California proposed regulations Thursday that would give consumers more control over how businesses collect and manage their personal information, including requiring a “Do Not Sell My Info” link on companies’ websites or apps.
California Attorney General Xavier Becerra detailed the draft regulations for the state’s new privacy law, due to take effect Jan. 1, which he said will allow people to “pull the curtains back” on information companies have collected on them.
The law allows people to request that their data be deleted and opt out of having data sold to third parties. Becerra’s draft regulations proposed specific requirements for compliance with the law, such as the “Do Not Sell” link.
Businesses must also treat choices expressed in user-enabled privacy settings as a valid opt-out request under the law and provide a “reasonable method” for verifying identity when people request to delete their data, according to the proposals.
Loyalty program incentives should be “reasonably related” to the value of a consumer’s data to the business, calculated according to eight methods outlined in the regulations, or risk falling foul of non-discrimination provisions.
Companies that handle the personal information of more than 4 million consumers will be subject to additional requirements.
According to an estimate provided by the attorney general’s office, the regulations will protect over $12 billion worth of personal information used for advertising each year. Compliance with the regulations will cost businesses between $467 million and $16.5 billion between 2020 and 2030.
Tech industry groups said they were still reviewing the proposed rules, but highlighted that the same study estimated the total cost of initial compliance with the law at around $55 billion.
The Interactive Advertising Bureau, which represents online advertisers, said in a statement it had “initial concerns” and called for regulations to avoid “unnecessary costs to innovation, content development and general services.”
The regulations will be open to public comment until Dec. 6 and must be finalized by July 1, 2020.
(Reporting by Paul; writing by David Shepardson; Editing by Cynthia Osterman and David Gregorio)
- Group Behind California’s Data Privacy Law Wants Another One on the Ballot
- Cyber Alert: New Era in Privacy Liability to Begin. California’s Data Privacy Law Could Be Game-Changer
- Anxiety, Policy Limits Rising Ahead of California’s Sweeping Data Privacy Law
Was this article valuable?
Here are more articles you may enjoy.