Does California's new data privacy law really protect consumer privacy?

Heather Parry

By Heather Parry

12 July 2018

At the end of June, lawmakers in California passed a new data privacy law in the state. This law is set to come into effect in 2020.

Known as the The California Consumer Privacy Act of 2018, or AB 375, the legislation is similiar to the European GDPR that came in force at the end of May, and is intended to replace legislation that was previously tabled and failed to pass.

Written after negotiation with Silicon Valley companies, privacy advocates, startups and a whole host of other concerned parties, the bill came about in response to the Cambridge Analytica scandal and the subsequent lack of public faith in the companies who hold their data.

The bill means that by 2020, companies who collect user data will have to share what information they have, how they use it and who it is shared with—any time the consumer requests this information. Consumers also have the right to demand companies delete this data, and in the event of a violation, can sue for up to $750 for each infraction.

However, some critics argue that the bill does not give consumers the privacy it is intended to; they say that the bill-writing process was flawed.

In a statement, Nicole Ozer, Technology and Civil Liberties Director for the ACLU of California, said:

Concern for privacy is at an all-time high in the aftermath of the Cambridge Analytica scandal, and yet California has enacted a law that utterly fails to provide the privacy protections the public has demanded and deserves. Nobody should be fooled to think AB 375 properly protects Californians’ privacy.

This measure was hastily drafted and needs to be fixed. When that happens next year, effective privacy protections must be included that actually protect against rampant misuse of personal information, make sure that companies cannot retaliate against Californians who exercise their privacy rights, and ensure that Californians can actually enforce their personal privacy rights.

The bill may force the hand of companies who operate in the state and more broadly in the US; in order to comply with this law, these companies may change their global privacy policy, as many have done in the wake of the GDPR.

But will the bill really do what it is intended to do? We’ll be keeping an eye on the conversation—and so should you.

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More