UPDATED (5 p.m. PDT): Gov. Jerry Brown signed AB 375 into law. The measure goes into effect Jan. 1, 2020.
SACRAMENTO — A California internet privacy bill to give users more control over their data is headed to Gov. Jerry Brown after passing the Legislature on Thursday.
With the piece of legislation, which is similar to the E.U’s General Data Protection Regulation (GDPR), online companies would have to comply with consumer requests to say what data they've collected, why it was collected and what categories of third parties have received it.
Companies also would have to delete the information or refrain from selling it if users ask under AB 375, known as the California Consumer Privacy Act of 2018.
The bill would also bar companies from selling data from children younger than 16 without consent.
The bill, as written, would apply only to California internet users. However, users in other states will likely see changes if it becomes law.
The state Assembly voted 69-0 to approve it. Prior to that, the state Senate approved it, 36-0.
Industry attorney Corey D. Silverstein, of Silverstein Legal, told XBIZ this evening that “while websites and businesses across the world are struggling around the clock to achieve GDPR compliance, the countdown clock to 2020 has officially started when this monster legislation takes effect.”
“Within the new legislation, Californians will now have the right to see what information businesses collect on them, request that it be deleted, and get access to information on the types of companies their data has been shared with. Tech businesses across the world are already publicly voicing their outrage as they attempt to compute the astronomical costs that will have to be spent to get into compliance,” Silverstein said.
“People need to understand that this bill was pushed through so fast because had it not, an even stricter proposed law would have been left up to the voters to decide in the upcoming November elections. Clearly, California lawmakers had no desire to leave this issue to the voters.
“This isn’t surprising in the least bit considering the non-stop data leaks, hacks and questionable sales of personal data that continue to make headlines in the news. Frankly, I’m surprised that’s it’s taken this long for the state of California, long known for its consumer protection laws, to deal with this issue head-on.”
Silverstein said the good news is that there is still plenty of time to get an understanding of this new law and implement new policies and procedures to be compliant.
“Now is the time to start preparing for this law, procrastinating like many did with the GDPR is not an option this time around,” Silverstein said. “My office is already diving into the 10,000 words-plus of the California Consumer Privacy Act and we intend on getting started now. My advice to all XBIZ readers is to take this new law very seriously.”