California just passed the toughest data privacy bill in the US

New law, same old problems.
New law, same old problems.
Image: Reuters/Max Whittaker
We may earn a commission from links on this page.

California lawmakers passed a law to give people more control over how companies like Google and Facebook use their data.

In one day (June 28th), the California Consumer Privacy Act of 2018 unanimously passed both legislative chambers and was signed into law by governor Jerry Brown. Similar to the General Data Protection Regulation (GDPR) which went live in Europe in May, the law requires that Californians have access to and the ability to delete the data tech companies hold on them. It also gives users the ability to opt out of companies sharing (and theoretically selling) their data to third parties. Other states are working on similar legislation, but this is one of the most comprehensive set of laws passed to date. The regulations will go into effect in January 2020.

In lieu of a national data protection policy in the US, this new law in the nation’s most populous state may well force tech companies to shift their policies for all Americans given the complexity of maintaining different standards in different states. (Then again, Facebook, which has over 2 billion monthly users, maintains differing privacy standards for various regions in the world.)

“The state that pioneered the tech revolution is now, rightly, a pioneer in consumer privacy safeguards,” James Steyer, CEO of Common Sense Media, one of the bill’s main backers, said in a statement. “Today was a huge win and gives consumer privacy advocates a blueprint for success.”

When asked about the bill at a press conference on Thursday, Facebook’s chief operating officer Sheryl Sandberg said the social network supported the bill.