California proposed new regulations Thursday that dictate how the state’s tough new privacy law will be enforced. The law known as the California Consumer Privacy Act or CCPA, gives consumers more control over how companies collect and manage their personal data. It goes into effect on Jan. 1.
Attorney General Xavier Becerra released his agency’s draft of the regulations during a press conference. The CCPA is considered to offer the toughest data privacy protections in the nation.
The law allows people to request that data be deleted and gives them the opportunity to opt out of having their information sold to a third party. The proposed regulations would also include specific requirements that businesses must comply with, such as, including a “Do Not Sell” link on websites. Businesses will also be required to treat consumer choices made in privacy settings as valid opt-out requests. Additionally, companies that handle personal information for more than 4 million consumers will be subjected to additional requirements.
The Attorney General’s office estimates that implementation of the regulations will cost companies between $467 million and $16.5 billion between 2020 and 2030. The regulations will also serve to protect more than $12 billion worth of information that’s used for advertising each year.
California’s privacy law was passed in 2018 in the wake of several scandals in which the data privacy practices of Silicon Valley companies like Facebook came to light and angered lawmakers and regulators. Last year, Facebook CEO Mark Zuckerberg faced questioning from US lawmakers as well as the European Parliament after it was discovered that personal information from 87 million Facebook users was leaked to UK political consultancy Cambridge Analytica. Other data privacy scandals have also been exposed, including the realization that wireless carriers had sold customer location information to third parties such as bounty hunters.
While the European Union has passed laws and adopted regulations to help protect consumers’ data privacy, the US has yet to pass its own sweeping federal legislation to protect consumers’ personal information. California’s law is meant to provide protection to California residents in the absence of federal law and to push the nation to offer more consumer protections.
“Americans should not have to give up their privacy to live and thrive in this digital age,” Becerra said at the press conference. “It should not come as a surprise then that California is the state to take on this challenge.”
Tech giants, such as Amazon, Facebook and Google, now say they would like to see federal privacy legislation, but they want the rules to be written on their terms. These firms have spent millions of dollars over the past year lobbying Congress to pass federal data privacy legislation. Their end game in these efforts is to preempt laws in California and other states to create a nationwide standard that they say would prevent a patchwork of state laws and regulations that they’d be required to comply with. But privacy advocates warn that preempting state laws, such as California’s CCPA, could provide less protection for consumers.