It’s not perfect, but the new privacy laws passed by California that go into effect 1/1/20 will help give some consumers more control over their online data and what happens to it. The big deal is you can opt out of having your info sold.
The law applies to businesses that collect, sell, or otherwise process information about California residents, subject to a minimum revenue or data volume minimums.
- Gross revenue greater than $25m
- Buy, receive, sell, or share person info of 50k+ consumers (for business or commercial purposes)
- Drive 50% of more of annual revenue from selling personal info
LINK: Read the bill here.
Some key provisions:
- Companies must inform users what type of personal information will be collected and how it will be used at the point of collection.
- Consumers can request a complete record of the information collected. The law requires companies disclose the type of information, where it was collected, the business purpose, whether the information was sold, and the third-party companies that now have access to the information.
- Users will be able to opt-out of having their personal info sold to third-parties – and once chosen, companies can’t ask them to opt-in for a year.
The law carries a fine of $2500 for each violation, $7500 per if deemed intentional. Across thousands, or millions of consumers, these fines could get big really quickly.
The California AG’s office is the chief enforcer of the law, although there are some challenges there as well. Xavier Becerra, Attorney General for the State of Alabama, sent a letter to the legislature with his concerns, including “unworkable obligations and serious operational challenges.”