Last week, the California state legislature passed a law that introduces almost European-grade privacy rules regarding the protection of people’s personal data. However, privacy advocates should not rest easy, as there’s still a chance that tech lobbyists could push back before the law goes into force.
Until AB 375, as the law is known, goes live at the start of 2020, it is still possible to amend it. And the tech industry is showing every sign of planning to take it on.
“It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike,” Robert Callahan, the head of state government affairs at the Internet Association, a major lobbying group, said in a statement reacting to the law’s passage.
Like the EU’s General Data Protection Regulation (GDPR), AB 375 forces companies to tell consumers what personal data they store, why they’re storing it and with whom they’re sharing it. Consumers get to sue companies for data breaches and intentional violations of privacy, and they will be able to tell companies not to sell their personal data without losing access to the companies’ services.
People will also be able to demand the deletion of their data, similar to the “right to be forgotten” in the EU, with exceptions for things like free speech and the completion of transactions.
Lobbyists such as those at the Internet Association have seized on the fact that the bill went through the legislative process in little over a week—a rush-through that was intended to ward off a stricter ballot initiative on the same issue, brought about by a real-estate mogul called Alastair Mactaggart and a group called Californians for Consumer Privacy.
“While today’s law marks some improvements to an overly vague and broad ballot measure, it came together under extreme time pressure, and imposes sweeping novel obligations on thousands of large and small businesses around the world, across every industry,” Google spokeswoman Katherine Williams told The Hill. “We appreciate that California legislators recognize these issues and we look forward to improvements to address the many unintended consequences of the law.”
It’s not clear what makes these obligations so novel for larger companies, especially those that also operate in the EU. Companies such as Google and Facebook have already had to redesign their systems and processes to allow Europeans to exercise the kinds of rights specified in the Californian law.
Facebook claims it supports AB 375, although the new law is “not perfect,” and like Google it looks “forward to working with policymakers on an approach that protects consumers and promotes responsible innovation.”