Lawmakers in California have this week passed a privacy bill to give residents of the state more control over the information businesses collect about them. The historic bill, passed on Thursday, has similarities to Europe’s GDPR legislation and is the first of its kind in the United States.
The so-called California Consumer Privacy Act of 2018 (AB 375) was introduced late last week as a last minute measure to defeat a stricter privacy-focused ballot. The new legislation, which comes into effect in 2020 has been described as “The most comprehensive privacy law in the country”.
Although the legislation has been passed, it will continue to change between now and when it comes into effect in 2020, which interest groups pushing to support their own needs. As it stands, the legislation gives Californian residents the right to see what information businesses collect on them, request that it be deleted, get access to information on the types of companies their data has been sold to, and direct businesses to stop selling that information to third parties.
Although similar in aims to GDPR, the Californian legislation differs in a number of key ways. One is that businesses cannot deny users access to a service if they do not give data sharing consent, so “agree or leave” consent solutions will not be acceptable.