California’s New Digital Privacy Law Starts in 2020

Passed in June of last year, the California Consumer Privacy Act, or AB 375, will only start taking effect at the beginning of 2020. In the meantime, both sides of the aisle seem committed to working with policymakers to find the best way of enforcing the bill, while better understanding its effects and workability.

woman using desktop computer

Although many have compared California’s privacy bill to the European Union’s General Data Privacy Regulation, commonly known as the GDPR, AB 375 comes with different provisions. The biggest difference is that, unlike GDPR, California’s new digital privacy law does not set deadlines when it comes to informing consumers about data breaches. Additionally, the bill passed by the California statehouse has no dedicated authority yet to enforce the law, nor set fines for companies found in violation.

The need for a more stringent consumer privacy law

The bill that passed both California state’s Senate and Assembly with unanimous votes came on the aftermath of several major privacy scandals, which are becoming all too common. The Facebook – Cambridge Analytica scandal, where the personal information of 87 million Facebook users was leaked to a UK political consultancy firm, is well known to both US and European public, but there are others that followed, receiving maybe less media attention.

Collection #1 – biggest data dump to date

In January 2019, over 1 billion people woke up to having their email address distributed on a popular hacking forum. Password combinations have also been posted on the forum through this mega-breach, which add up to almost 2.7 billion rows of data that have been leaked. This makes Collection #1 the largest data dump to date. The data seems to have come from the cloud-based file sharing service MEGA, but the origin of the email addresses and passwords is, in fact, multiple sources, which goes to show users can’t truly know how their data is being handled.

80 million US household details exposed

Other data breached shortly followed. Verification IO, a marketing database, leaked the records of over 700 million users in March, while only a month later, security researchers discovered an unprotected database on a Microsoft cloud server, containing the data of 80 million US households. Details included full address, exact longitude and latitude, full names, ages and dates of birth. This type of data can be easily used to defraud people, or even for identity theft.

What California’s Digital Privacy Law does for you?

So how exactly does the California Consumer Privacy Act fix things? There are three main areas that the bill addresses in terms of data and digital privacy, and the fresh take it has comes from empowering the user over the companies.

  1. 1. Gives users ownership. The California Consumer Privacy Act gives users the right to impede business from sharing or selling their personal information. It empowers all users to find out exactly what information has been collected, whether it’s personal information, devices, or even children, and where that information traveled.
  2. 2. Puts users in control. The bill also gives users the right to stop companies from sharing or selling their data. Consequently, it prohibits businesses to discriminate against users who do so, which means they can’t charge more, deny access to service, or change the quality of the service.
  3. 3. Provides users security. The bill also plans to increase penalties and fines for companies in violation of privacy law, making it easier for users to hold businesses responsible for safeguarding their personal information. This ultimately provides people with a stronger sense of security.

 When did you last check your data policy?

Changes are imminent and the best way to embrace them is to adjust your own course. A lot of companies, especially small to medium businesses, don’t regard terms of service and privacy policy as cornerstones of their operations. They’re usually just technicalities to be dealt with by lawyers. In fact, many online businesses don’t even check their data policy regularly, even when they make changes to their products or services. When is the last time you checked yours?

With the deadline for the California Consumer Privacy Act coming into effect quickly approaching, it becomes imperative to take a closer look to one’s privacy policy, if only for the sole reason that businesses operating out of California will have to make it clearly visible to users that they can opt-in or out of data collection. And while this may be happening in the Golden State for now, the hope is that other states will follow, and the bill will eventually become a federal law.