California approves own sweeping data privacy law
SACRAMENTO, Calif. — California will soon have what experts call the nation’s most far-reaching law to give consumers more control over their personal data under a bill the governor signed Thursday.
The law will compel companies to tell customers upon request what personal data they’ve collected, why it was collected and what categories of third parties have received it.
The new law will take effect Jan. 1, 2020, and lawmakers say they will make alterations to improve the policy before then.
Consumers will also be able to ask companies to delete their information and refrain from selling it.
It’s similar to data privacy regulation in the European Union.
The California bill signed by Gov. Jerry Brown will apply only to California consumers. But internet users in other states probably will see changes, said Cynthia Larose, a cybersecurity expert at the law firm Mintz Levin.
“It’s going to be impractical for companies to maintain two separate sets of privacy protections, one for California and one for everyone else,” she said.
The move by California came after breaches in recent years at companies including Target and Equifax. Facebook also has faced scrutiny amid revelations that Republican-linked consulting firm Cambridge Analytica collected data from millions of Facebook users without their knowledge.
The bill by Assemblyman Ed Chau, an Arcadia Democrat, gives companies the ability to offer discounts to customers who allow their data to be sold and charge those who opt out a reasonable amount based on how much the company makes selling the information.