It's almost GDPR in the United States

Last week, the California legislature quickly passed and passed a new law on protection of privacy which provides that the state enforces the strictest confidentiality checks in the United States. See also: Linking Application Security to Business Needs

AB 375 gives consumers the right to ask businesses what types and categories of personal information are collected. It also requires that companies disclose the purpose of collecting or selling the information as well as the identity of third-party organizations that receive the data. Consumers may also request the deletion of data and initiate a civil action if they believe that an organization has not protected their personal data.

"AB 375 responds to the recent data breaches that have affected millions of people – those experienced by Target, Equifax, Cambridge Analytica, and many others," said Assembly Member Ed Chau and other co-authors of the bill in a press release. "The collection of our information combined with data breaches has raised concerns from Internet users around the world."

California Governor Jerry Brown enacted the bill on Thursday.

] signed # AB375 . Thank you all for this historic law. # CaCPA2018 #privacy pic.twitter.com/cW9TAChCN4

– Ed Chau (@AsmEdChau) June 28, 2018

Parts of the AB 375 reflect close the general protection of data from Europe The passage of the GDPR is due in part to the scrutiny by European regulators of companies such as Google and Facebook and to growing concerns about the purchase and sale identifiable personal information. 19659017] Some companies, including Microsoft, have promised to comply with the GDPR all over the world that they do business, which means that the European regulations already have an overall impact. However, other organizations seem to have reacted differently. In April, Facebook moved 1.5 billion user data out of Ireland

The adoption of the new California law was boosted by Californian actions for Consumer Privacy, a group largely funded by Alastair Mactaggart, a real estate developer, who According to the NPR, Mactaggart has embraced privacy issues after talking to a Google engineer, who said that consumers do not understand the extent of data collected by companies online. Californians for the privacy of consumers

Californians for Consumer Privacy, who promised to pull his initiative to vote if the legislature passed a new law, welcomed the passage of AB 375. "We took the companies the most rich and powerful that the world has ever known and we woke up today with a law, AB 375, which gives Californians the most extensive, extensive and powerful privacy rights in the world. country". "This result is a win for both industry and consumers: the initiative was well-intentioned but deeply wrong in many ways, and it would have hurt both consumers and the industry" , say Alan L. Friel, a BakerHostetler lawyer. Niloufar Massachi in a blog

Squeezing Tech Giants

The data collected by online businesses is extremely valuable for targeted advertising, third-party marketing efforts and efforts to predict consumer behavior, such as political messaging . Activists have warned for years that trading in these data carries risks if they are sold, lost, stolen or abused. But the problem took a new momentum following the Facebook data scandal, which revealed that profile data on millions of users had been transferred to Cambridge Analytica, a missing data profiling company that allegedly helped the president. Donald Trump in his election campaign ( Facebook: 87 million accounts may have been sent to Cambridge Analytica ).

Although the technology industry has stood the test of regulation, Californians for consumer protection have put it under pressure. The group collected more than 629,000 signatures to set up an initiative called California Consumer Privacy Act in November

California has a process by which voters can directly approve legislation, and Mactaggart has spent $ 3.5 million his own money to get the initiative

Due: 2020

Despite the passage of the AB 375, however, this is not done yet. The law will only come into force on January 1, 2020, and until that date it can be amended

. Some signs indicate that the technology industry is not going to wait. The Internet Association, consisting of Amazon, Facebook, Google, Uber and many other billionaire technology companies, has qualified AB 375 as a "last minute" agreement that needs to be corrected.

"It is essential that policymakers work to correct the inevitable and negative consequences of policy and compliance that this last-minute deal will create for California consumers and businesses."
-Internet Association

] "The regulatory data policy is complex and affects all sectors of the economy.The Internet industry," says the Internet Association. "This makes it even more worrying the lack of public discussion and process around this far-reaching bill. "

" The circumstances of this bill are unique to California, "he says, inevitable and negative consequences and the compliance this last-minute deal will create for California consumers and businesses. "

The Power of Privacy

In Many Ways AB 375 will be enforced by the Attorney General's Office, reshaping the balance of power between services and their users in California.

Companies are required to inform consumers of the types of data they collect before data is collected, as well as their business purpose.

In the current state of the law, consumers can opt out of the sale of their personal information. If a consumer chooses this option, companies can not charge these people differently or offer a quality of service. There is one exception, however, "if the difference is reasonably related to the value provided by the consumer data", the text of the law states.

If people consent to the collection of their personal data, they may still request the categories of information under which such data will be classified, as well as "the identity of third parties to whom the information has been sold or disclosed" , says the law.

The law also deals with data relating to children. Specifically, the AB 375 prohibits the sale of personal data for individuals aged 13 to 16 unless they specifically adhere to it. For children under 13, a parent or guardian must give consent, which the law calls the "right to opt".

As in Europe under GDPR, California consumers have the right to request a copy of any data that an American organization could store on them, as well as the right to request that it be deleted [19659008UndercertaincircumstancesconsumershavetherighttobringcivilactionsagainstaserviceintheeventofdatabreachorexposureThisincludesifthedatawasstolenbyunauthorizedaccessorexposedwithoutbeingencryptedorwritten

Damage ranges from $ 100 to $ 750 per consumer per incident or "actual damage, whichever is greater". 19659009] Editor-in-Chief Mathew Schwartz also contributed to this article.