The European Union has been far ahead of the United States with laws designed to protect the privacy of individual citizens (see our article on GDPR), but California’s new Privacy Law (California Consumer Privacy Act), is a step in the right direction. The law, which was passed unanimously by lawmakers, will go into effect in 2020, and was done under threat of a far more severe measure supported by over 600,000 signatures.
Your Rights Under the California Consumer Privacy Act of 2018
The act calls for the following measures to protect consumers. Consumers have the Right to
- know all data collected
- say NO to the sale of information
- have Data Deleted
- know the categories of data to be collected before collection, and informed of changes
- Mandatory Opt-In for children under the age of 16
- know the categories of third parties with whom data is shared
- Private right of action when companies breach personal data
- know categories of sources of information from whom data was acquired
- Enforcement by the Attorney General of California
- know the business or commercial purpose of collecting information
Believe Your Rights Are Breached ?
GDPR vs California Consumer Privacy Act of 2018
While this recently passed legislation provides some regulation around personal private data, it does not come close to the recent GDPS regulation passed in the EU. While the California Law allows for consumers to Opt out, GDPR explicitly calls for consumers to Opt In. The exception here is for children under 16. In addition, the California Law does not consider browsing, search history or implication interaction data to be personal data. Advertising groups are quick to point out that the California Law does go beyond the GDPR in that consumers do not need to provide harm in order to file a lawsuit, and that financial penalties under the California Law are much steeper.