Customers gain additional rights on Jan. 1 to stop businesses from sharing personal info, but the state is not expected to begin full enforcement until July, once officials finish drafting regulations to implement it.
(TNS) — When California’s internet privacy law takes effect in January, state Attorney General Xavier Becerra will be watching to see how large companies that deal with sensitive information like health data, Social Security numbers and dating patterns adjust to the new consumer protections.
Although customers gain additional rights on Jan. 1 to stop businesses from sharing their personal information, the state is not expected to begin full-scale enforcement until July, while the attorney general’s office finishes drafting regulations to implement the law.
Becerra said Monday that his office will nevertheless be keeping an eye on potential violations in the first six months that involve the “sensitive, critical data” of a large number of Californians, and will prosecute cases as warranted. He said it will prioritize a provision of the law that requires companies to obtain parental consent to sell the personal information of customers who are younger than 13 and explicit consent from customers between 13 and 16 years old.
“If you’re going to see real enforcement — aggressive, early, decisive enforcement action — early on, it will deal with kids,” Becerra said at a news conference.
Under the California Consumer Privacy Act, which then-Gov. Jerry Brown signed into law in 2018, businesses must disclose to their customers what type of information they collect about them and, if a person asks, stop selling the data or delete it.
Becerra sought earlier this year to strengthen enforcement by expanding his and Californians’ ability to sue companies for damages, including by removing the requirement that his office first give the business a chance to correct its violations. A bill that would have done that failed in the Legislature.
While he did not commit to sponsoring another measure next year, Becerra said he has been talking with legislators about what his office needs to make the law effective. He said he would be open to further changes, such as empowering district attorneys and city attorneys to bring enforcement actions against businesses.
“We’re always going to try to make sure that we refine our laws so that they work for everyone,” Becerra said. “I am in favor of giving consumers real tools to put in practice their rights.”
In October, the attorney general’s office unveiled its draft regulations for businesses to comply with the data privacy law. After finishing public comment earlier this month, additional revisions are expected.
But some companies have already said they do not plan to follow proposed rules, such as one that would require them to add “Do Not Sell My Info” links to their home pages and mobile apps. Among them is Facebook, which argues that it shares data about its users with third parties but does not sell their personal information as defined by the consumer privacy law.
“We’re going to try to help folks understand our interpretation of the law,” Becerra said. “And once we’ve done those things, our job is to make sure there’s compliance, so we’ll enforce.”
Small businesses have also complained that they do not have the resources to handle an influx of requests from customers to stop selling or delete their data. The law covers any company that buys or shares the personal information of at least 50,000 California residents per year.
Becerra said his office would be patient with mom-and-pop stores that are making a real effort to comply, but that “ignorance of the law is not an excuse.”
The attorney general is also considering taking advantage of the new protections himself come January by asking companies to stop selling his data.
“I’m a consumer,” Becerra said. “I want to make sure my privacy rights are protected.”
©2019 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.