California is first US state to pass GDPR-like law

California is first US state to pass GDPR-like law
11 Jul 2018

California has just passed a data privacy law that is being widely compared with the European Union’s General Data Protection Regulation (GDPR) – and it is the first state in the US to do so.

The new legislation gives state residents the right to view the data that companies hold on them and, critically, to request that it be deleted and not sold on to third parties. The law will apply to any company that holds data on more than 50,000 people, with each violation carrying a US$7,500 fine.

Predictably, the corporations that profit from selling their users' information are unhappy. A Google spokesperson told tech website The Register: "We think there's a set of ramifications that's really difficult to understand. User privacy needs to be thoughtfully balanced against legitimate business needs."

Law firm Minz Levin indicated that, in some ways, the new legislation went further than the GDPR. Personal information is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably [be] linked, directly or indirectly, with a particular consumer or household”.

It includes “IP addresses, persistent or probabilistic identifiers that can be used to identify a particular consumer or device, records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies; Internet or other electronic network activity information, professional or employment-related information; or any consumer profile”.

Consumers have the right to request detailed information on any personal data that is collected about them but not the names of the actual entities to which the personal information has been transferred.

They also have the right to request that personal information be deleted. But there are exceptions, including if the collected personal information is necessary to provide goods or services requested by the consumer or this situation could be reasonably anticipated due to its relationship with them.

 Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

 

California has just passed a data privacy law that is being widely compared with the European Union’s General Data Protection Regulation (GDPR) – and it is the first state in the US to do so.

The new legislation gives state residents the right to view the data that companies hold on them and, critically, to request that it be deleted and not sold on to third parties. The law will apply to any company that holds data on more than 50,000 people, with each violation carrying a US$7,500 fine.

Predictably, the corporations that profit from selling their users' information are unhappy. A Google spokesperson told tech website The Register: "We think there's a set of ramifications that's really difficult to understand. User privacy needs to be thoughtfully balanced against legitimate business needs."

Law firm Minz Levin indicated that, in some ways, the new legislation went further than the GDPR. Personal information is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably [be] linked, directly or indirectly, with a particular consumer or household”.

It includes “IP addresses, persistent or probabilistic identifiers that can be used to identify a particular consumer or device, records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies; Internet or other electronic network activity information, professional or employment-related information; or any consumer profile”.

Consumers have the right to request detailed information on any personal data that is collected about them but not the names of the actual entities to which the personal information has been transferred.

They also have the right to request that personal information be deleted. But there are exceptions, including if the collected personal information is necessary to provide goods or services requested by the consumer or this situation could be reasonably anticipated due to its relationship with them.

 Emma Woollacott

Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.

 

Leave a Reply

All blog comments are checked prior to publishing