Californian government Jerry Brown signed the Consumer Protection Act on Thursday, giving state residents much more control over how their data is collected, used and processed
The law will not come into force until January 2020 Without question, massive implications for every brand, agency and tech company have here and abroad.
Here is the TL; DR
The new law will also bring trademarks to account for data breaches so that consumers can sue them for up to $ 750 for each violation
The California Attorney General may sue for any deliberate violation of privacy for $ 7,500.
Translation: Companies such as Target, Adidas, FitBit, Home Depot, Chili's, Equifax, Facebook, among the many, many other companies that have suffered data breaches, will now be much more accountable when it fails to protect consumer data.
"Consumers' personal information is clearly in jeopardy and consumers are sick of life-long impact," said Chris Olson, CEO of The Media Trust Company, which provides publishers and brands with tools for digital governance , "So far, a total of 48 states have enacted data protection laws that require the reporting of personal data breaches, and in line with global initiatives, notably the EU's General Data Protection Regulation, the trend towards greater control of personal data will continue."
What about all? these tech companies?
Companies such as Google, Facebook, Amazon, Microsoft, as well as trade organizations such as the Data Marketing Association and the Interactive Advertising Bureau threw large amounts of money to stop the bill by the law "The Committee for the Protection of California Jobs"
Expect to vigorously fight for concessions that would weaken the bill by 2020, says Jason Kint, CEO of Digital Content Next.
"The duopoly will fight like crazy to change this thing into their interests," says Kint. "Facebook will take a back seat to Google because Facebook is so toxic to any privacy discussion right now, and as we see it in DSGVO, the antitrust regulator will also look at duopoly issues, otherwise Google will determine the rules and win the game."
"Buckle up," Kint adds.
The biggest question is whether technology companies are tailoring their data practices only for California residents or extending these new practices across the country. Other states can take similar action, and monitoring more than one regulatory system is cumbersome in any case.
"The risk here is rather that there is no single federal law, or a self-regulatory system that meets the expectations of consumers, the advertising industry will end up with a patchwork state laws in addition to the GDPR," says Kint. "That will be a cost factor for everyone."
Michael Connolly, CEO of ad-tech firm Sonobi, says that multiple versions of data protection legislation at the state level would create significant challenges for both tech companies wanting to comply and legislators enforcing the law.
Even if California becomes the only state offering privacy, hurdles will persist.
"We can restrict a user to a zip code to understand that a person in California should not be a challenge," says Connolly. "I do not want to know exactly how pragmatic it would be to enforce these laws if tech companies did not know if a person resides in California or simply through."
Marc Benioff, CEO of Salesforce, wrote It was "time for a national data protection law".
CORRECTION: An earlier version of this article said Salesforce CEO Marc Benioff had called California's new privacy legislation inadequate. He did not say that the law should be stronger, only that it supports a national standard.