California lawmakers rushed the passage of Assembly Bill 375 in a deal to knock a privacy initiative off the November ballot.
California passed a sweeping privacy bill Thursday, averting a potentially bloody privacy ballot battle that would have pitted privacy proponents against tech titans and other companies that benefit from collecting and selling personal information.
Under the act, consumers can ask companies what information they are collecting on them; why it was collected; which third party category received it; demand that it be deleted and the information not be sold. However, under the new law, companies can charge users a fee if they opt out of sharing their data to recover lost revenue if “the difference is reasonably related to the value provided by the consumer’s data.”
Companies would also be allowed to offer financial incentives to those consumers who agree to share their personal information.
“Pay for privacy is a dangerous and slippery slope,” California Sen. Hannah-Beth Jackson warned during debate over passage of the bill, which she ultimately supported.
State and local chief privacy officers recently went through the paces of determining whether the European Union’s General Data Protection Regulation (GDPR) would have an impact on them, when the enforcement deadline rolled around on May 25.
It remains unclear whether state and local chief privacy officers will have to go through similar steps they took with GDPR, even though AB 375’s co-author Assemblyman Ed Chau, D-Monterey Park, said during the bill’s reading it holds some similar requirements as GDPR relating to the data retention and disclosure.
“It’s obviously very early and in fact I haven’t yet seen the language of the bill as it passed. As far as I know, it applies to businesses, so I’m not sure what effect if any it would have for state CPOs/other government players,” Omer Tene, vice president and chief knowledge officer for the International Association of Privacy Professionals (IAPP) told Government Technology.
Indeed, the new law applies to only businesses and like the GDPR is expected to have little to no impact on government agencies.
Nonetheless, state and local government agencies are becoming increasingly concerned about privacy issues and more chief privacy officers are getting named to government offices.
“As communities become motivated to implement smart city technologies, and as open data mandates require more data to be released, there’s growing recognition that privacy is a key strategic issue that must be addressed and managed. This has led dozens of cities to appoint privacy officers from Seattle and San Francisco to New York and Boston,” Tene said, noting his observations are more anecdotal than scientific.
With the success of the privacy initiative deemed eligible for the November ballot and the passage of AB 375, other privacy advocates may feel emboldened to take up the issue as either a ballot initiative or legislation in their respective states.
“It will happen with the rest of the country,” predicted Alastair Mactaggart, chairman of Californians for Consumer Privacy. His organization drafted the California Consumer Privacy Act ballot initiative. Mactaggart made his comments during a press conference following the signing of the bill into law.
And Sen. Bob Hertzberg, D-Van Nuys, a co-author of AB 375, agreed.
“This is a huge step forward for the people of California. This is a huge step forward for all the people across the country,” Hertzberg said during the press conference.