New Privacy Law in California

The State of California often leads the country in addressing regulatory issues. This makes sense since the State has a population of nearly 40 million and an economy that would be the fifth largest in the world if California were a separate country.

There was a new law enacted on the last day of the California Legislature was signed by Governor Gavin Newson this month. The bill makes it easier for people who want to scrub information about themselves from the Internet. The State passed privacy legislation in 2018 that gives people the right to ask companies to remove personal information from the Internet or databases. However, it turns out that the process of extracting one’s identity from the Internet is a lot of work, and in many cases is nearly impossible.

One of the main problems is that there is now a huge industry of companies that make a living selling and reselling personal data. One of the provisions of the California privacy law in 2018 was that data brokers had to register with the State if they sell information on California citizens. Over 500 companies are now registered as data brokers on the California Attorney General’s website. Some are well-known companies like credit bureaus, but most are companies that the public has never heard of. Many data brokers are specialists who work for marketing companies, politicians, large corporations, or law enforcement.

The new law is Senate Bill 362 – Data Broker Registration: Accessible Deletion Mechanism, and was sponsored by Senator Josh Becker of Menlo Park. The purpose of the law is to make it easier for folks to decouple from the Internet. The new law would allow consumers to make a single request to be removed from the Internet and databases – a web version of the Do Not Call List for telephone calling. Data brokers would have to respond quickly to such a request and would have to recheck their databases every month to make sure that personal information isn’t reposted.

Privacy advocates are calling this a landmark law that gives rights to the public to take control of their own data and to stop other companies from monetizing data about them.

Of course, the data brokers had a long list of reasons why the law shouldn’t be enacted. They say that this would slow down the process of people being verified when they go to a new website. They claim this would starve non-profits by cutting them off from databases of likely donors. They claim that it would make it harder for law enforcement to investigate people. They warn that people who ask to be removed from the lists won’t like the consequences.

Obviously, the legislators thought differently. In the discussions leading to the passage of the bill, there were discussions about how companies can now buy tracking data from our cellphones to keep track of where we are, what we do, and where we shop. They say that the databases allow people to stalk others, including the possibility that folks with strong political views can track their opponents.

Some data about all of us is already public. Things like voting registration, home ownership, and other interfaces with governments are public. What a lot of folks find troubling is that data brokers also buy information from credit card companies, ISPs, telephone companies, and other sources of information that most people do not want to be openly shared.

Generally, laws that start in California eventually get discussed and considered elsewhere. I’m guessing that this is something that the public will really like. I’ll be honest – just knowing that there are over 500 data brokers sharing our data makes me uneasy.

Leave a Reply