Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

California, Home of Silicon Valley, Ramps Up Online Privacy Law

California on Thursday passed a strict new law aimed at protecting people’s privacy online, a move that promised to shift the terrain on which internet firms operate in the wake of recent scandals.

California on Thursday passed a strict new law aimed at protecting people’s privacy online, a move that promised to shift the terrain on which internet firms operate in the wake of recent scandals.

The bill, signed into law by Governor Jerry Brown, followed in the spirit of the General Data Protection Regulation, which recently took effect in Europe.

The legislation cut off an initiative that is heading for the ballot in this state in the fall.

It was crafted to ensure rights including knowing what personal information is collected by companies on the internet and whether it is sold, and to whom, according to the bill signed by Brown.

The law also gives people a right to “say no” to the sale of their personal information, and calls for them to be treated the same as anyone else online if they opt to restrict use of their data.

Internet businesses that receive “verifiable” requests by people to have their data deleted will be required to do so, with a list of exceptions that include keeping what is needed to complete transactions, detect security breaches, or protect against illegal activity.

“A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information,” the legislation said.

“This right may be referred to as the right to opt out.”

Business home pages will be required to provide “clear and conspicuous” links titled “Do Not Sell My Personal Information” that take people to opt-out pages.

People whose personal information is stored unencrypted and not sufficiently protected were also give the right to pursue civil claims.

The shift both in Europe and California came after the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

– Potential to spread –

Nonprofit advocacy group Consumer Watchdog called the California legislation “landmark reform” and branded it the toughest state privacy law in the US.

“Silicon Valley companies will very likely implement many of these reforms across their entire customer base, not just for Californians,” said Consumer Watchdog president Jamie Court.

“California has led the way and Californians must be ever vigilant in the next year that the legislature does not undermine these protections at the behest of tech lobbyists and moguls.”

The Internet Association, an industry lobbying group, expressed concerns about the law, saying there was a lack of public input as it was hurried through the legislative process.

“Data regulation policy is complex and impacts every sector of the economy, including the internet industry,” association vice president of state government affairs Robert Callahan said in a statement posted on its website.

“That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning.”

Callahan contended that California policymakers will need to “correct the inevitable, negative policy and compliance ramifications this last-minute deal will create for California’s consumers and businesses alike.”

The list of Internet Association members includes titans such as Amazon, Facebook, Google, Microsoft, Netflix and Twitter.

During a meeting Thursday with reporters at Facebook’s headquarters in Silicon Valley, chief operating officer Sheryl Sandberg said the leading social network supported the California legislation.

Related: As EU Privacy Law Looms, Debate Swirls on Cybersecurity Impact

Related: Clear Scope for Conflict Between Privacy Laws

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.