Printed from BusinessInsurance.com

California Consumer Privacy Act legislation signed into law

Posted On: Jun. 29, 2018 1:53 PM CST

California Consumer Privacy Act legislation signed into law

California Gov. Jerry Brown on Thursday signed into law legislation that reflects many of the provisions of the European Union’s General Data Protection Regulation that took effect in May.

The California Consumer Privacy Act of 2018, which was also passed by the House and Senate on Thursday, was followed by the withdrawal of a proposed proposition on November’s ballot with comparable provisions.

It had been anticipated that had the proposition passed, it would likely have been followed by comparable regulation in other states.

California state Sen. Bill Dodd, D-Napa, one of the legislation sponsors, said in a statement, “Once again, California is taking the lead in protecting consumers and holding bad actors accountable. My hope is other states will follow, ensuring privacy and safeguarding personal information in a way the federal government as so far been unwilling to do.”

However, the Washington, D.C.-based Internet Association, a trade group representing internet companies, said in a statement, “Data regulation policy is complex and impacts every sector of the economy, including the internet industry. That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning.

“The circumstances of this bill are specific to California. It is critical going forward that policymakers work to correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike.”

Among its provisions, the act, which takes effect in January 2020, would grant consumers the right to discover data firms collect about them, who is collecting it, to whom it is selling it and request the information’s deletion.

Consumers would have the right of private action under the law, but unlike the proposed proposition, the state attorney general would also enforce it, with violators subject to a civil penalty of up to $7,500 for each violation.

Violations of the GDPR are subject to fines of up to £20 million – or 4% of the prior financial year’s worldwide annual revenue, whichever is higher.