Skip to navigationSkip to content

California just passed the toughest data privacy bill in the US

Reuters/Max Whittaker
New law, same old problems.
  • Simone Stolzoff
By Simone Stolzoff

Technology Reporter

Published This article is more than 2 years old.

California lawmakers passed a law to give people more control over how companies like Google and Facebook use their data.

In one day (June 28th), the California Consumer Privacy Act of 2018 unanimously passed both legislative chambers and was signed into law by governor Jerry Brown. Similar to the General Data Protection Regulation (GDPR) which went live in Europe in May, the law requires that Californians have access to and the ability to delete the data tech companies hold on them. It also gives users the ability to opt out of companies sharing (and theoretically selling) their data to third parties. Other states are working on similar legislation, but this is one of the most comprehensive set of laws passed to date. The regulations will go into effect in January 2020.

In lieu of a national data protection policy in the US, this new law in the nation’s most populous state may well force tech companies to shift their policies for all Americans given the complexity of maintaining different standards in different states. (Then again, Facebook, which has over 2 billion monthly users, maintains differing privacy standards for various regions in the world.)

“The state that pioneered the tech revolution is now, rightly, a pioneer in consumer privacy safeguards,” James Steyer, CEO of Common Sense Media, one of the bill’s main backers, said in a statement. “Today was a huge win and gives consumer privacy advocates a blueprint for success.”

When asked about the bill at a press conference on Thursday, Facebook’s chief operating officer Sheryl Sandberg said the social network supported the bill.

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.