Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

California, Home of Silicon Valley, Ramps Up Online Privacy Law

California on Thursday passed a strict new law aimed at protecting people’s privacy online, a move that promised to shift the terrain on which internet firms operate in the wake of recent scandals.

California on Thursday passed a strict new law aimed at protecting people’s privacy online, a move that promised to shift the terrain on which internet firms operate in the wake of recent scandals.

The bill, signed into law by Governor Jerry Brown, followed in the spirit of the General Data Protection Regulation, which recently took effect in Europe.

The legislation cut off an initiative that is heading for the ballot in this state in the fall.

It was crafted to ensure rights including knowing what personal information is collected by companies on the internet and whether it is sold, and to whom, according to the bill signed by Brown.

The law also gives people a right to “say no” to the sale of their personal information, and calls for them to be treated the same as anyone else online if they opt to restrict use of their data.

Internet businesses that receive “verifiable” requests by people to have their data deleted will be required to do so, with a list of exceptions that include keeping what is needed to complete transactions, detect security breaches, or protect against illegal activity.

“A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information,” the legislation said.

“This right may be referred to as the right to opt out.”

Advertisement. Scroll to continue reading.

Business home pages will be required to provide “clear and conspicuous” links titled “Do Not Sell My Personal Information” that take people to opt-out pages.

People whose personal information is stored unencrypted and not sufficiently protected were also give the right to pursue civil claims.

The shift both in Europe and California came after the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

– Potential to spread –

Nonprofit advocacy group Consumer Watchdog called the California legislation “landmark reform” and branded it the toughest state privacy law in the US.

“Silicon Valley companies will very likely implement many of these reforms across their entire customer base, not just for Californians,” said Consumer Watchdog president Jamie Court.

“California has led the way and Californians must be ever vigilant in the next year that the legislature does not undermine these protections at the behest of tech lobbyists and moguls.”

The Internet Association, an industry lobbying group, expressed concerns about the law, saying there was a lack of public input as it was hurried through the legislative process.

“Data regulation policy is complex and impacts every sector of the economy, including the internet industry,” association vice president of state government affairs Robert Callahan said in a statement posted on its website.

“That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning.”

Callahan contended that California policymakers will need to “correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike.”

The list of Internet Association members includes titans such as Amazon, Facebook, Google, Microsoft, Netflix and Twitter.

During a meeting Thursday with reporters at Facebook’s headquarters in Silicon Valley, chief operating officer Sheryl Sandberg said the leading social network supported the California legislation.

Related: As EU Privacy Law Looms, Debate Swirls on Cybersecurity Impact

Related: Clear Scope for Conflict Between Privacy Laws

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem