California Lawmakers Advance Last-Minute Data Privacy Bill

An anonymous reader quotes a report from ABC News: California state senators advanced a last-minute internet privacy bill Tuesday ahead of a deadline while acknowledging it would need changes if it becomes law. The bill would let consumers ask companies what personal data they collect and opt out of having their data sold, among other privacy provisions. Lawmakers voted to pass the measure, AB375, out of the Senate Judiciary Committee.

The bill is aimed at keeping a related initiative off the November ballot. Lawmakers negotiated it with San Francisco housing developer Alastair Mactaggart, who spent millions of dollars to place the initiative on the ballot. He said he would pull the measure from the ballot if the bill is signed into law by the Thursday deadline to withdraw initiatives. The bill now moves to the Senate Appropriations Committee, a spokeswoman for co-author Sen. Bob Hertzberg, D-Van Nuys, said. The full Assembly and Senate each plan to vote on the bill Thursday. Gov. Jerry Brown's office has not said whether he will sign it.

I love this part

[JustNiz]

> The bill would let consumers ask companies what personal data they collect and opt out of having their data sold, among other privacy provisions.

This badly needs to happen. ...I cant imagine companies like Facebook actually playing along with it for a single moment though, even if they claim they are.

Re:I love this part

[drew_kime]

if you dont like facebook using your data, then dont use it.

If I don't use Facebook, they still collect my data from friends who do use it, and from sites I visit.

I'd rather have the initiative

[Snotnose]

Otherwise who knows what kind of skullduggery the Sacto slimeballs will bury into their version.

Re:I'd rather have the initiative

[dszd0g]

I agree with you. I think the fine is a little heavy handed in the initiative; my perfect version would have the fines from the legislative version. Personally, I don't think either version goes far enough as I would much rather an opt-in system like GDPR than an opt-out system. Ideally a statement in the bill that said a company that is GDPR compliant is complaint with this bill would be nice (making it easier for companies to have fewer compliance requirements).

The legislative version has a few major loopholes:
* If a company ties your information to a device ID instead of to your name, they avoid the regulation and don't have to tell you about the information they have on you.
* The initiative includes both selling and sharing while the legislative one is selling only so companies that enter agreements to share information with each other have a loophole.
* The initiative prevents companies from charging more to those who opt out while the legislative version has a loophole that allows it.
* The initiative requires them to tell you which company they sold your information to while the legislative version just requires that they tell you the category (like insurance company). This is not sufficiently informative in my opinion.