It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussionCalifornia now has its own version of the GDPR(3 posts)(3 posts)
(3 posts)
Pages:
1
This is my favourite topic
Posted June 30, 2018
A law called "The California Consumer Privacy Act of 2018" was signed into law two days ago on June 28, 2018.

It gives Californians the right to ask companies what data they are collecting about them, who they share it with, for what purpose the data is collected and also the right to tell companies not to sell their data, to correct or to erase their data with heavy fines attached if the companies do not comply.

So while the exact details may be different the general gist is pretty much the same as in the GDPR. Needless to say that certain tech giants do not really like that.

More information:

https://www.caprivacy.org/
https://www.theregister.co.uk/2018/06/29/california_data_privacy_law/
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375
Posted June 30, 2018
avatar
Geralt_of_Rivia: It gives Californians the right to ask companies what data they are collecting about them, who they share it with, for what purpose the data is collected and also the right to tell companies not to sell their data, to correct or to erase their data with heavy fines attached if the companies do not comply.
Hm, that's not really what the language of the bill says, though. The fines are to be levied in the event of personal information loss via breach, specifically. Companies actually have more incentive - based strictly on the wording of the bill itself - to just make sure they sell all your information immediately and make their data public, so it can never fall into a category of unintentional release. The only relief I saw in the bill itself for companies selling your information without your consent is that if you ask them to, they have to tell you who they gave the information to, unless they can't. Specifically, this bit here: "(2) If the business does not take action on the request of the consumer, the business shall inform the consumer, without delay and at the latest within the time period permitted of response by this section, of the reasons for not taking action and any rights the consumer may have to appeal the decision to the business."

It doesn't have much in the way of teeth. Also, in a move that will surprise nobody who has ever read The Register, they couldn't even be bothered to error-check their own publication: they claim fines up to $7,500 per incident though the bill itself clearly says in 1798.150 (a) (1) A that the amount will be no less than $100 and no greater than $750 per customer per incident. The $7,500 figure is a civil penalty only for distinct violations which can be proved to be intentional, and isn't per-customer, meaning it's peanuts.

EDIT: Though all that makes me sound dismissive of the bill, I'm certainly not. Sure would love to see more accountability imposed on businesses that aggregate personal information, identifiable or not. It's just that as compared to the GDPR, this seems very watered-down.
Post edited June 30, 2018 by OneFiercePuppy
Posted June 30, 2018
Wish we had that here in Australia too!
Pages:
1
This is my favourite topic
Community
General discussionCalifornia now has its own version of the GDPR(3 posts)(3 posts)
(3 posts)