It’s been about a month since California rolled out the toughest consumer data privacy law in the nation.
As of January, you can demand that any company detail what information it collects about you, tell it to stop selling that information to other companies, or even delete the data altogether. And if a company negligently allows itself to be hacked, exposing your data, you can sue.
But already, there’s talk of another law: The California Privacy Rights Act would add clarifying language to the newly enacted California Consumer Privacy Act (CCPA), stipulating, among other things, that businesses:
- Should not collect the personal information of children without consent.
- Should only collect consumers’ personal information for specific purposes.
- Should provide consumers with easily accessible tools to obtain their personal information, correct or delete it, and to opt‐out of its sale to other parties.
Perhaps most dramatically, the new initiative would create a new regulatory agency in California that would enforce protections in addition to the Attorney General’s Office.
“We should have more privacy professionals in this agency, once it gets funded, up and operating if the initiative passes, than right now exists in the FTC [Federal Trade Commission] in the entire country,” said the man behind the existing law and the proposed initiative, Alastair Mactaggart.