This week, California’s legislature overwhelmingly passed AB 375, the California Consumer Privacy Act. The act gives consumers new rights to demand that internet companies share what they know about them, to bar the sharing of data and to have data erased in some circumstances.
The legislation, which was passed to head off a ballot measure fight, provides new private rights of action. The law, which won’t go into effect until January 1, 2020, is similar in some respects to the European Union’s General Data Protection Regulation (GDPR), which was passed in 2016 but not implemented until this May.
“We will have the benefit of looking at how the GDPR is impacting businesses,” said Cathie Meyer, a senior counsel at Pillsbury in Los Angeles. “That may allow the Legislature to adjust this bill to avoid some of the consequences the GDPR raises that may not have been anticipated.”
Meyer said the law is also similar to privacy regulations passed in other states and to previous laws passed in California. Specifically, she pointed to the California Online Privacy Protection Act of 2003, which requires that companies post their privacy policies online. It also vests enforcement powers with the attorney general.