Stories

California's new privacy law sets stage for national debate

A gif shows a computer monitor with a news feed, and then a shade is pulled over the screen
Illustration: Sarah Grillo/Axios

The privacy bill signed into law in California on Thursday won’t settle the global fight over privacy, but it does usher in a new phase that could lead to a new national model for regulating data online.

The big picture: Policymakers around the globe — in Washington, Brussels and now Sacramento — are all articulating different visions of how consumer data should be handled online. There may only be one internet, but there are many jurisdictions, and tech's colossus companies must deal with all of them.

The bill itself was drafted and passed quickly, with even the bill's authors saying there may be additional changes and clarifications before it goes into effect. “If possible, we could find some fixes this year,” said California Assembly member Ed Chau. “That’s my hope, but no promises.”

What’s settled:

  • The law passed Thursday goes into effect in 2020. If nothing changes before then, the law will put restrictions on Google, Facebook and other companies in the business of gathering data directly from consumers.
  • Facebook Vice President Will Castleberry said that while "not perfect, we support" the law, though some trade groups that represent the company were more critical in statements after it passed.
  • Supporters agreed to pull their privacy ballot measure, which was slightly more aggressive, from the November election, so voters won't weigh in on the debate.

As it stands now, the law lets users:

  1. Learn details about the data that companies hold on them;
  2. Ask those companies to delete that data or opt-out of collected data being sold to a third party (Google and Facebook both say they don't do this, because you cannot directly buy an individual's data from them); and
  3. In some cases, sue if their data isn’t properly protected.
  4. It also includes protections aimed at children.

What’s not settled:

  • Whether this bill sets a standard, as some privacy advocates hope. California's size can make it a trendsetter when it comes to policy. “Well, between the Europeans and California, we’re starting to move towards having a universal privacy bill of rights, and I just think it’s going to create a precedent that ultimately is going to be a national standard,” said Sen. Ed Markey (D-Mass.) as he left the U.S. Capitol on Thursday. The bill was criticized, however, by the ACLU of California.
  • Whether Silicon Valley can change it before 2020. Multiple tech industry sources said that companies will push for alterations to the bill. Linda Moore, the CEO of trade group TechNet, which represents Google and Facebook, said in a statement that “the California legislature's work is far from finished” and that “this law remains a work in progress.”
  • Whether this spurs any action in Washington. The Trump administration is exploring ways to create a less restrictive counterweight to Europe’s GDPR privacy rules, in consultation with business groups. California is on the White House’s mind. Gail Slater, the White House advisor working on privacy, called the ballot measure in California that inspired the new law “GDPR light with some California tweaks to do it” when speaking at a conference last month.

Go deeper: