New California Law Seeks to Lead the U.S. in Online Privacy Protection

Privacy is like oxygen. It generally is not noticed by a consumer until it is gone. California lawmakers, however, are quite aware of privacy and have recently passed perhaps the most strict privacy law in the United States.

Only days ago, the California Consumer Privacy Act of 2018 (“the Act”) was signed into law by Governor Jerry Brown after it had been approved on a unanimous basis by the California State Assembly and the California Senate. The Act does not become operative until 2020, but when it goes it to effect, it will pack a punch. Indeed, the Act will provide great control to consumers with respect to their own personal data. 

For example, the Act will allow consumers to find out specific personal information online companies are collecting about them, why the information is being collected, and with whom else they are sharing the information.

In addition, consumers will be able to prevent online companies from selling their personal data.

Moreover, online companies will not be able to collect data on children under the age of 16 unless the children specifically opt in to such collection.

While the Act represents a major effort to protect consumer online privacy, some privacy advocates still have lingering concern over specific issues. For instance, while a company under the Act will not be able to sell personal data if a consumer rejects that practice, a company still will be able to “share” data under certain circumstances. Privacy advocates believe that such sharing could undermine privacy.

Also, the Act will not prevent companies from charging more with respect to consumers who bar the selling of their personal data. Privacy advocates do not like the notion that consumers should have to pay more money for greater privacy.

Despite these concerns, the Act does move California in the direction of much greater privacy protection. While the Act is not as robust as the General Data Protection Requirements (GDPR) of the European Union, California looks to be leading the US in safeguarding consumer privacy.

Eric Sinrod (@EricSinrod on Twitter) is a partner in the San Francisco office of Duane Morris LLP, where he focuses on litigation matters of various types, including information technology and intellectual property disputes. You can read his professional biography here. To receive a weekly email link to Mr. Sinrod’s columns, please email him at ejsinrod@duanemorris.com with Subscribe in the Subject line. This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author’s law firm or its individual partners.