Thanks to a grass-roots effort and some unusually fast action by legislators, California has a new set of privacy rules that give consumers more control over how companies use the data they collect, a law that could pave the way for similar measures around the country.
The passage of the privacy bill on June 28 came just a few days after it was first introduced and was the direct result of a campaign by a private group to change the way that businesses inform people about the kind and amount of personal information they collect. The law requires companies to tell consumers what data they collect before the collection occurs, what they plan to do with the data, and also grants consumers the right to tell companies they’re not allowed to sell that data. And, perhaps most importantly, the law provides for fines of up to $7,500 for violations and gives consumers the right to sue if a company violates the statute.
“Consumers should have a right to choose how their personal information is collected and used by businesses. It is your data, your privacy, your choice,” said Ed Chau, a member of the California State Assembly and one of the authors of the bill.
“It’s my strong belief that these new California rights will soon extend to the rest of the United States.”
Civil liberties groups and privacy advocates have been pressing for federal privacy legislation to address the many issues facing consumers right now, but none has been forthcoming. The string of data breaches that expose private information is never ending and companies continue to gather more and more information about consumers in an effort to gain insights into their behavior and preferences. People often have little if any insight into the kinds of data companies have on them or what they’re doing with it.
California’s new privacy law gives that state’s residents a much better picture of what’s going on with all of their personal information. But the way that the bill made its way to the capitol and ultimately onto Gov. Jerry Brown’s desk is unlikely to be replicated on a national level. The bill emerged from a campaign by a private coalition called Californians for Consumer Privacy that started a petition to get a ballot measure approved for November. More than 600,000 people signed the petition and the ballot measure was set, but lawmakers last week quickly introduced a bill that mirrored the measure’s language. The leaders of the coalition said they would withdraw the ballot measure if the bill was approved and that’s just what happened.
“We are thrilled that AB 375 has become law. This is a monumental achievement for consumers, with California leading the way in creating unprecedented consumer protections for the rest of the nation,” said Alastair Mactaggart, chairman of Californians for Consumer Privacy.
“It’s my strong belief that these new California rights will soon extend to the rest of the United States.”
While most states have some form of data-breach law, those statutes typically are focused on notifying consumers whenever a breach occurs and don’t provide much in the way of control over what data companies collect and how they use it.