Alastair Mactaggart

California Consumer Privacy Act of 2018

Consumer data protection continues to be a focus for governments after the latest round of data breaches and Facebook allowing Collaborative Analytics harvesting of its user’s data. In a hastily crafted bill, California legislatures and the governor passed AB 375, or the California Consumer Privacy Act of 2018. There is good reason for hardly anyone noticing this new law; it was fast-tracked through the legislative process within seven (7) days. California legislature rapidly created a consumer privacy bill in response to an initiative of a privacy ballot supported by the Alastair Mactaggart’s non-profit, Californians for Consumer Privacy. Mactaggart’s organization garnered over 637,000 petition signatures by May of this year – surpassing the required 366,000 – and began to initiate a consumer privacy ballot measure for November. Mactaggart did agree to pull the ballot referendum if the bill was passed by legislators and signed by the governor. California legislators passed the bill and Governor Jerry Brown signed it on June 28th. The law will go into effect on January 1, 2020. How is the bill different from GDPR? California Consumer Privacy Act of 2018 is very similar to the GDPR. Both laws allow their citizens to have control of what businesses can and cannot do with their personal data and require notification if their personal data has been compromised in a data breach. Where this bill differs is in who has to comply. It is designed to target larger companies, especially those in Silicon Valley. Businesses who fall into the bill’s compliance must: have annual gross revenues in excess of twenty-five million dollars ($25,000,000). collect, buy, or sell personal information of 50,000 or more consumers, households, or devices. derive 50 percent or more of its annual revenue through the selling consumer’s personal data. Unintended Consequences Trade organizations have voiced their opinions of the law in two areas. The first is how elements of this bill are vague and there was a lack of public discussion. The Internet Association – whose members include Facebook, Amazon, and Google – has stated: “Data regulation policy is complex and impacts every sector of the economy, including the internet industry. That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning.” The CTIA, who represents the wireless telecommunication industry, cited they would prefer to see U.S. Congress passing legislation instead of each individual state. “State-specific laws will stifle American innovation and […]