California Passes Strictest Online Privacy Law, But There’s Still Work to be Done

On Thursday, Gov. Jerry Brown signed the California Consumer Privacy Act of 2018, a law significantly increases consumers’ control over their personal data, after the State Assembly and Senate had approved it unanimously.

Akin to GDPR, the act grants consumers the right to know what information companies are collecting, why they are collecting it, and who they are sharing it with. It also grants them the option of blocking tech companies from selling their data; companies won’t be able to collect info on children under the age of 16 unless they willfully opt-in as well.

Don’t Celebrate Yet

The law is not as strict as GDPR though. Some privacy advocates expressed concerns over a few loopholes. For instance, technology companies can’t sell people’s data but they can share it. The law also allows companies to charge higher prices to consumers who opt out of having their data sold. Those advocates believe that this ‘pay for privacy’ deal does not respect people’s right to privacy.

This law it seems might have been a compromise a ballot initiative that contained even stricter rules. That ballot was launched by a San Francisco real estate developer, who agreed to withdraw it after the California Consumer Privacy Act of 2018.

And Things Can Still Change

The law won’t take effect until 2020. Some privacy advocates warn that the one and a half year delay gives lawmakers, regulators and tech companies plenty of time to make amendments to the act, warning that the fight is not yet over. The American Civil Liberties Union, a nonprofit that seeks to defend and preserve the individual rights and liberties, on its part said that the legislation falls “woefully short,” hastily drafted, and in need to be fixed.

The legislation comes in the context of a rapidly changing online privacy landscape. The past few years have been marred with a considerable number of online security breaches – arguably, the most famous of which was the Cambridge Analytica scandal, an incident involving a political consulting firm which combined data mining, data brokerage, and data analysis, collecting personal information on as many as 87 million Facebook users without consent. In response, lawmakers have been rethinking laws and regulations regarding the use of data.

Google & Facebook Don’t Seem Too Excited

Facebook stated that it supports the Privacy act, but does not believe it to be perfect it said. Google, on the other hand, said that it preferred the law to the ballot measure, but believes it still requires some changes. “[This law] imposes sweeping novel obligations on thousands of large and small businesses around the world, across every industry,” said Google spokesperson Katherine Williams in a statement.

The Internet Association, which lobbies on behalf of tech companies, said that the quick passage of the legislation is concerning, arguing that “data regulation policy is complex and impacts every sector of the economy, including the internet industry,” lamenting the lack of public discussion surrounding the bill.