California Protects Residents Against the Collection and Sales of Their Online data

Ever wondered how that one business that won’t stop calling you got your phone number in the first place? Ever seen your inbox fill up in with random subscription emails from services and businesses you’ve never even heard of?

Well, if you’re living in California, the confusion around how businesses get your data and what they then do with it could soon be cleared up. Why? Because a new data privacy law coming to the state in 2020 will give California consumers the right to obtain data collected about them, as well as giving them the right to request that this data is deleted, and the right to order a business not to sell the information to third parties.

The bill which enables this was introduced only a week before it was signed by California Gov. Jerry Brown. The law is set to take effect in January 2020 as reported by The New York Times, USA Today, Fortune, and the San Jose Mercury News.

The New York Times deemed that the California Consumer Privacy Act is one of the most significant regulations of data collection in the Unites States to date. The law seems to be the nation’s toughest so far in regards to consumer’s right in online privacy protection and USA Today said that such a law may serve as a model for other U.S. states.

This is a big shift in the relationship that consumers have with companies online as it will  generate a huge shift in power dynamics between the two. Much of the power was once held by companies, yet the transparency created by this law shifts much of that power back over to the consumer.

The bill requires companies to disclose the personal data that has been collected on a consumer if that consumer requests it. In its current state, the bill states that consumers can request to be shown this data up to two times a year.

What’s more, any consumer whose data has been hacked is entitled to recover statutory damages of up to $750 in a civil suit if the company can be shown to have failed to maintain reasonable security procedures.

However, the bill is far from perfect and does include a few loop holes. While a business cannot discriminate against consumers who exercise their rights under this law; charge this consumer more; or offer them a lesser service, they can offer incentives for collecting and selling information. This may include offering discounts on products for those consumers who consent to giving them their information; and/or not later requesting for them to delete it; and/or allowing them to sell their information to third parties.

A Ropes Gray analysis and the ABA Journal highlighted that the wording around these rights is ambiguous and could lead to potential difficulties once the law comes into effect.

However, one point is clear from the introduction and acceptance of the bill: the value of consumer’s personal data is beginning to be acknowledged and, finally, protected. How this will look in practice though, we have yet to find out.