Although only California residents can make
requests, the law is expected to have broader
impact on how companies manage and sell
people’s information online. That’s because
companies outside the state must comply if
they meet relatively low thresholds.
“Data is today’s gold,” Becerra said at a press
conference in San Francisco. “Everyone is
rushing to mine data.”
The law was born out of a desire for people
to have more control over their personal
information online. It’s a topic that has been
top of mind in recent years as high profile leaks,
smarter home artificial intelligence systems
and targeted advertisements show just how
much companies know about their customers.
Privacy experts and researchers expect
California’s law to pave the way for laws from
other states and possibly Congress.
California’s privacy law has been a hot-button
issue for lobbyists all year, often pitting tech
industry interest groups against privacy
rights advocates. But neither side made major
traction during the year, and the bill that was
finalized last month remains largely unchanged
from the original version.
The attorney general’s proposed rules say
companies must provide at least two ways —
in most cases, a toll-free number and an
online form — for people to request what
specific information companies hold on
them. To request deletion, people must first
indicate they want their information to be
erased, and then confirm the decision in a
two-step process.