California gets tough with new digital privacy law

The GDPR offers strong data privacy measures but only protects EU residents. Can the new Californian law lead the way for America?
2 July 2018

California Governor Jerry Brown. Source: Flickr / Neon Tommy

In the aftermath of the Cambridge Analytica scandal, several nations around the world started thinking about formulating regulations that emphasized the importance of stronger data privacy measures.

The European Union’s General Data Protection Regulation (GDPR) was implemented in May and seemed to have a significant impact on companies and tech businesses. It forced everyone to re-think how they collected, processed, and stored data.

However, it only covers residents of the EU. Other nations aren’t protected by its provisions.

For Americans, who have historically suffered from more instances of data theft, data privacy is still not a regulatory requirement in the way it should be.

Governor Jerry Brown of California, thankfully, just changed that for the residents of California – and maybe for the rest of the country.

Gov. Brown has just passed a new digital privacy law that gives consumers more control when it comes to how companies use and manage their data.

The new law grants consumers the right to know what information companies are collecting about them, why they are collecting that data, and with whom they are sharing it.

It also gives consumers the right to tell companies to delete their information and direct them to not sell or share their data.

The law also mandates that businesses give consumers who opt out the same quality of service.

Further, the provisions of Gov. Brown’s law makes it more difficult for companies to share or sell data about children younger than 16 years of age.

For California and America

The bill moved through the State Legislature without opposition and then signed into law by Gov. Brown last week. It is set to go into effect in January 2020.

As a result, in about 18 months, consumers will find it far easier to sue companies after a data breach, and the state’s attorney general will have more authority to fine companies that don’t adhere to the new regulations.

For the rest of America, the new law might set the ball rolling in terms of data privacy and give direction to regulators deliberating about the way forward.

According to experts, California’s privacy protection law could direct technology companies to change their business practices across the country instead of maintaining two systems: one in California, and another for everyone else.

This is the route that Apple, Facebook, and Google took when the EU’s GDPR was implemented in May.

“I think it’s going to set the standard across the country that legislatures across the country will look to adopt in their own states,” Senator Bob Hertzberg, one of the new Californian law’s authors told the Washington Post.