This archive report was first published on 29 December 2019.
California's New Data Privacy Law: A Complex Landscape ¶
Millions of Californians are now entitled to see, delete, and stop the sale of their personal data under a new state privacy law that took effect on Wednesday.
The law, which was passed in June 2018, gives Californians the right to see, delete, and stop the sale of their personal details that companies have on them. However, companies are interpreting the law in different ways, leading to confusion and debate.
Some companies, like Evite, an online invitation service, have decided to stop selling marketing data that grouped their customers by preferences. Evite has spent over $1 million to understand its obligations under the privacy law and set up an automated system to comply.
Other companies, like Indeed, a job search engine, have posted notices saying that people seeking to opt out will be asked to delete their account. However, the issue of selling consumer data is so fraught that many companies are unwilling to discuss it publicly.
“Companies have different interpretations, and depending on which lawyer they are using, they’re going to get different advice,” said Kabir Barday, the chief executive of OneTrust, a privacy management software service that has worked with more than 4,000 companies to prepare for the law.
The new law has national implications because many companies, like Microsoft, say they will apply their changes to all users in the United States rather than give Californians special treatment. Federal privacy bills that could override the state’s law are stalled in Congress.
“Businesses will have to treat that information more like it’s information that belongs, is owned by and controlled by the consumer,” said Xavier Becerra, the attorney general of California.
Some issues, like the practices that qualify as data selling, may be resolved by mid-2020, when Mr. Becerra’s office plans to publish the final rules spelling out how companies must comply with the law.