California, Home of Silicon Valley, Ramps Up Online Privacy Law
29.6.18 securityweek Privacy
California on Thursday passed a strict new law aimed at protecting people's privacy online, a move that promised to shift the terrain on which internet firms operate in the wake of recent scandals.
The bill, signed into law by Governor Jerry Brown, followed in the spirit of the General Data Protection Regulation, which recently took effect in Europe.
The legislation cut off an initiative that is heading for the ballot in this state in the fall.
It was crafted to ensure rights including knowing what personal information is collected by companies on the internet and whether it is sold, and to whom, according to the bill signed by Brown.
The law also gives people a right to "say no" to the sale of their personal information, and calls for them to be treated the same as anyone else online if they opt to restrict use of their data.
Internet businesses that receive "verifiable" requests by people to have their data deleted will be required to do so, with a list of exceptions that include keeping what is needed to complete transactions, detect security breaches, or protect against illegal activity.
"A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer's personal information," the legislation said.
"This right may be referred to as the right to opt out."
Business home pages will be required to provide "clear and conspicuous" links titled "Do Not Sell My Personal Information" that take people to opt-out pages.
People whose personal information is stored unencrypted and not sufficiently protected were also give the right to pursue civil claims.
The shift both in Europe and California came after the harvesting of Facebook users' data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.
- Potential to spread -
Nonprofit advocacy group Consumer Watchdog called the California legislation "landmark reform" and branded it the toughest state privacy law in the US.
"Silicon Valley companies will very likely implement many of these reforms across their entire customer base, not just for Californians," said Consumer Watchdog president Jamie Court.
"California has led the way and Californians must be ever vigilant in the next year that the legislature does not undermine these protections at the behest of tech lobbyists and moguls."
The Internet Association, an industry lobbying group, expressed concerns about the law, saying there was a lack of public input as it was hurried through the legislative process.
"Data regulation policy is complex and impacts every sector of the economy, including the internet industry," association vice president of state government affairs Robert Callahan said in a statement posted on its website.
"That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning."
Callahan contended that California policymakers will need to "correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California's consumers and businesses alike."
The list of Internet Association members includes titans such as Amazon, Facebook, Google, Microsoft, Netflix and Twitter.
During a meeting Thursday with reporters at Facebook's headquarters in Silicon Valley, chief operating officer Sheryl Sandberg said the leading social network supported the California legislation.