Passed in June of last year, the California Consumer Privacy Act, or AB 375, will only start taking effect at the beginning of 2020. In the meantime, both sides of the aisle seem committed to working with policymakers to find the best way of enforcing the bill, while better understanding its effects and workability.
Although many have compared California’s privacy bill to the European Union’s General Data Privacy Regulation, commonly known as the GDPR, AB 375 comes with different provisions. The biggest difference is that, unlike GDPR, California’s new digital privacy law does not set deadlines when it comes to informing consumers about data breaches. Additionally, the bill passed by the California statehouse has no dedicated authority yet to enforce the law, nor set fines for companies found in violation.
The need for a more stringent consumer privacy law
The bill that passed both California state’s Senate and Assembly with unanimous votes came on the aftermath of several major privacy scandals, which are becoming all too common. The Facebook - Cambridge Analytica scandal, where the personal information of 87 million Facebook users was leaked to a UK political consultancy firm, is well known to both US and European public, but there are others that followed, receiving maybe less media attention.
Collection #1 - biggest data dump to date
In January 2019, over 1 billion people woke up to having their email address distributed on a popular hacking forum. Password combinations have also been posted on the forum through this mega-breach, which add up to almost 2.7 billion rows of data that have been leaked. This makes Collection #1 the largest data dump to date. The data seems to have come from the cloud-based file sharing service MEGA, but the origin of the email addresses and passwords is, in fact, multiple sources, which goes to show users can’t truly know how their data is being handled.
80 million US household details exposed
Other data breached shortly followed. Verification IO, a marketing database, leaked the records of over 700 million users in March, while only a month later, security researchers discovered an unprotected database on a Microsoft cloud server, containing the data of 80 million US households. Details included full address, exact longitude and latitude, full names, ages and dates of birth. This type of data can be easily used to defraud people, or even for identity theft.
What California’s Digital Privacy Law does for you?
So how exactly does the California Consumer Privacy Act fix things? There are three main areas that the bill addresses in terms of data and digital privacy, and the fresh take it has comes from empowering the user over the companies.
- 1. Gives users ownership. The California Consumer Privacy Act gives users the right to impede business from sharing or selling their personal information. It empowers all users to find out exactly what information has been collected, whether it’s personal information, devices, or even children, and where that information traveled.
- 2. Puts users in control. The bill also gives users the right to stop companies from sharing or selling their data. Consequently, it prohibits businesses to discriminate against users who do so, which means they can’t charge more, deny access to service, or change the quality of the service.
- 3. Provides users security. The bill also plans to increase penalties and fines for companies in violation of privacy law, making it easier for users to hold businesses responsible for safeguarding their personal information. This ultimately provides people with a stronger sense of security.
When did you last check your data policy?