever want to give people a reason to believe that you hoodwinked them,” said California Attorney General Xavier Becerra. “Think back to the launch of the Affordable Care Act’s website. That really depressed people’s belief that this was going to work.”
Becerra’s office will be responsible for enforcing the law and handling the influx of requests. He and a group of privacy advocates also want to add provisions granting consumers the right to sue if a company ignores a demand to opt-out of data sales.
Opponents of the California privacy law are hoping to scale back some of its measures before it officially goes into effect.
Director of Tech Policy and Consumer Reports, and a former Federal Trade Commission attorney, Justin Brookman, is hopeful the law will not suffer from lobbyist efforts.
“Silicon Valley has a lot of power,” Brookman said. “I’m hopeful that it won’t be meaningfully weakened. Do I feel confident that it won’t be? No.”