California lawmakers passed one of the toughest data privacy bills in the United States today, as they faced pressure from an even stronger ballot measure in the state.
The California Data Privacy Protection Act is set to dramatically change how businesses handle data in the most populous state. Companies that store personal information — from major players like Google and Facebook, down to small businesses — will be required to disclose the types of data they collect, as well as allow consumers to opt out of having their data sold. The bill, which passed both chambers unanimously, now heads to Gov. Jerry Brown’s desk. He has not openly committed to signing it into law.
The legislation, which is similar to Europe’s new GDPR protections, is the result of a last-minute attempt to head off a ballot measure that would have brought a slightly different set of privacy rules to the state. The just-passed bill does not fully reproduce the ballot measure — it would, among other differences, require the disclosure of only the “category” of a third-party that receives personal information, instead of the identity of the third-party itself. But the legislation was close enough that the campaign for the ballot measure agreed to pull its proposal if the bill was signed into law by the deadline to withdraw today.
Perhaps most importantly, passing the privacy rules as legislation allows lawmakers to more easily change them, while a ballot measure would be more difficult to amend. The law is set to come into effect at the start of 2020, giving the tech industry an opportunity to address their grievances.
Companies like Amazon and AT&T lined up to block the ballot measure, pouring millions of dollars into an opposition organization. Alaistair MacTaggart, a real estate mogul largely self-funding the ballot initiative, told The Verge earlier this month that the initiative was polling well. It only recently qualified for a spot on the November ballot.
Developing…This post was originally published here