From today’s The Mercury News:
Starting New Year’s Day, Californians creeped out by the trove of personal data companies collect on their online shopping, searching and social media habits will get sweeping new privacy rights that will let them opt out of having their information sold or shared and let them demand that it be deleted.
“This is really a watershed moment for consumers,” said Scott W. Pink, a Menlo Park lawyer who advises companies on cybersecurity and privacy. “It’s the first law in the United States outside specialized industries like health care that provides consumers some degree of control and access over data collected on them.”
The California Consumer Privacy Act approved in June 2018 was inspired by public outrage over data breaches at major companies such as Facebook, Yahoo and Equifax that exposed consumers to potential fraud and misuse of their personal information, and by the European Union’s General Data Protection Regulation.
The new law requires that businesses disclose their data gathering and sharing practices and allows consumers to opt out of it and to demand that businesses delete collected information on them. It prohibits companies from penalizing consumers with higher rates or fewer services for exercising their privacy rights and from selling information about children under age 16 without their explicit consent.
But questions continue to swirl as companies scramble to comply. The state attorney general is still finalizing proposed regulations intended to guide consumers and businesses in order to meet a July deadline when enforcement is expected to begin.
And both consumer and business advocates continue to spar over whether the new privacy provisions go too far or not far enough, with proposed state and federal substitutes in the works.
Read the complete article here.